Category Archives: Cyber Security

Cyber Technology

Joomla! Releases Security Update

Original release date: July 25, 2017

Joomla! has released version 3.7.4 of its Content Management System (CMS) software to address several vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

US-CERT encourages users and administrators to review the Joomla! Security Release and US-CERT’s Alert on Content Management Systems Security and Associated Risks and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

SB17-205: Vulnerability Summary for the Week of July 17, 2017

Original release date: July 24, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — openmeetings Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. 2017-07-17 7.5 CVE-2017-7664
MLIST
BID
apple — itunes An issue was discovered in certain Apple products. iTunes before 12.6.2 on Windows is affected. The issue involves the “iTunes” component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. 2017-07-20 9.3 CVE-2017-7053
BID
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 7.9 CVE-2017-7050
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 7.9 CVE-2017-7051
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Bluetooth” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 7.9 CVE-2017-7054
BID
SECTRACK
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 9.3 CVE-2017-7040
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 9.3 CVE-2017-7041
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 9.3 CVE-2017-7042
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 9.3 CVE-2017-7043
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 7.5 CVE-2017-7049
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 7.5 CVE-2017-7052
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 7.5 CVE-2017-7055
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 7.5 CVE-2017-7056
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 7.5 CVE-2017-7061
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
chitora — lhaz Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2246
CONFIRM
JVN
chitora — lhaz Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2247
CONFIRM
JVN
chitora — lhaz+ Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2248
CONFIRM
JVN
chitora — lhaz+ Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2249
CONFIRM
JVN
cisco — ios The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve57697. 2017-07-17 9.0 CVE-2017-6736
BID
SECTRACK
CONFIRM
cisco — ios The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60402. 2017-07-17 9.0 CVE-2017-6737
BID
SECTRACK
CONFIRM
cisco — ios The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve89865, CSCsy56638. 2017-07-17 9.0 CVE-2017-6738
BID
SECTRACK
CONFIRM
cisco — ios The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66540. 2017-07-17 9.0 CVE-2017-6739
BID
SECTRACK
CONFIRM
cisco — ios The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601. 2017-07-17 9.0 CVE-2017-6740
BID
SECTRACK
CONFIRM
cisco — ios The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60376, CSCve78027. 2017-07-17 9.0 CVE-2017-6743
BID
SECTRACK
CONFIRM
cisco — ios The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve78027, CSCve60276. 2017-07-17 9.0 CVE-2017-6744
BID
SECTRACK
CONFIRM
cisco — ios_xe The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66658. 2017-07-17 9.0 CVE-2017-6741
BID
SECTRACK
CONFIRM
cisco — ios_xe The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve54313. 2017-07-17 9.0 CVE-2017-6742
BID
SECTRACK
CONFIRM
creolabs — gravity Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations 2017-07-17 7.5 CVE-2017-1000072
CONFIRM
creolabs — gravity Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. 2017-07-17 7.5 CVE-2017-1000073
CONFIRM
creolabs — gravity Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. 2017-07-17 7.5 CVE-2017-1000074
CONFIRM
creolabs — gravity Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function 2017-07-17 7.5 CVE-2017-1000075
CONFIRM
eyesofnetwork — eyesofnetwork EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root 2017-07-17 10.0 CVE-2017-1000060
MISC
fiyo — fiyo_cms Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. 2017-07-17 7.5 CVE-2017-11354
MISC
fiyo — fiyo_cms Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET[‘id’]. 2017-07-18 7.5 CVE-2017-11412
MISC
fiyo — fiyo_cms Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET[‘id’]. 2017-07-18 7.5 CVE-2017-11413
MISC
fiyo — fiyo_cms Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST[‘comment’], $_POST[‘name’], $_POST[‘web’], $_POST[’email’], $_POST[‘status’], $_POST[‘id’], and $_REQUEST[‘id’]. 2017-07-18 7.5 CVE-2017-11414
MISC
fiyo — fiyo_cms Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST[‘parent_id’], $_POST[‘desc’], $_POST[‘keys’], and $_POST[‘level’]. 2017-07-18 7.5 CVE-2017-11415
MISC
fiyo — fiyo_cms Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. 2017-07-18 7.5 CVE-2017-11416
MISC
fiyo — fiyo_cms Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET[‘id’]. 2017-07-18 7.5 CVE-2017-11417
MISC
fiyo — fiyo_cms Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET[‘cat’], $_GET[‘user’], $_GET[‘level’], and $_GET[‘iSortCol_’.$i]. 2017-07-18 7.5 CVE-2017-11418
MISC
fiyo — fiyo_cms Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST[‘id’] and $_POST[‘art_title’]. 2017-07-18 7.5 CVE-2017-11419
MISC
framasoft — framadate Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution 2017-07-17 7.5 CVE-2017-1000039
CONFIRM
freeradius — freeradius An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows “Write overflow in rad_coalesce()” – this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. 2017-07-17 7.5 CVE-2017-10979
CONFIRM
BID
SECTRACK
freeradius — freeradius An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows “Write overflow in data2vp_wimax()” – this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. 2017-07-17 7.5 CVE-2017-10984
CONFIRM
freeradius — freeradius An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows “Infinite loop and memory exhaustion with ‘concat’ attributes” and a denial of service. 2017-07-17 7.8 CVE-2017-10985
CONFIRM
fujielectric — v-server An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution. 2017-07-17 7.5 CVE-2017-9639
BID
MISC
glpi-project — glpi GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. 2017-07-20 7.5 CVE-2017-11474
CONFIRM
glpi-project — glpi GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. 2017-07-20 7.5 CVE-2017-11475
CONFIRM
gnome — gtk-vnc gtk-vnc 0.4.2 and older doesn’t check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering 2017-07-17 7.5 CVE-2017-1000044
CONFIRM
google — android Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X. 2017-07-17 7.2 CVE-2016-10398
MISC
hibara — attachecase Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.2.8.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2271
JVN
hibara — attachecase Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.3.2.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2272
JVN
imagemagick — imagemagick The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. 2017-07-19 7.1 CVE-2017-11446
CONFIRM
intelliants — subrion_cms Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. 2017-07-19 7.5 CVE-2017-11444
CONFIRM
intelliants — subrion_cms Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. 2017-07-19 7.5 CVE-2017-11445
CONFIRM
logicaldoc — logicaldoc LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. 2017-07-17 7.5 CVE-2017-1000021
MISC
logicaldoc — logicaldoc LogicalDoc CommunityEdition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation 2017-07-17 7.5 CVE-2017-1000022
MISC
microsoft — edge A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka “Scripting Engine Memory Corruption Vulnerability.” 2017-07-17 9.3 CVE-2017-0152
CONFIRM
onosproject — onos Linux foundation ONOS 1.9.0 is vulnerable to a DoS 2017-07-17 7.8 CVE-2017-1000079
MISC
onosproject — onos Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets 2017-07-17 7.5 CVE-2017-1000080
MISC
onosproject — onos Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution 2017-07-17 7.5 CVE-2017-1000081
MISC
php — php In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function. 2017-07-17 7.5 CVE-2017-11362
MISC
rbenv — rbenv rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution 2017-07-17 7.5 CVE-2017-1000047
MISC
resume-next — filecapsule_deluxe_portable Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2265
CONFIRM
JVN
resume-next — filecapsule_deluxe_portable Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2266
CONFIRM
JVN
resume-next — filecapsule_deluxe_portable Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2267
CONFIRM
JVN
resume-next — filecapsule_deluxe_portable Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2268
CONFIRM
JVN
resume-next — filecapsule_deluxe_portable Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2269
CONFIRM
JVN
resume-next — filecapsule_deluxe_portable Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2270
CONFIRM
JVN
sourcenext — file_compact Untrusted search path vulnerability in Self-extracting archive files created by File Compact Ver.5 version 5.09 and earlier, Ver.6 version 6.01 and earlier, Ver.7 version 7.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2252
JVN
wireshark — wireshark In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. 2017-07-18 7.8 CVE-2017-11406
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. 2017-07-18 7.8 CVE-2017-11409
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. 2017-07-18 7.8 CVE-2017-11410
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. 2017-07-18 7.8 CVE-2017-11411
CONFIRM
CONFIRM
CONFIRM
yahoo — toolbar Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-17 9.3 CVE-2017-2253
JVN

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — connect Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack. 2017-07-17 5.0 CVE-2017-3101
BID
SECTRACK
MISC
adobe — connect Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack. 2017-07-17 4.3 CVE-2017-3102
BID
SECTRACK
MISC
adobe — connect Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack. 2017-07-17 4.3 CVE-2017-3103
BID
SECTRACK
MISC
alpinelinux — alpine_linux A heap overflow in apk (Alpine Linux’s package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file. 2017-07-17 6.8 CVE-2017-9669
MLIST
BID
MISC
alpinelinux — alpine_linux A heap overflow in apk (Alpine Linux’s package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block. 2017-07-17 6.8 CVE-2017-9671
MLIST
BID
MISC
apache — openmeetings Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. 2017-07-17 4.3 CVE-2017-7663
MLIST
BID
apache — openmeetings Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. 2017-07-17 6.8 CVE-2017-7666
MLIST
apache — openmeetings Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. 2017-07-17 5.0 CVE-2017-7673
MLIST
BID
apache — openmeetings Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains. 2017-07-17 5.0 CVE-2017-7680
MLIST
apache — openmeetings Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. 2017-07-17 6.5 CVE-2017-7681
MLIST
apache — openmeetings Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas. 2017-07-17 6.4 CVE-2017-7682
MLIST
apache — openmeetings Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. 2017-07-17 5.0 CVE-2017-7683
MLIST
apache — openmeetings Apache OpenMeetings 1.0.0 doesn’t check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server. 2017-07-17 5.0 CVE-2017-7684
MLIST
BID
apache — openmeetings Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH. 2017-07-17 5.0 CVE-2017-7685
MLIST
BID
apache — openmeetings Apache OpenMeetings 1.0.0 updates user password in insecure manner. 2017-07-17 5.0 CVE-2017-7688
MLIST
BID
apache — sling In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. 2017-07-19 4.3 CVE-2016-5394
BID
MISC
apple — apple_tv An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-07-20 4.3 CVE-2017-7028
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-07-20 4.3 CVE-2017-7029
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “libxpc” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 6.8 CVE-2017-7047
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the “Safari Printing” component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site. 2017-07-20 4.3 CVE-2017-7060
BID
SECTRACK
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 6.8 CVE-2017-7039
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 6.8 CVE-2017-7046
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 6.8 CVE-2017-7048
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. 2017-07-20 4.3 CVE-2017-7059
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
audacity — audacity Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution 2017-07-17 6.8 CVE-2017-1000010
MISC
cacti — cacti SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. 2017-07-17 6.5 CVE-2017-1000031
MISC
cacti — cacti Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. 2017-07-17 4.3 CVE-2017-1000032
MISC
cagintranetworks — getsimple_cms A reflected cross-site scripting vulnerability in GetSimple CMS version 3.3.13 and earlier, allow remote attackers to inject arbitrary JavaScript in the URL-field for the administrative login page (/admin/index.php). 2017-07-17 4.3 CVE-2017-1000057
CONFIRM
cairographics — cairo cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. 2017-07-17 5.0 CVE-2017-9814
MISC
candy_project — candy All versions of Candy Chat are vulnerable to an XSS attack by message senders, permitting remote code execution within the page 2017-07-17 4.3 CVE-2017-1000036
MISC
chef_project — mixlib-archive Chef Software’s mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using “..” in tar archive entries 2017-07-17 5.0 CVE-2017-1000026
CONFIRM
chevereto — chevereto Stored XSS in chevereto CMS before version 3.8.11 2017-07-17 4.3 CVE-2017-1000058
CONFIRM
cmsmadesimple — cms_made_simple In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. 2017-07-17 4.0 CVE-2017-11404
MISC
cmsmadesimple — cms_made_simple In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. 2017-07-17 4.0 CVE-2017-11405
MISC
exiv2 — exiv2 There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. 2017-07-17 4.3 CVE-2017-11336
MISC
exiv2 — exiv2 There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. 2017-07-17 4.3 CVE-2017-11337
MISC
exiv2 — exiv2 There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. 2017-07-17 4.3 CVE-2017-11338
MISC
exiv2 — exiv2 There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. 2017-07-17 4.3 CVE-2017-11339
MISC
exiv2 — exiv2 There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. 2017-07-17 4.3 CVE-2017-11340
MISC
freeradius — freeradius An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows “Read / write overflow in make_secret()” and a denial of service. 2017-07-17 5.0 CVE-2017-10978
CONFIRM
BID
SECTRACK
freeradius — freeradius An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows “DHCP – Memory leak in decode_tlv()” and a denial of service. 2017-07-17 5.0 CVE-2017-10980
CONFIRM
BID
SECTRACK
freeradius — freeradius An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows “DHCP – Memory leak in fr_dhcp_decode()” and a denial of service. 2017-07-17 5.0 CVE-2017-10981
CONFIRM
BID
SECTRACK
freeradius — freeradius An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows “DHCP – Buffer over-read in fr_dhcp_decode_options()” and a denial of service. 2017-07-17 5.0 CVE-2017-10982
CONFIRM
BID
SECTRACK
freeradius — freeradius An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows “DHCP – Read overflow when decoding option 63” and a denial of service. 2017-07-17 5.0 CVE-2017-10983
CONFIRM
BID
SECTRACK
freeradius — freeradius An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows “DHCP – Infinite read in dhcp_attr2vp()” and a denial of service. 2017-07-17 5.0 CVE-2017-10986
CONFIRM
freeradius — freeradius An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows “DHCP – Buffer over-read in fr_dhcp_decode_suboptions()” and a denial of service. 2017-07-17 5.0 CVE-2017-10987
CONFIRM
graphicsmagick — graphicsmagick The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. 2017-07-17 6.8 CVE-2017-11403
MISC
MISC
ibm — tivoli_monitoring IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493. 2017-07-17 5.4 CVE-2017-1182
CONFIRM
SECTRACK
MISC
ibm — tivoli_monitoring IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. 2017-07-17 5.4 CVE-2017-1183
CONFIRM
BID
SECTRACK
MISC
imagemagick — imagemagick In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144. 2017-07-17 4.3 CVE-2017-11352
BID
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. 2017-07-17 4.3 CVE-2017-11360
CONFIRM
imagemagick — imagemagick The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. 2017-07-19 4.3 CVE-2017-11447
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. 2017-07-19 4.3 CVE-2017-11448
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. 2017-07-19 6.8 CVE-2017-11449
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. 2017-07-19 6.8 CVE-2017-11450
CONFIRM
CONFIRM
CONFIRM
CONFIRM
jasper_project — jasper JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. 2017-07-17 5.0 CVE-2017-1000050
MLIST
BID
joomla — joomla! Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. 2017-07-17 5.0 CVE-2017-9933
BID
SECTRACK
CONFIRM
joomla — joomla! Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. 2017-07-17 4.3 CVE-2017-9934
BID
SECTRACK
CONFIRM
keepass — keepass The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. 2017-07-17 5.0 CVE-2017-1000066
CONFIRM
kitto_project — kitto kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution 2017-07-17 5.0 CVE-2017-1000062
MISC
kitto_project — kitto kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure 2017-07-17 4.3 CVE-2017-1000063
MISC
kitto_project — kitto kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS 2017-07-17 5.0 CVE-2017-1000064
MISC
koozali — sme_server Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access. 2017-07-17 5.8 CVE-2017-1000027
MISC
MISC
libsass — libsass There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. 2017-07-17 5.0 CVE-2017-11341
MISC
libsass — libsass There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. 2017-07-17 5.0 CVE-2017-11342
MISC
libtiff — libtiff There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. 2017-07-17 6.8 CVE-2017-11335
MISC
livehelperchat — live_helper_chat Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. 2017-07-17 4.3 CVE-2017-1000059
MISC
logicaldoc — logicaldoc LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document 2017-07-17 4.3 CVE-2017-1000023
MISC
mapbox_project — mapbox Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. 2017-07-17 4.3 CVE-2017-1000042
MISC
CONFIRM
mapbox_project — mapbox Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control 2017-07-17 4.3 CVE-2017-1000043
MISC
CONFIRM
mautic — mautic Mautic 2.6.1 and earlier fails to set flags on session cookies 2017-07-17 5.0 CVE-2017-1000046
MISC
microsoft — edge An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “Microsoft Browser Information Disclosure Vulnerability.” 2017-07-17 4.3 CVE-2017-0196
CONFIRM
modx — revolution MODX Revolution version 2.x – 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. 2017-07-17 6.5 CVE-2017-1000067
CONFIRM
moodle — moodle Moodle 3.x has user fullname disclosure on the user preferences page. 2017-07-17 4.0 CVE-2017-2642
BID
CONFIRM
moodle — moodle In Moodle 3.3, the course overview block reveals activities in hidden courses. 2017-07-17 4.0 CVE-2017-7531
BID
CONFIRM
moodle — moodle In Moodle 3.x, course creators are able to change system default settings for courses. 2017-07-17 4.0 CVE-2017-7532
BID
CONFIRM
mysqldumper — mysql_dumper MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user 2017-07-17 4.3 CVE-2017-1000012
MISC
mywebsql — mywebsql MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information 2017-07-17 4.3 CVE-2017-1000011
MISC
oauth2_proxy_project — oauth2_proxy CSRF in Bitly oauth2_proxy 2.1 during authentication flow 2017-07-17 6.8 CVE-2017-1000069
MISC
oauth2_proxy_project — oauth2_proxy The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819 2017-07-17 5.8 CVE-2017-1000070
CONFIRM
MISC
onosproject — onos Linux foundation ONOS 1.9 is vulnerable to XSS in the device registration 2017-07-17 4.3 CVE-2017-1000078
MISC
openmediavault — openmediavault Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client’s browser. 2017-07-17 4.3 CVE-2017-1000065
CONFIRM
oracle — glassfish_server Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. 2017-07-17 5.0 CVE-2017-1000028
MISC
oracle — glassfish_server Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. 2017-07-17 5.0 CVE-2017-1000029
MISC
oracle — glassfish_server Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface. 2017-07-17 5.0 CVE-2017-1000030
MISC
phpminiadmin_project — phpminiadmin PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). 2017-07-17 4.3 CVE-2017-1000005
MISC
phpmyadmin — phpmyadmin phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness 2017-07-17 5.8 CVE-2017-1000013
CONFIRM
phpmyadmin — phpmyadmin phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality 2017-07-17 5.0 CVE-2017-1000014
CONFIRM
phpmyadmin — phpmyadmin phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters 2017-07-17 4.3 CVE-2017-1000015
CONFIRM
phpmyadmin — phpmyadmin phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server 2017-07-17 6.5 CVE-2017-1000017
CONFIRM
phpmyadmin — phpmyadmin phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name 2017-07-17 5.0 CVE-2017-1000018
CONFIRM
relevanssi — relevanssi WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site 2017-07-17 4.3 CVE-2017-1000038
MISC
rocketchat — rocket.chat Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. 2017-07-17 4.3 CVE-2017-1000054
MISC
sitecore — cms In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. 2017-07-19 4.0 CVE-2017-11440
MISC
MISC
tt-rss — tiny_tiny_rss Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack 2017-07-17 4.3 CVE-2017-1000035
CONFIRM
vospari_forms_project — vospari_forms WordPress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. 2017-07-17 4.3 CVE-2017-1000033
MISC
MISC
wireshark — wireshark In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. 2017-07-18 5.0 CVE-2017-11407
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. 2017-07-18 5.0 CVE-2017-11408
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
xwiki — cryptpad Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content 2017-07-17 4.3 CVE-2017-1000051
CONFIRM
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
blackcat-cms — blackcat_cms Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. 2017-07-17 3.5 CVE-2017-9609
MISC
CONFIRM
MISC
bolt — bolt_cms Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a “Content-Type: image/svg+xml” header. 2017-07-17 3.5 CVE-2017-11127
MISC
bolt — bolt_cms Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. 2017-07-17 3.5 CVE-2017-11128
MISC
ibm — tivoli_monitoring IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. 2017-07-17 1.9 CVE-2017-1181
CONFIRM
BID
SECTRACK
MISC
juniper — screenos A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the ‘security’ role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. 2017-07-17 3.5 CVE-2017-2335
BID
SECTRACK
CONFIRM
juniper — screenos A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. 2017-07-17 3.5 CVE-2017-2336
BID
SECTRACK
CONFIRM
juniper — screenos A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the ‘security’ role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. 2017-07-17 3.5 CVE-2017-2337
BID
SECTRACK
CONFIRM
juniper — screenos A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the ‘security’ role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. 2017-07-17 3.5 CVE-2017-2338
BID
SECTRACK
CONFIRM
juniper — screenos A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the ‘security’ role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. 2017-07-17 3.5 CVE-2017-2339
BID
SECTRACK
CONFIRM
redhat — network_manager Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. 2017-07-17 2.1 CVE-2016-0764
REDHAT
CONFIRM
sitecore — cms In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. 2017-07-19 3.5 CVE-2017-11439
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info

Kubernetes — Kubernetes

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. 2017-07-17 not yet calculated CVE-2017-1000056
CONFIRM
adobe — flash_player
 
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution. 2017-07-17 not yet calculated CVE-2017-3099
BID
SECTRACK
MISC
GENTOO
adobe — flash_player
 
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure. 2017-07-17 not yet calculated CVE-2017-3100
BID
SECTRACK
MISC
GENTOO
adobe — flash_player
 
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure. 2017-07-17 not yet calculated CVE-2017-3080
BID
SECTRACK
MISC
GENTOO

akeneo — pim
 

Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution. 2017-07-17 not yet calculated CVE-2017-1000009
CONFIRM
CONFIRM
CONFIRM
akka — akka
 
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. 2017-07-17 not yet calculated CVE-2017-1000034
CONFIRM
amosconnect — amosconnect
 
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager. 2017-07-22 not yet calculated CVE-2017-3222
BID
CERT-VN
amosconnect — amosconnect
 
Blind SQL injection in the AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords. 2017-07-22 not yet calculated CVE-2017-3221
BID
CERT-VN
ansible — ansible
 
Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly. 2017-07-21 not yet calculated CVE-2017-7473
MISC
apache — apr-util_and_httpd
 
The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955. 2017-07-17 not yet calculated CVE-2016-6312
BID
CONFIRM
apache — roller
 
The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL). 2017-07-17 not yet calculated CVE-2015-0249
MISC
MLIST
CONFIRM
apache — sling
 
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application. 2017-07-19 not yet calculated CVE-2016-6798
BID
MISC
apache — wicket The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.7 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object. 2017-07-17 not yet calculated CVE-2016-6793
MLIST
BUGTRAQ
BID
SECTRACK
CONFIRM
MISC
apple — ios An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 not yet calculated CVE-2017-7034
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7022
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7026
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the “WebKit Web Inspector” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 not yet calculated CVE-2017-7012
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7069
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 not yet calculated CVE-2017-7018
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the “Notifications” component. It allows physically proximate attackers to read unintended notifications on the lock screen. 2017-07-20 not yet calculated CVE-2017-7058
BID
SECTRACK
CONFIRM
apple — ios
 
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. 2017-07-20 not yet calculated CVE-2017-7038
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the “WebKit” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-07-20 not yet calculated CVE-2017-7064
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “libarchive” component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file. 2017-07-20 not yet calculated CVE-2017-7068
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the “Messages” component. It allows remote attackers to cause a denial of service (memory consumption and application crash). 2017-07-20 not yet calculated CVE-2017-7063
BID
SECTRACK
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Contacts” component. A buffer overflow allows remote attackers to execute arbitrary code or cause a denial of service (application crash). 2017-07-20 not yet calculated CVE-2017-7062
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 not yet calculated CVE-2017-7020
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 not yet calculated CVE-2017-7037
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “libxml2” component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file. 2017-07-20 not yet calculated CVE-2017-7013
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7023
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7025
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 not yet calculated CVE-2017-7030
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7024
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements. 2017-07-20 not yet calculated CVE-2017-7011
BID
SECTRACK
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit Page Loading” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-07-20 not yet calculated CVE-2017-7019
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7027
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the “WebKit” component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters. 2017-07-20 not yet calculated CVE-2017-7006
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the “CoreAudio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. 2017-07-20 not yet calculated CVE-2017-7008
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the “libxml2” component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file. 2017-07-20 not yet calculated CVE-2017-7010
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the address bar via a crafted web site. 2017-07-20 not yet calculated CVE-2017-2517
BID
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the “EventKitUI” component. It allows remote attackers to cause a denial of service (resource consumption and application crash). 2017-07-20 not yet calculated CVE-2017-7007
BID
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the “IOUSBFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7009
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “afclip” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. 2017-07-20 not yet calculated CVE-2017-7033
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-07-20 not yet calculated CVE-2017-7067
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-07-20 not yet calculated CVE-2017-7036
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7035
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7017
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “kext tools” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7032
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Foundation” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. 2017-07-20 not yet calculated CVE-2017-7031
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Audio” component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted audio file. 2017-07-20 not yet calculated CVE-2017-7015
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “AppleGraphicsPowerManagement” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7021
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7044
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-07-20 not yet calculated CVE-2017-7014
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “afclip” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. 2017-07-20 not yet calculated CVE-2017-7016
BID
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the “Intel Graphics Driver” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-07-20 not yet calculated CVE-2017-7045
BID
SECTRACK
CONFIRM
apport — apport
 
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file. 2017-07-18 not yet calculated CVE-2017-10708
CONFIRM
CONFIRM

asuswrt-merlin — asuswrt-merlin

Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. 2017-07-17 not yet calculated CVE-2017-11344
MISC
asuswrt-merlin — asuswrt-merlin
 
Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. 2017-07-17 not yet calculated CVE-2017-11345
MISC
asuswrt-merlin — asuswrt-merlin
 
Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. 2017-07-18 not yet calculated CVE-2017-11420
MISC
atutor — atutor
 
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. 2017-07-22 not yet calculated CVE-2016-10400
MISC
MISC
atutor — atutor
 
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution. 2017-07-17 not yet calculated CVE-2017-1000004
CONFIRM
CONFIRM
BID
atutor — atutor
 
ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation. 2017-07-17 not yet calculated CVE-2017-1000003
CONFIRM
CONFIRM
BID
atutor — atutor
 
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. 2017-07-17 not yet calculated CVE-2017-1000002
CONFIRM
CONFIRM
BID
authd — authd
 
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. 2017-07-17 not yet calculated CVE-2016-4982
CONFIRM
barrauda — load_balancer
 
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. 2017-07-18 not yet calculated CVE-2017-6320
MISC
EXPLOIT-DB
biscom — secure_file_transfer
 
Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. 2017-07-18 not yet calculated CVE-2017-5247
MISC
biscom — secure_file_transfer
 
Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker’s display name. 2017-07-18 not yet calculated CVE-2017-5246
MISC
buffalo — wapm-1166d_and_wapm-apg600h
 
WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. 2017-07-21 not yet calculated CVE-2017-2126
CONFIRM
JVN
buffalo — wmr-433_and_wmr-433w
 
Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-21 not yet calculated CVE-2017-2274
CONFIRM
JVN
buffalo — wmr-433_and_wmr-433w
 
Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-21 not yet calculated CVE-2017-2273
CONFIRM
JVN
canonical — ubuntu
 
The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions. 2017-07-21 not yet calculated CVE-2015-1323
BID
UBUNTU
chicken_scheme — chicken_scheme
 
Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time. 2017-07-17 not yet calculated CVE-2017-11343
CONFIRM
chyrp_lite — chyrp_lite
 
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password. 2017-07-17 not yet calculated CVE-2017-1000008
CONFIRM
citrix — netscaler_sd-wan
 
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. 2017-07-20 not yet calculated CVE-2017-6316
EXPLOIT-DB
EXPLOIT-DB
cloud_foundry — cloud_controller_and_router
 
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges. 2017-07-17 not yet calculated CVE-2017-8034
CONFIRM
cobian_backup — cobian_backup
 
Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events. 2017-07-17 not yet calculated CVE-2017-11318
MISC
contao — contao
 
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. 2017-07-21 not yet calculated CVE-2017-10993
CONFIRM
cpanel — cpanel
 
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. 2017-07-19 not yet calculated CVE-2017-11441
CONFIRM
cygwin — cygwin
 
Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string. 2017-07-21 not yet calculated CVE-2017-7523
MISC
d-link — dir-600m
 
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. 2017-07-19 not yet calculated CVE-2017-10676
MISC
MISC
d-link — dir-615
 
D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. 2017-07-19 not yet calculated CVE-2017-11436
MISC
MISC
datataker_dt8x_dex — datataker_dt8x_dex
 
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. 2017-07-17 not yet calculated CVE-2017-11349
MISC
MISC
docker — docker_registry
 
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. 2017-07-20 not yet calculated CVE-2017-11468
CONFIRM
CONFIRM
dotcms — dotcms
 
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI. 2017-07-19 not yet calculated CVE-2017-11466
MISC
MISC
MISC
dotnetnuke — dotnetnuke
 
DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka “2017-08 (Critical) Possible remote code execution on DNN sites.” 2017-07-20 not yet calculated CVE-2017-9822
CONFIRM
ecos — ecos
 
SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. “eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.” 2017-07-17 not yet calculated CVE-2017-1000020
MISC
elixir_plug — elixir_plug
 
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session. 2017-07-17 not yet calculated CVE-2017-1000053
CONFIRM
elixir_plug — elixir_plug
 
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. 2017-07-17 not yet calculated CVE-2017-1000052
CONFIRM
elux — elux_rp The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel. 2017-07-19 not yet calculated CVE-2017-7977
CONFIRM
emc — multile_products
 
EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system. 2017-07-17 not yet calculated CVE-2017-8011
CONFIRM
BID
SECTRACK
emc — multile_products
 
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under. 2017-07-17 not yet calculated CVE-2017-8004
CONFIRM
BID
SECTRACK
emc — multile_products
 
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application. 2017-07-17 not yet calculated CVE-2017-8005
CONFIRM
BID
SECTRACK
emc — rsa_authentication_manager
 
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user’s PIN. The malicious user could potentially reset the compromised PIN to affect victim’s ability to obtain access to protected resources. 2017-07-17 not yet calculated CVE-2017-8006
CONFIRM
BID
SECTRACK
emc — rsa_authentication_manager
 
In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator’s browser session. 2017-07-17 not yet calculated CVE-2017-8000
CONFIRM
BID
SECTRACK
exiv2_0.26 — exiv2_0.26
 
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. 2017-07-22 not yet calculated CVE-2017-11553
MISC
fedmsg — fedmsg
 
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. 2017-07-17 not yet calculated CVE-2017-1000001
CONFIRM
ffmpeg — ffmpeg
 
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. 2017-07-17 not yet calculated CVE-2017-11399
CONFIRM
foreman — foreman
 
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. 2017-07-17 not yet calculated CVE-2016-4996
CONFIRM
foreman — foreman
 
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. 2017-07-17 not yet calculated CVE-2015-5152
CONFIRM
CONFIRM
foreman — foreman
 
rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation. 2017-07-21 not yet calculated CVE-2017-7540
MISC
fortinet — fortiwlm
 
A hard-coded account named ‘upgrade’ in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with ‘upgrade’ account privileges. 2017-07-22 not yet calculated CVE-2017-7336
BID
CONFIRM

geneko — gwr-routers

Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. 2017-07-19 not yet calculated CVE-2017-11456
MISC

genivia — gsoap

Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil’s Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers. 2017-07-19 not yet calculated CVE-2017-9765
MISC
MISC
BID
MISC
MISC
MISC
MISC
geutebrueck-gcore — geutebrueck_gcore
 
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request. 2017-07-21 not yet calculated CVE-2017-11517
EXPLOIT-DB
glpi — glpi
 
Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. 2017-07-19 not yet calculated CVE-2016-7507
CONFIRM
glpi — glpi
 
GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. 2017-07-17 not yet calculated CVE-2017-11329
CONFIRM
CONFIRM
glpi — glpi
 
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket. 2017-07-19 not yet calculated CVE-2016-7509
CONFIRM
gnome-exe-thumbnailer — gnome-exe-thumbnailer
 
gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the “Bad Taste” issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename. 2017-07-18 not yet calculated CVE-2017-11421
MISC
MISC
MISC
gnome_web — gnome_web
 
GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. 2017-07-17 not yet calculated CVE-2017-1000025
CONFIRM
MISC
gnome_ librsvg — gnome_ librsvg
 
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. 2017-07-19 not yet calculated CVE-2017-11464
CONFIRM
CONFIRM
CONFIRM
google — android
 
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. 2017-07-18 not yet calculated CVE-2017-9245
BID
MISC
green_packet — dx-350
 
In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the “PING” (aka tag_ipPing) feature within the web interface allows performing command injection, via the “pip” parameter. 2017-07-21 not yet calculated CVE-2017-9980
MISC
green_packet — dx-350
 
Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. 2017-07-21 not yet calculated CVE-2017-9932
MISC
green_packet — dx-350
 
Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi. 2017-07-21 not yet calculated CVE-2017-9931
MISC
green_packet — dx-350
 
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. 2017-07-21 not yet calculated CVE-2017-9930
MISC
hammock — assetview_for_macos
 
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via “File Transfer Web Service”. 2017-07-17 not yet calculated CVE-2017-2241
MISC
CONFIRM
hammock — assetview_for_macos
 
Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via “File Transfer Web Service”. 2017-07-17 not yet calculated CVE-2017-2240
MISC
CONFIRM
humax — wi-fi_router
 
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url ‘/api’. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords. 2017-07-19 not yet calculated CVE-2017-11435
MISC

ibm — infosphere_master_data_management_server

IBM InfoSphere Master Data Management Server 11.0 – 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. 2017-07-19 not yet calculated CVE-2017-1309
CONFIRM
BID
MISC

ibm — mq_appliance

IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. 2017-07-18 not yet calculated CVE-2017-1318
CONFIRM
BID
MISC
ibm — security_guardium
 
IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. 2017-07-21 not yet calculated CVE-2017-1267
CONFIRM
BID
MISC

ibm — tivoli_endpoint_manager

IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678. 2017-07-19 not yet calculated CVE-2017-1203
CONFIRM
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858. 2017-07-19 not yet calculated CVE-2017-1218
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902. 2017-07-19 not yet calculated CVE-2017-1223
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. 2017-07-19 not yet calculated CVE-2017-1219
CONFIRM
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. 2017-07-19 not yet calculated CVE-2017-1224
CONFIRM
BID
MISC
ibm — tririga_application_platform
 
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864. 2017-07-21 not yet calculated CVE-2017-1371
CONFIRM
MISC
ibm — tririga_application_platform
 
IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865. 2017-07-21 not yet calculated CVE-2017-1372
CONFIRM
MISC
ibm — tririga_application_platform
 
Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. 2017-07-21 not yet calculated CVE-2017-1374
CONFIRM
MISC
ibm — tririga_application_platform
 
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866. 2017-07-21 not yet calculated CVE-2017-1373
CONFIRM
BID
MISC
ibm — websphere_application_server_proxy_server_or_on-demand-router
 
IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152. 2017-07-21 not yet calculated CVE-2017-1381
CONFIRM
MISC
ibm — emptoris_contract_management
 
IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738. 2017-07-19 not yet calculated CVE-2016-6018
CONFIRM
BID
MISC
idera_uptime_monitor — idera_uptime_monitor
 
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter. 2017-07-20 not yet calculated CVE-2017-11471
MISC
idera_uptime_monitor — idera_uptime_monitor
 
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. 2017-07-20 not yet calculated CVE-2017-11469
MISC
idera_uptime_monitor — idera_uptime_monitor
 
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. 2017-07-20 not yet calculated CVE-2017-11470
MISC
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. 2017-07-22 not yet calculated CVE-2017-11533
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. 2017-07-22 not yet calculated CVE-2017-11539
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. 2017-07-22 not yet calculated CVE-2017-11532
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. 2017-07-22 not yet calculated CVE-2017-11540
CONFIRM
imagemagick — imagemagick
 
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file. 2017-07-21 not yet calculated CVE-2017-11505
CONFIRM
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. 2017-07-22 not yet calculated CVE-2017-11534
CONFIRM
imagemagick — imagemagick
 
The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file. 2017-07-22 not yet calculated CVE-2017-11524
CONFIRM
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. 2017-07-22 not yet calculated CVE-2017-11536
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. 2017-07-22 not yet calculated CVE-2017-11535
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. 2017-07-22 not yet calculated CVE-2017-11537
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. 2017-07-22 not yet calculated CVE-2017-11538
CONFIRM
imagemagick — imagemagick
 
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-07-22 not yet calculated CVE-2017-11525
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. 2017-07-22 not yet calculated CVE-2017-11529
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. 2017-07-22 not yet calculated CVE-2017-11528
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. 2017-07-22 not yet calculated CVE-2017-11526
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. 2017-07-22 not yet calculated CVE-2017-11523
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-07-22 not yet calculated CVE-2017-11530
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. 2017-07-22 not yet calculated CVE-2017-11522
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. 2017-07-22 not yet calculated CVE-2017-11531
CONFIRM
imagemagick — imagemagick
 
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. 2017-07-20 not yet calculated CVE-2017-11478
CONFIRM
CONFIRM
imagemagick — imagemagick
 
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-07-22 not yet calculated CVE-2017-11527
CONFIRM
CONFIRM
inteno — inteno
 
Inteno routers have a JUCI ACL misconfiguration that allows the “user” account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the “user” password might be “user” or might match the Wi-Fi key.) 2017-07-17 not yet calculated CVE-2017-11361
MISC
jasig_phpcas — jasig_phpcas
 
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. 2017-07-17 not yet calculated CVE-2017-1000071
BID
CONFIRM
CONFIRM
jenkins — jenkins
 
The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. 2017-07-17 not yet calculated CVE-2017-1000362
CONFIRM
juniper_networks — junos_os
 
Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50. 2017-07-17 not yet calculated CVE-2017-2314
SECTRACK
CONFIRM
juniper_networks — junos_os
 
An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D40 on QFX5110, QFX5200, QFX10002, QFX10008, QFX10016, EX4600 and NFX250; 15.1 prior to 15.1R5 on EX4600; 15.1X49 prior to 15.1X49-D70 on vSRX, SRX1500, SRX4100, SRX4200; 16.1 prior to 16.1R2 on EX4600, ACX5000 series. This issue does not affect vMX. No other Juniper Networks products or platforms are affected by this issue. 2017-07-17 not yet calculated CVE-2017-2341
SECTRACK
CONFIRM
juniper_networks — junos_os
 
An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue. 2017-07-17 not yet calculated CVE-2017-10603
SECTRACK
CONFIRM
juniper_networks — junos_os
 
The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of “Status: Connected” will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue. 2017-07-17 not yet calculated CVE-2017-2343
SECTRACK
CONFIRM
juniper_networks — junos_os
 
A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30. 2017-07-17 not yet calculated CVE-2017-2349
SECTRACK
CONFIRM
juniper_networks — junos_os
 
A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs from running on Junos OS. There are no known exploit vectors utilizing signed binaries shipped with Junos OS itself. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. No other Juniper Networks products or platforms are affected by this issue. 2017-07-17 not yet calculated CVE-2017-2344
BID
SECTRACK
CONFIRM
juniper_networks — junos_os
 
MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series. 2017-07-17 not yet calculated CVE-2017-2342
SECTRACK
CONFIRM
juniper_networks — junos_os
 
On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition. Additionally, it may be possible to craft a malicious SNMP packet in a way that can result in remote code execution. SNMP is disabled in Junos OS by default. Junos OS devices with SNMP disabled are not affected by this issue. No other Juniper Networks products or platforms are affected by this issue. NOTE: This is a different issue than Cisco CVE-2017-6736, CVE-2017-6737, and CVE-2017-6738. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100, 15.1X49-D110; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2, 16.2R3; 17.1 prior to 17.1R1-S3, 17.1R2, 17.1R3; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. Junos releases prior to 10.2 are not affected. 2017-07-17 not yet calculated CVE-2017-2345
BID
SECTRACK
CONFIRM
juniper_networks — junos_os
 
When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with synch or failover while the root account is locked out. Administrators can confirm if the root account is locked out via the following command root@device> show system login lockout user root User Lockout start Lockout end root 1995-01-01 01:00:01 PDT 1995-11-01 01:31:01 PDT Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D65 on SRX series; 12.3X48 prior to 12.3X48-D45 on SRX series; 15.1X49 prior to 15.1X49-D75 on SRX series. 2017-07-17 not yet calculated CVE-2017-10604
SECTRACK
CONFIRM
juniper_networks — junos_os
 
A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. Repeated crashes of the rpd daemon can result in an extended denial of service condition for the device. The affected releases are Junos OS 12.3X48 prior to 12.3X48-D50, 12.3X48-D55; 13.3 prior to 13.3R10; 14.1 prior to 14.1R4-S13, 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D42, 14.1X53-D50; 14.2 prior to 14.2R4-S8, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F5-S7, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5-S1, 15.1R6; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D105, 15.1X53-D47, 15.1X53-D62, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4. No other Juniper Networks products or platforms are affected by this issue. 2017-07-17 not yet calculated CVE-2017-2347
SECTRACK
CONFIRM
juniper_networks — junos_os
 
On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended denial of service condition for the device(s). If the device is configured in high-availability, the RG1+ (data-plane) will fail-over to the secondary node. If the device is configured in stand-alone, there will be temporary traffic interruption until the flowd process is restored automatically. Sustained crafted packets may cause the secondary failover node to fail back, or fail completely, potentially halting flowd on both nodes of the cluster or causing flip-flop failovers to occur. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67 on vSRX or SRX Series; 12.3X48 prior to 12.3X48-D50 on vSRX or SRX Series; 15.1X49 prior to 15.1X49-D91, 15.1X49-D100 on vSRX or SRX Series. 2017-07-17 not yet calculated CVE-2017-10605
SECTRACK
CONFIRM
juniper_networks — junos_os
 
A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS 14.1X53; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1F6, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D47, 15.1X53-D70. This issue does not affect Junos 14.1 or prior releases. No other Juniper Networks products or platforms are affected by this issue. 2017-07-17 not yet calculated CVE-2017-10602
SECTRACK
CONFIRM
juniper_networks — junos_os
 
An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). Repeated crashes of the Service PC can result in an extended denial of service condition. The issue can be seen only if NAT or stateful-firewall rules are configured with ALGs enabled. This issue was caused by the code change for PR 1182910 in Junos OS 14.1X55-D30, 14.1X55-D35, 14.2R7, 15.1R5, and 16.1R2. No other versions of Junos OS and no other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS on MX platforms running: 14.1X55 from 14.1X55-D30 to releases prior to 14.1X55-D35; 14.2R from 14.2R7 to releases prior to 14.2R7-S4, 14.2R8; 15.1R from 15.1R5 to releases prior to 15.1R5-S2, 15.1R6; 16.1R from 16.1R2 to releases prior to 16.1R3-S2, 16.1R4. 2017-07-17 not yet calculated CVE-2017-2346
SECTRACK
CONFIRM
juniper_networks — junos_os
 
The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D12, 14.1X53-D38, 14.1X53-D40 on QFX, EX, QFabric System; 15.1 prior to 15.1F2-S18, 15.1R4 on all products and platforms; 15.1X49 prior to 15.1X49-D80 on SRX; 15.1X53 prior to 15.1X53-D51, 15.1X53-D60 on NFX, QFX, EX. 2017-07-17 not yet calculated CVE-2017-2348
SECTRACK
CONFIRM
juniper_networks — junos_os
 
A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system’s running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2. 2017-07-17 not yet calculated CVE-2017-10601
SECTRACK
CONFIRM

kaspersky — anti-virus_for_linux_file_server

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. 2017-07-17 not yet calculated CVE-2017-9810
MISC
FULLDISC
BID
SECTRACK
MISC
kaspersky — anti-virus_for_linux_file_server
 
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges. 2017-07-17 not yet calculated CVE-2017-9812
MISC
FULLDISC
BID
SECTRACK
MISC
kaspersky — anti-virus_for_linux_file_server
 
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). 2017-07-17 not yet calculated CVE-2017-9813
MISC
FULLDISC
BID
SECTRACK
MISC
kaspersky — anti-virus_for_linux_file_server
 
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root. 2017-07-17 not yet calculated CVE-2017-9811
MISC
FULLDISC
BID
SECTRACK
MISC
koha — koha Multiple cross-site request forgery (CSRF) vulnerabilities in Koha Libraries 3.20.x before 3.20.1, 3.14.x before 3.14.16, 3.16.x before 3.16.12 allow remote attackers to (1) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via the addshelf parameter to opac-shelves.pl, (2) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via an unspecified list name parameter to opac-addbybiblionumber.pl, (3) hijack the authentication of library administrator users for requests that execute arbitrary web script or HTML via virtualshelves/shelves.pl when a shelf name contains web script or HTML, or (4) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that execute arbitrary web script or HTML by adding a biblio to a list whose name contains web script or HTML. 2017-07-21 not yet calculated CVE-2015-4639
CONFIRM
lenovo — connect2
 
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user’s contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems. 2017-07-17 not yet calculated CVE-2017-3742
CONFIRM
lenovo –notebook
 
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code. 2017-07-17 not yet calculated CVE-2017-3754
CONFIRM
libinfinity — libinfinity
 
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. 2017-07-21 not yet calculated CVE-2015-3886
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
libmspack — libmspack
 
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. 2017-07-18 not yet calculated CVE-2017-11423
MISC
MISC
libsass — libsass
 
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. 2017-07-22 not yet calculated CVE-2017-11555
MISC
libsass — libsass
 
There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. 2017-07-22 not yet calculated CVE-2017-11556
MISC
libsass — libsass
 
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service. 2017-07-22 not yet calculated CVE-2017-11554
MISC
MISC
linux — linux_kernel
 
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. 2017-07-21 not yet calculated CVE-2015-3170
CONFIRM
linux — linux_kernel
 
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). 2017-07-21 not yet calculated CVE-2015-5300
CONFIRM
FEDORA
FEDORA
FEDORA
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
REDHAT
MLIST
CONFIRM
CONFIRM
DEBIAN
CONFIRM
BID
SECTRACK
UBUNTU
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
FREEBSD
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-07-20 not yet calculated CVE-2017-11472
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. 2017-07-21 not yet calculated CVE-2015-5219
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
SUSE
SUSE
REDHAT
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. 2017-07-21 not yet calculated CVE-2015-5194
CONFIRM
FEDORA
FEDORA
SUSE
SUSE
SUSE
REDHAT
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. 2017-07-21 not yet calculated CVE-2015-5195
FEDORA
FEDORA
FEDORA
REDHAT
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. 2017-07-20 not yet calculated CVE-2017-11473
CONFIRM
linux — linux_kernel
 
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. 2017-07-21 not yet calculated CVE-2017-7542
CONFIRM
CONFIRM
linux — linux
 
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a ‘secure boot’ kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6’s CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) ‘lp=none’ arguments to the command line. 2017-07-17 not yet calculated CVE-2017-1000363
BID
MISC
ljharb — ljharb
 
the web framework using ljharb’s qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash. 2017-07-17 not yet calculated CVE-2017-1000048
CONFIRM
mautic — mautic
 
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking 2017-07-17 not yet calculated CVE-2017-1000045
MISC
memcached — memcached
 
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705. 2017-07-17 not yet calculated CVE-2017-9951
MISC
MISC
MISC
metinfo — metinfo
 
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php. 2017-07-17 not yet calculated CVE-2017-11347
MISC
metinfo — metinfo
 
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. 2017-07-19 not yet calculated CVE-2017-9764
MISC
metinfo — metinfo
 
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. 2017-07-20 not yet calculated CVE-2017-11500
MISC
microsec — e-szigno
 
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. 2017-07-21 not yet calculated CVE-2015-3931
MISC
MISC
BID
MISC
MISC
MISC
microsoft — scripting_engine
 
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka “Scripting Engine Memory Corruption Vulnerability.” 2017-07-17 not yet calculated CVE-2017-0028
CONFIRM
nancyfx_nancy — nancyfx_nancy
 
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie. 2017-07-20 not yet calculated CVE-2017-9785
CONFIRM

netapp — clustered_data_ontap

NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line. 2017-07-17 not yet calculated CVE-2017-7947
CONFIRM
netlock — mokka
 
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. 2017-07-21 not yet calculated CVE-2015-3932
MISC
MISC
BID
MISC
MISC
nixos — nixos
 
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf. 2017-07-20 not yet calculated CVE-2017-11501
CONFIRM
CONFIRM
CONFIRM

octopus_deploy — octopus_deploy

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value. 2017-07-17 not yet calculated CVE-2017-11348
CONFIRM
openldap — openldap
 
/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. 2017-07-17 not yet calculated CVE-2016-4984
CONFIRM
openmpt — openmpt
 
soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples. 2017-07-17 not yet calculated CVE-2017-11311
CONFIRM
CONFIRM
CONFIRM
CONFIRM
orientdb — orientdb
 
OrientDB through 2.2.22 does not enforce privilege requirements during “where” or “fetchplan” or “order by” use, which allows remote attackers to execute arbitrary OS commands via a crafted request. 2017-07-19 not yet calculated CVE-2017-11467
MISC
MISC
owncloud — owncloud_server
 
Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue. 2017-07-17 not yet calculated CVE-2017-9338
BID
CONFIRM
owncloud — owncloud_server
 
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. 2017-07-17 not yet calculated CVE-2017-9339
CONFIRM
owncloud — owncloud_server
 
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. 2017-07-17 not yet calculated CVE-2017-9340
MISC
CONFIRM
owncloud — owncloud_server
 
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters. 2017-07-17 not yet calculated CVE-2017-8896
BID
MISC
CONFIRM
phamm — phamm
 
XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. 2017-07-20 not yet calculated CVE-2017-0378
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phicomm_k2 — phicomm_k2
 
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action. 2017-07-20 not yet calculated CVE-2017-11495
MISC
phpmailer — phpmailer
 
PHPMailer 5.2.23 has XSS in the “From Email Address” and “To Email Address” fields of code_generator.php. 2017-07-20 not yet calculated CVE-2017-11503
BID
MISC
MISC
phpmyadmin — phpmyadmin
 
A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. 2017-07-17 not yet calculated CVE-2017-1000016
CONFIRM
phpmybackuppro — phpmybackuppro
 
phpMyBackupPro 2.5 and earlier does not properly escape the “.” character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts. 2017-07-21 not yet calculated CVE-2015-3640
MLIST
SECTRACK
phpmybackuppro — phpmybackuppro
 
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. 2017-07-21 not yet calculated CVE-2015-3638
MLIST
MLIST
SECTRACK
phpmybackuppro — phpmybackuppro
 
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. 2017-07-21 not yet calculated CVE-2015-3639
MLIST
MLIST
SECTRACK
phpsocial — phpsocial
 
phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI. 2017-07-19 not yet calculated CVE-2017-10801
MISC
MISC
plotly — plotly
 
Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue. 2017-07-17 not yet calculated CVE-2017-1000006
CONFIRM
print-lldp.c — print-lldp.c
 
tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. 2017-07-22 not yet calculated CVE-2017-11541
MISC
print-pim.c — print-pim.c
 
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. 2017-07-22 not yet calculated CVE-2017-11542
MISC
print-sl.c —  print-sl.c
 
tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. 2017-07-22 not yet calculated CVE-2017-11543
MISC
print-sl.c:229:3 — print-sl.c:229:3
 
tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:229:3. 2017-07-22 not yet calculated CVE-2017-11544
MISC
print-sl.c:253:34 — print-sl.c:253:34
 
tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:253:34. 2017-07-22 not yet calculated CVE-2017-11545
MISC
redcap — redcap
 
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. 2017-07-18 not yet calculated CVE-2017-10961
MISC
MISC
redcap — redcap
 
REDCap before 7.5.1 has XSS via the query string. 2017-07-18 not yet calculated CVE-2017-10962
MISC
MISC
redhat — wildfly
 
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a “/” at the end of a URL. 2017-07-21 not yet calculated CVE-2015-3198
CONFIRM
MISC
CONFIRM
MISC
resiprocate — resiprocate
 
The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections. 2017-07-22 not yet calculated CVE-2017-11521
CONFIRM

rkhunter — rkhunter

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. 2017-07-21 not yet calculated CVE-2017-7480
MLIST
ruby — ruby
 
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism. 2017-07-19 not yet calculated CVE-2017-11465
MISC
MISC
rvm — rvm
 
RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does “bundle install” on a Gemfile specified by .versions.conf in $PWD resulting in code execution 2017-07-17 not yet calculated CVE-2017-1000037
MISC
shoco — shoco
 
The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data. 2017-07-17 not yet calculated CVE-2017-11367
MISC
shotwell — shotwell
 
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to a information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission 2017-07-17 not yet calculated CVE-2017-1000024
MLIST
sony — wg-c10
 
Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. 2017-07-21 not yet calculated CVE-2017-2276
MISC
JVN
sony — wg-c10
 
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-07-21 not yet calculated CVE-2017-2275
MISC
JVN
sony — wg-c10
 
WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. 2017-07-21 not yet calculated CVE-2017-2277
MISC
JVN
spice — spice
 
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. 2017-07-18 not yet calculated CVE-2017-7506
MLIST
BID
CONFIRM
subsonic — subsonic
 
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view. 2017-07-21 not yet calculated CVE-2017-9415
EXPLOIT-DB
technicolor — dpc3928ad_docsis
 
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with “GET /../” on TCP port 4321. 2017-07-20 not yet calculated CVE-2017-11502
MISC

televes — coaxdata_gateway

Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. 2017-07-20 not yet calculated CVE-2017-6530
MISC
MISC
televes — coaxdata_gateway On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile. 2017-07-20 not yet calculated CVE-2017-6531
MISC
MISC
televes — coaxdata_gateway
 
Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. 2017-07-20 not yet calculated CVE-2017-6532
MISC
MISC
testtrack_server — testtrack_server
 
TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field. 2017-07-17 not yet calculated CVE-2017-1000068
MISC
tp-link_archer — tp-link_archer
 
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511. 2017-07-21 not yet calculated CVE-2017-11519
MISC
MISC
txaws — txaws
 
txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. 2017-07-17 not yet calculated CVE-2017-1000007
CONFIRM
wordpress — wordpress
 
The eshop_checkout function in checkout.php in the WordPress Eshop plugin 6.3.11 and earlier does not validate variables in the “eshopcart” HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables. 2017-07-21 not yet calculated CVE-2015-3421
BID
MISC

xmlsec — xmlsec

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service 2017-07-17 not yet calculated CVE-2017-1000061
CONFIRM

yadm — yadm

yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys. 2017-07-17 not yet calculated CVE-2017-11353
CONFIRM
CONFIRM
yara — yara
 
Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. 2017-07-17 not yet calculated CVE-2017-11328
CONFIRM
yii-framework — yii-framework
 
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. 2017-07-21 not yet calculated CVE-2017-11516
CONFIRM
CONFIRM

zoho_manageengine_desktop_central — zoho_manageengine_desktop_central

Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. 2017-07-17 not yet calculated CVE-2017-11346
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

IBM Cisco Security Update

Original release date: July 21, 2017

IBM has released a security update to address some vulnerabilities in its IBM Cisco MDS Series Switches Data Center Network Manager (DCNM) software. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the IBM Security Advisory for vulnerability and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Update

Original release date: July 20, 2017

Cisco has released a security update to address a vulnerability in its Web Security Appliance (WSA). A remote attacker could exploit this vulnerability to take control of a system.

US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Update

Original release date: July 20, 2017

Cisco has released a security update to address a vulnerability in its Web Security Appliance (WSA). A remote attacker could exploit this vulnerability to take control of a system.

US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates

Original release date: July 19, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates

Original release date: July 19, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases Security Bulletin

Original release date: July 18, 2017

Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle July 2017 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases Security Bulletin

Original release date: July 18, 2017

Oracle has released its Critical Patch Update for July 2017 to address 308 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle July 2017 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: July 17, 2017

Cisco has released security updates to address a vulnerability in its WebEx browser extension on Google Chrome and Mozilla Firefox. A remote attacker could exploit this vulnerability to take control of a system.

US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: July 17, 2017

Cisco has released security updates to address a vulnerability in its WebEx browser extension on Google Chrome and Mozilla Firefox. A remote attacker could exploit this vulnerability to take control of a system.

US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.

FBI Releases Article on Privacy Risks Associated with Internet-Connected Children’s Toys

Original release date: July 17, 2017

The Federal Bureau of Investigation (FBI) has released an article on the privacy risks associated with Internet-connected children’s toys. FBI warns that Internet-connected toys may contain “sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options” that may put the privacy and safety of children at risk due to the disclosure of personal information. FBI recommends that consumers read user agreement disclosures and privacy practices for information on how a toy’s data may be used.

Users and administrators are encouraged to review the FBI article for more information and refer to the US-CERT Tip Protecting Your Privacy.


This product is provided subject to this Notification and this Privacy & Use policy.

FBI Releases Article on Privacy Risks Associated with Internet-Connected Children’s Toys

Original release date: July 17, 2017

The Federal Bureau of Investigation (FBI) has released an article on the privacy risks associated with Internet-connected children’s toys. FBI warns that Internet-connected toys may contain “sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options” that may put the privacy and safety of children at risk due to the disclosure of personal information. FBI recommends that consumers read user agreement disclosures and privacy practices for information on how a toy’s data may be used.

Users and administrators are encouraged to review the FBI article for more information and refer to the US-CERT Tip Protecting Your Privacy.


This product is provided subject to this Notification and this Privacy & Use policy.

SB17-198: Vulnerability Summary for the Week of July 10, 2017

Original release date: July 17, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — struts The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. 2017-07-10 7.5 CVE-2017-9791
CONFIRM
BID
SECTRACK
cisco — firesight_system_software A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1. 2017-07-10 7.2 CVE-2017-6735
BID
SECTRACK
CONFIRM
cisco — prime_network A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2). 2017-07-10 7.2 CVE-2017-6732
BID
CONFIRM
dlink — dir-615 On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim’s host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim’s and router’s IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim’s router and take over his session as he won’t be prompted for credentials. 2017-07-07 7.5 CVE-2017-7405
MISC
MISC
finecms_project — finecms FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager “Add Site” action to enter this code after a ‘, sequence in a domain name, as demonstrated by the ‘,phpinfo() input value. 2017-07-12 7.5 CVE-2017-11167
MISC
foxitsoftware — foxit_reader Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. 2017-07-07 9.3 CVE-2017-10994
BID
CONFIRM
freedesktop — systemd systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. “0day”), running the service in question with root privileges rather than the user intended. 2017-07-07 10.0 CVE-2017-1000082
MLIST
BID
CONFIRM
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. 2017-07-09 7.5 CVE-2017-11139
CONFIRM
BID
graphicsmagick — graphicsmagick The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. 2017-07-09 7.1 CVE-2017-11140
CONFIRM
BID
imagemagick — imagemagick The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call. 2017-07-09 7.1 CVE-2017-11141
BID
CONFIRM
imagemagick — imagemagick The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. 2017-07-10 7.1 CVE-2017-11166
CONFIRM
imagemagick — imagemagick The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. 2017-07-12 7.8 CVE-2017-11188
CONFIRM
irssi — irssi An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. 2017-07-07 7.5 CVE-2017-10965
CONFIRM
CONFIRM
irssi — irssi An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table. 2017-07-07 7.5 CVE-2017-10966
CONFIRM
CONFIRM
ismartalarm — cube_one_firmware On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography. 2017-07-11 7.5 CVE-2017-7728
MISC
ismartalarm — cube_one_firmware iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the “cube” and it will stop responding. 2017-07-11 7.8 CVE-2017-7730
MISC
kddi — home_spot_cube_2_firmware HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. 2017-07-07 8.3 CVE-2017-2186
JVN
BID
CONFIRM
linux — linux_kernel The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. 2017-07-11 10.0 CVE-2017-11176
CONFIRM
CONFIRM
mcafee — advanced_threat_defense Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. 2017-07-12 7.5 CVE-2017-4052
CONFIRM
mcafee — advanced_threat_defense Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. 2017-07-12 7.5 CVE-2017-4053
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8595
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8596
BID
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8598
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8601
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8603
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8604
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8605
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8609
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8610
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka “Microsoft Edge Remote Code Execution Vulnerability.” 2017-07-11 7.6 CVE-2017-8617
BID
CONFIRM
microsoft — edge Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8619
BID
SECTRACK
CONFIRM
microsoft — excel Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8501. 2017-07-11 9.3 CVE-2017-8502
BID
SECTRACK
CONFIRM
microsoft — internet_explorer Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609 2017-07-11 7.6 CVE-2017-8606
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609 2017-07-11 7.6 CVE-2017-8607
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609 2017-07-11 7.6 CVE-2017-8608
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8618
BID
SECTRACK
CONFIRM
microsoft — office Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0243. 2017-07-11 9.3 CVE-2017-8570
BID
CONFIRM
microsoft — office_online_server Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8502. 2017-07-11 9.3 CVE-2017-8501
BID
SECTRACK
CONFIRM
microsoft — windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. 2017-07-11 9.3 CVE-2017-8578
BID
SECTRACK
CONFIRM
microsoft — windows_rt_8.1 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka “Windows Search Remote Code Execution Vulnerability”. 2017-07-11 10.0 CVE-2017-8589
BID
SECTRACK
CONFIRM
nfsen — nfsen NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the “Custom output format” field). 2017-07-10 9.0 CVE-2017-7175
CONFIRM
EXPLOIT-DB
pcre — pcre In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. 2017-07-10 7.8 CVE-2017-11164
MISC
php — php In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. 2017-07-10 7.8 CVE-2017-11142
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
schneider_electric — wonderware_archestra_logger A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account. 2017-07-07 10.0 CVE-2017-9629
MISC
BID
SECTRACK
MISC
sqlite — sqlite The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. 2017-07-07 7.5 CVE-2017-10989
MISC
BID
MISC
MISC
MISC
MISC
toshiba — hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges. 2017-07-07 7.5 CVE-2017-2234
JVN
toshiba — hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges. 2017-07-07 7.5 CVE-2017-2236
JVN
toshiba — hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-07-07 10.0 CVE-2017-2237
JVN
xar_project — xar libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c. 2017-07-09 7.5 CVE-2017-11124
MISC
xar_project — xar libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c. 2017-07-09 7.5 CVE-2017-11125
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — quicktime Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2218
JVN
MISC
brother_industries — mfc-j960dwn_firmware Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 6.8 CVE-2017-2244
JVN
CONFIRM
charamin — omp Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2227
JVN
cisco — asr_5000_series A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0. 2017-07-10 5.0 CVE-2017-6729
SECTRACK
CONFIRM
cisco — identity_services_engine A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151). 2017-07-10 4.3 CVE-2017-6733
BID
SECTRACK
CONFIRM
cisco — ios_xr A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE. 2017-07-10 6.9 CVE-2017-6728
BID
SECTRACK
CONFIRM
cisco — ios_xr A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST. 2017-07-10 5.0 CVE-2017-6731
SECTRACK
CONFIRM
cisco — wide_area_application_services A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22). 2017-07-10 5.0 CVE-2017-6727
BID
SECTRACK
CONFIRM
cisco — wide_area_application_services A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17. 2017-07-10 5.0 CVE-2017-6730
BID
SECTRACK
CONFIRM
cybozu — garoon Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user’s file through a specially crafted page. 2017-07-07 5.8 CVE-2017-2144
JVN
CONFIRM
cybozu — garoon Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. 2017-07-07 5.8 CVE-2017-2145
JVN
CONFIRM
dfactory — responsive_lightbox Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2243
JVN
BID
CONFIRM
dlink — dir-615 On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router’s Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim’s Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim’s Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware. 2017-07-07 6.8 CVE-2017-7404
MISC
MISC
dlink — dir-615 The D-Link DIR-615 device before v20.12PTb04 doesn’t use SSL for any of the authenticated pages. Also, it doesn’t allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user’s credentials and/or credentials of users being added while sniffing the traffic. 2017-07-07 5.0 CVE-2017-7406
MISC
MISC
download_manager_project — download_manager Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2017-07-07 5.8 CVE-2017-2217
JVN
CONFIRM
CONFIRM
etherpad — etherpad Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests. 2017-07-07 5.0 CVE-2015-3297
MLIST
MLIST
BID
CONFIRM
finecms_project — finecms FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account. 2017-07-11 4.3 CVE-2017-11179
MISC
finecms_project — finecms FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen. 2017-07-11 4.3 CVE-2017-11180
MISC
finecms_project — finecms Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter. 2017-07-12 4.3 CVE-2017-11198
MISC
finecms_project — finecms SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. 2017-07-12 6.5 CVE-2017-11200
MISC
finecms_project — finecms FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180. 2017-07-12 4.3 CVE-2017-11202
MISC
fossies — catdoc The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer. 2017-07-08 6.8 CVE-2017-11110
MISC
gnu — ncurses In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. 2017-07-08 5.0 CVE-2017-11112
MISC
gnu — ncurses In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. 2017-07-08 5.0 CVE-2017-11113
MISC
google — android Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running “pm install” with the target apk, and simultaneously running a crafted script to process logcat’s output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000. 2017-07-07 6.9 CVE-2014-7953
FULLDISC
BUGTRAQ
BID
CONFIRM
graphicsmagick — graphicsmagick The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. 2017-07-07 5.0 CVE-2017-11102
CONFIRM
CONFIRM
BID
ibm — infosphere_information_server IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. 2017-07-12 4.3 CVE-2017-1321
CONFIRM
MISC
ibm — websphere_mq IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. 2017-07-10 4.3 CVE-2017-1337
CONFIRM
BID
MISC
imagemagick — imagemagick The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. 2017-07-07 4.3 CVE-2017-10995
BID
CONFIRM
iodata — ts-wlce_camera_firmware Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 6.8 CVE-2017-2223
MISC
BID
JVN
ismartalarm — cube_one_firmware iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. 2017-07-11 5.0 CVE-2017-7726
MISC
ismartalarm — cube_one_firmware On iSmartAlarm cube devices, there is Incorrect Access Control because a “new key” is transmitted in cleartext. 2017-07-11 5.0 CVE-2017-7729
MISC
kddi — home_spot_cube_2_firmware HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. 2017-07-07 5.2 CVE-2017-2183
JVN
BID
CONFIRM
kddi — home_spot_cube_2_firmware Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. 2017-07-07 5.8 CVE-2017-2184
JVN
BID
CONFIRM
kddi — home_spot_cube_2_firmware HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. 2017-07-07 5.2 CVE-2017-2185
JVN
BID
CONFIRM
knot-dns — knot_dns Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. 2017-07-08 4.3 CVE-2017-11104
MISC
MISC
MISC
marp_project — marp Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript. 2017-07-07 6.8 CVE-2017-2239
JVN
mcafee — advanced_threat_defense Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter. 2017-07-12 6.5 CVE-2017-4054
CONFIRM
mcafee — advanced_threat_defense Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization. 2017-07-12 5.0 CVE-2017-4055
CONFIRM
mcafee — advanced_threat_defense Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. 2017-07-12 6.5 CVE-2017-4057
CONFIRM
mext — ebidsettingchecker Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2225
JVN
MISC
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka “Microsoft Edge Security Feature Bypass Vulnerability”. 2017-07-11 4.3 CVE-2017-8599
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka “Microsoft Edge Spoofing Vulnerability.” 2017-07-11 4.3 CVE-2017-8611
BID
SECTRACK
CONFIRM
microsoft — exchange_server Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka “Microsoft Exchange Cross-Site Scripting Vulnerability”. This CVE ID is unique from CVE-2017-8560. 2017-07-11 4.3 CVE-2017-8559
BID
SECTRACK
CONFIRM
microsoft — exchange_server Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka “Microsoft Exchange Cross-Site Scripting Vulnerability”. This CVE ID is unique from CVE-2017-8559. 2017-07-11 4.3 CVE-2017-8560
BID
SECTRACK
CONFIRM
microsoft — internet_explorer Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka “Microsoft Browser Spoofing Vulnerability.” 2017-07-11 4.3 CVE-2017-8602
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — sharepoint_server Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka “SharePoint Server XSS Vulnerability”. 2017-07-11 6.5 CVE-2017-8569
BID
SECTRACK
CONFIRM
microsoft — windows_10 Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka “Windows IME Elevation of Privilege Vulnerability”. 2017-07-11 4.4 CVE-2017-8566
BID
SECTRACK
CONFIRM
microsoft — windows_rt_8.1 Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka “Windows Kernel Elevation of Privilege Vulnerability”. 2017-07-11 6.9 CVE-2017-8561
BID
CONFIRM
microsoft — windows_rt_8.1 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka “Windows Elevation of Privilege Vulnerability”. 2017-07-11 5.1 CVE-2017-8563
BID
CONFIRM
microsoft — windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. 2017-07-11 6.9 CVE-2017-8577
BID
SECTRACK
CONFIRM
microsoft — windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. 2017-07-11 6.2 CVE-2017-8580
BID
SECTRACK
CONFIRM
microsoft — windows_rt_8.1 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka “Windows CLFS Elevation of Privilege Vulnerability”. 2017-07-11 4.6 CVE-2017-8590
BID
SECTRACK
CONFIRM
mpg123 — mpg123 The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the “block_type != 2” case, a similar issue to CVE-2017-9870. 2017-07-09 4.3 CVE-2017-11126
MISC
MISC
national_tax_agency — e-tax Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2226
JVN
BID
nilim — road_construction_completion_diagram_check_program Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2230
JVN
MISC
MISC
nitro — nitro_pro Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. 2017-07-07 4.3 CVE-2017-7950
BID
CONFIRM
php — php In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). 2017-07-10 5.0 CVE-2016-10397
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php — php In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. 2017-07-10 5.0 CVE-2017-11143
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php — php In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. 2017-07-10 5.0 CVE-2017-11144
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php — php In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension’s timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function. 2017-07-10 5.0 CVE-2017-11145
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php — php In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c. 2017-07-10 6.4 CVE-2017-11147
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpldapadmin — phpldapadmin phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. 2017-07-08 4.3 CVE-2017-11107
MISC
MISC
schneider_electric — wonderware_archestra_logger An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service. 2017-07-07 5.0 CVE-2017-9627
MISC
BID
SECTRACK
MISC
schneider_electric — wonderware_archestra_logger A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable). 2017-07-07 5.0 CVE-2017-9631
MISC
BID
SECTRACK
MISC
shortcodes_ultimate_project — shortcodes_ultimate Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. 2017-07-07 4.0 CVE-2017-2245
BID
JVN
CONFIRM
CONFIRM
swftools — swftools When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c. 2017-07-07 6.8 CVE-2017-11096
MISC
swftools — swftools When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c. 2017-07-07 6.8 CVE-2017-11097
MISC
swftools — swftools When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. 2017-07-07 6.8 CVE-2017-11098
MISC
swftools — swftools When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. 2017-07-07 6.8 CVE-2017-11099
MISC
swftools — swftools When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c. 2017-07-07 6.8 CVE-2017-11100
MISC
swftools — swftools When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. 2017-07-07 6.8 CVE-2017-11101
MISC
tcpdump — tcpdump tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. 2017-07-08 5.0 CVE-2017-11108
MISC
toshiba — hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors. 2017-07-07 5.0 CVE-2017-2235
JVN
toshiba — hem-gw26a_firmware Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 6.8 CVE-2017-2238
JVN
vim — vim Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. 2017-07-08 6.8 CVE-2017-11109
MISC
MISC.
web-dorado — event_calendar_wd Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2224
BID
JVN
CONFIRM
CONFIRM
wp-members_project — wp-members Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2222
JVN
CONFIRM
CONFIRM
wp-statistics — wp_statistics The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. 2017-07-07 4.3 CVE-2017-10991
MISC
wpdownloadmanager — download_manager Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2216
JVN
CONFIRM
CONFIRM
yaws — yaws Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product. 2017-07-07 5.0 CVE-2017-10974
MISC
BID
EXPLOIT-DB

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cacti — cacti Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. 2017-07-10 3.5 CVE-2017-11163
CONFIRM
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800). 2017-07-10 3.5 CVE-2017-6734
BID
SECTRACK
CONFIRM
cisco — prime_network A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.2(1.0)P1. 2017-07-10 2.1 CVE-2017-6726
BID
CONFIRM
cybozu — garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. 2017-07-07 3.5 CVE-2017-2146
JVN
CONFIRM
fairsketch — rise_ultimate_project_manager In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. 2017-07-11 3.5 CVE-2017-11181
MISC
fairsketch — rise_ultimate_project_manager In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. 2017-07-11 3.5 CVE-2017-11182
MISC
finecms_project — finecms application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action. 2017-07-12 3.5 CVE-2017-11201
MISC
google — android Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request. 2017-07-07 2.1 CVE-2014-7954
MISC
FULLDISC
BUGTRAQ
BID
ibm — websphere_mq IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145. 2017-07-10 1.9 CVE-2017-1284
CONFIRM
BID
MISC
microsoft — windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. 2017-07-11 3.7 CVE-2017-8581
BID
SECTRACK
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — httpd
 
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type ‘Digest’ was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no ‘=’ assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. 2017-07-13 not yet calculated CVE-2017-9788
CONFIRM
CONFIRM
MLIST
apache — httpd
 
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. 2017-07-13 not yet calculated CVE-2017-9789
CONFIRM
MLIST
apache — impala
 
During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext. 2017-07-10 not yet calculated CVE-2017-5652
MLIST
apache — impala
 
It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with ‘COMPLETE’ before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened. 2017-07-10 not yet calculated CVE-2017-5640
BID
MLIST
apache — solr
 
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either “HttpClientInterceptorPlugin” or “HttpClientBuilderPlugin”, his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected. 2017-07-07 not yet calculated CVE-2017-7660
MLIST
BID
apache — spark
 
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user’s trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs. 2017-07-12 not yet calculated CVE-2017-7678
MLIST
apache — struts
 
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12. 2017-07-13 not yet calculated CVE-2017-7672
CONFIRM
MLIST
apache — struts
 
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33. 2017-07-13 not yet calculated CVE-2017-9787
CONFIRM
MLIST
apache — traffic_router
 
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol. 2017-07-10 not yet calculated CVE-2017-7670
MLIST
avg — antivirus
 
AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. 2017-07-12 not yet calculated CVE-2017-9977
MISC
canonical — ubuntu
 
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories. 2017-07-11 not yet calculated CVE-2017-10600
CONFIRM
cloud_foundry — cloud_foundry
 
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider. 2017-07-10 not yet calculated CVE-2017-8032
CONFIRM
emc — data_protection_advisor

 

EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. 2017-07-09 not yet calculated CVE-2017-8003
CONFIRM
BID
SECTRACK
emc — data_protection_advisor
 
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands. 2017-07-09 not yet calculated CVE-2017-8002
CONFIRM
BID
SECTRACK
emc — esrs_policy_manager
 
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server. 2017-07-09 not yet calculated CVE-2017-4976
CONFIRM
SECTRACK
finecms — finecms
 
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked. 2017-07-11 not yet calculated CVE-2017-11178
MISC
gnome_project — gnome
 
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible. 2017-07-11 not yet calculated CVE-2017-11171
CONFIRM
CONFIRM
google — android
 
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249. 2017-07-13 not yet calculated CVE-2017-6249
CONFIRM
google — android
 
An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340. 2017-07-07 not yet calculated CVE-2017-0340
BID
CONFIRM
google — android
 
An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326. 2017-07-07 not yet calculated CVE-2017-0326
BID
CONFIRM
heimdal — heimdal
 
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus’ Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in ‘enc_part’ instead of the unencrypted version stored in ‘ticket’. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. 2017-07-13 not yet calculated CVE-2017-11103
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
ibm — bigfix_inventory
 
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. 2017-07-13 not yet calculated CVE-2016-8964
CONFIRM
MISC
ibm — daeja_viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462. 2017-07-13 not yet calculated CVE-2017-1308
CONFIRM
MISC
ibm — emptoris_sourcing IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352. 2017-07-12 not yet calculated CVE-2016-6114
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834 2017-07-12 not yet calculated CVE-2016-8947
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833. 2017-07-12 not yet calculated CVE-2016-8946
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837. 2017-07-12 not yet calculated CVE-2016-8950
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835. 2017-07-12 not yet calculated CVE-2016-8948
CONFIRM
MISC
ibm — emptoris_sourcing

 

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840. 2017-07-12 not yet calculated CVE-2016-8953
CONFIRM
MISC
ibm — emptoris_strategic_supply_management _platform
 
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739. 2017-07-13 not yet calculated CVE-2016-6019
CONFIRM
MISC
ibm — emptoris_strategic_supply_management_platform
 
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838. 2017-07-13 not yet calculated CVE-2016-8951
CONFIRM
MISC
ibm — emptoris_strategic_supply_management_platform
 
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839. 2017-07-13 not yet calculated CVE-2016-8952
CONFIRM
MISC
ibm — websphere_commerece_enterprise
 
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385. 2017-07-10 not yet calculated CVE-2017-1398
CONFIRM
BID
MISC
ibm — websphere_mq
 
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. 2017-07-12 not yet calculated CVE-2017-1285
MISC
CONFIRM
iceni — infix
 
An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. 2017-07-12 not yet calculated CVE-2017-2863
MISC
imagemagick — imagemagick
 
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. 2017-07-11 not yet calculated CVE-2017-11170
CONFIRM
imagemagick — imagemagick
 
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files. 2017-07-13 not yet calculated CVE-2017-11310
CONFIRM
CONFIRM
ipsilon — ipsilon
 
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. 2017-07-12 not yet calculated CVE-2016-8638
CONFIRM
CONFIRM
CONFIRM
microsoft — office
 
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8570. 2017-07-11 not yet calculated CVE-2017-0243
BID
SECTRACK
CONFIRM
microsoft — windows Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka “WordPad Remote Code Execution Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8588
BID
SECTRACK
CONFIRM
microsoft — windows Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka “Windows ALPC Elevation of Privilege Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8562
BID
CONFIRM
microsoft — windows Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Microsoft Graphics Component Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574. 2017-07-11 not yet calculated CVE-2017-8556
BID
SECTRACK
CONFIRM
microsoft — windows Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka “Windows System Information Console Information Disclosure Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8557
BID
BID
SECTRACK
CONFIRM
microsoft — windows
 
Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Microsoft Graphics Component Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556. 2017-07-11 not yet calculated CVE-2017-8573
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka “Windows PowerShell Remote Code Execution Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8565
BID
SECTRACK
CONFIRM
microsoft — windows
 
Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Microsoft Graphics Component Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556. 2017-07-11 not yet calculated CVE-2017-8574
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka “Windows Kernel Information Disclosure Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8564
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. 2017-07-11 not yet calculated CVE-2017-8585
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka “Microsoft Exchange Open Redirect Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8621
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability due to the way it parses XML input, aka “Windows Performance Monitor Information Disclosure Vulnerability”. 2017-07-11 not yet calculated CVE-2017-0170
BID
SECTRACK
CONFIRM
microsoft — windows
 
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka “Internet Explorer Memory Corruption Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8594
BID
CONFIRM
microsoft — windows
 
Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka “Microsoft Browser Security Feature Bypass”. 2017-07-11 not yet calculated CVE-2017-8592
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — windows
 
Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka “HoloLens Remote Code Execution Vulnerability.” 2017-07-11 not yet calculated CVE-2017-8584
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability when it attempts to open a non-existent file, aka “Windows Explorer Denial of Service Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8587
BID
SECTRACK
CONFIRM
microsoft — windows
 
HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka “Https.sys Information Disclosure Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8582
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka “Kerberos SNAME Security Feature Bypass Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8495
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka “Windows Explorer Remote Code Execution Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8463
BID
SECTRACK
CONFIRM
microsoft — windows
 
Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8467
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka “Win32k Information Disclosure Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8486
BID
SECTRACK
CONFIRM
nginx — nginx
 
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. 2017-07-13 not yet calculated CVE-2017-7529
MLIST
php_group — php
 
In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension’s timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11145. 2017-07-10 not yet calculated CVE-2017-11146
CONFIRM
CONFIRM
CONFIRM
phpmyfaq — phpmyfaq
 
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. 2017-07-12 not yet calculated CVE-2017-11187
CONFIRM
poppler — poppler
 
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library. 2017-07-12 not yet calculated CVE-2017-2820
MISC
poppler — poppler
 
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. 2017-07-12 not yet calculated CVE-2017-2818
MISC
poppler — poppler
 
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability. 2017-07-12 not yet calculated CVE-2017-2814
MISC
project_c-ares — c-ares
 
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. 2017-07-07 not yet calculated CVE-2017-1000381
BID
CONFIRM
CONFIRM
pulse_secure — pulse_connect_secure Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page. 2017-07-12 not yet calculated CVE-2017-11196
MISC
MISC
pulse_secure — pulse_connect_secure
 
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this. 2017-07-12 not yet calculated CVE-2017-11195
MISC
MISC
pulse_secure — pulse_connect_secure
 
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application’s response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc. 2017-07-12 not yet calculated CVE-2017-11194
MISC
MISC
pulse_secure — pulse_connect_secure
 
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page. 2017-07-12 not yet calculated CVE-2017-11193
MISC
MISC
rack-cors — rack-cors
 
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed. 2017-07-12 not yet calculated CVE-2017-11173
MISC
MISC
MISC
sap — netweaver SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. 2017-07-12 not yet calculated CVE-2017-9844
MISC
sap — netweaver
 
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841. 2017-07-12 not yet calculated CVE-2017-9843
MISC
sap — netweaver
 
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. 2017-07-12 not yet calculated CVE-2017-9845
MISC
siemens — simatic_cp_44x-1_rna
 
An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA’s CPU. 2017-07-07 not yet calculated CVE-2017-6868
BID
SECTRACK
MISC
thermo_fisher_scientific — datataker_dt80_dex
 
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI. 2017-07-12 not yet calculated CVE-2017-11165
MISC
unrar-free — unrar-free
 
unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename. 2017-07-12 not yet calculated CVE-2017-11190
MISC
unrar-free — unrar-free
 
unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. 2017-07-12 not yet calculated CVE-2017-11189
MISC
xoops — xoops
 
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses. 2017-07-12 not yet calculated CVE-2017-11174
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

SB17-198: Vulnerability Summary for the Week of July 10, 2017

Original release date: July 17, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — struts The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. 2017-07-10 7.5 CVE-2017-9791
CONFIRM
BID
SECTRACK
cisco — firesight_system_software A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1. 2017-07-10 7.2 CVE-2017-6735
BID
SECTRACK
CONFIRM
cisco — prime_network A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2). 2017-07-10 7.2 CVE-2017-6732
BID
CONFIRM
dlink — dir-615 On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim’s host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim’s and router’s IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim’s router and take over his session as he won’t be prompted for credentials. 2017-07-07 7.5 CVE-2017-7405
MISC
MISC
finecms_project — finecms FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager “Add Site” action to enter this code after a ‘, sequence in a domain name, as demonstrated by the ‘,phpinfo() input value. 2017-07-12 7.5 CVE-2017-11167
MISC
foxitsoftware — foxit_reader Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. 2017-07-07 9.3 CVE-2017-10994
BID
CONFIRM
freedesktop — systemd systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. “0day”), running the service in question with root privileges rather than the user intended. 2017-07-07 10.0 CVE-2017-1000082
MLIST
BID
CONFIRM
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. 2017-07-09 7.5 CVE-2017-11139
CONFIRM
BID
graphicsmagick — graphicsmagick The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files. 2017-07-09 7.1 CVE-2017-11140
CONFIRM
BID
imagemagick — imagemagick The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call. 2017-07-09 7.1 CVE-2017-11141
BID
CONFIRM
imagemagick — imagemagick The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file. 2017-07-10 7.1 CVE-2017-11166
CONFIRM
imagemagick — imagemagick The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. 2017-07-12 7.8 CVE-2017-11188
CONFIRM
irssi — irssi An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. 2017-07-07 7.5 CVE-2017-10965
CONFIRM
CONFIRM
irssi — irssi An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table. 2017-07-07 7.5 CVE-2017-10966
CONFIRM
CONFIRM
ismartalarm — cube_one_firmware On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography. 2017-07-11 7.5 CVE-2017-7728
MISC
ismartalarm — cube_one_firmware iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood on port 12345 will freeze the “cube” and it will stop responding. 2017-07-11 7.8 CVE-2017-7730
MISC
kddi — home_spot_cube_2_firmware HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. 2017-07-07 8.3 CVE-2017-2186
JVN
BID
CONFIRM
linux — linux_kernel The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. 2017-07-11 10.0 CVE-2017-11176
CONFIRM
CONFIRM
mcafee — advanced_threat_defense Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any configuration settings, or gain administrator functionality via a crafted HTTP request parameter. 2017-07-12 7.5 CVE-2017-4052
CONFIRM
mcafee — advanced_threat_defense Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to execute a command of their choice via a crafted HTTP request parameter. 2017-07-12 7.5 CVE-2017-4053
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8595
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8596
BID
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8598
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8601
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8603
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8604
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8605
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8609
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8610
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka “Microsoft Edge Remote Code Execution Vulnerability.” 2017-07-11 7.6 CVE-2017-8617
BID
CONFIRM
microsoft — edge Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8619
BID
SECTRACK
CONFIRM
microsoft — excel Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8501. 2017-07-11 9.3 CVE-2017-8502
BID
SECTRACK
CONFIRM
microsoft — internet_explorer Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609 2017-07-11 7.6 CVE-2017-8606
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609 2017-07-11 7.6 CVE-2017-8607
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609 2017-07-11 7.6 CVE-2017-8608
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609. 2017-07-11 7.6 CVE-2017-8618
BID
SECTRACK
CONFIRM
microsoft — office Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0243. 2017-07-11 9.3 CVE-2017-8570
BID
CONFIRM
microsoft — office_online_server Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8502. 2017-07-11 9.3 CVE-2017-8501
BID
SECTRACK
CONFIRM
microsoft — windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. 2017-07-11 9.3 CVE-2017-8578
BID
SECTRACK
CONFIRM
microsoft — windows_rt_8.1 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka “Windows Search Remote Code Execution Vulnerability”. 2017-07-11 10.0 CVE-2017-8589
BID
SECTRACK
CONFIRM
nfsen — nfsen NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the “Custom output format” field). 2017-07-10 9.0 CVE-2017-7175
CONFIRM
EXPLOIT-DB
pcre — pcre In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. 2017-07-10 7.8 CVE-2017-11164
MISC
php — php In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. 2017-07-10 7.8 CVE-2017-11142
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
schneider_electric — wonderware_archestra_logger A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account. 2017-07-07 10.0 CVE-2017-9629
MISC
BID
SECTRACK
MISC
sqlite — sqlite The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. 2017-07-07 7.5 CVE-2017-10989
MISC
BID
MISC
MISC
MISC
MISC
toshiba — hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges. 2017-07-07 7.5 CVE-2017-2234
JVN
toshiba — hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges. 2017-07-07 7.5 CVE-2017-2236
JVN
toshiba — hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-07-07 10.0 CVE-2017-2237
JVN
xar_project — xar libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c. 2017-07-09 7.5 CVE-2017-11124
MISC
xar_project — xar libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c. 2017-07-09 7.5 CVE-2017-11125
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — quicktime Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2218
JVN
MISC
brother_industries — mfc-j960dwn_firmware Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 6.8 CVE-2017-2244
JVN
CONFIRM
charamin — omp Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2227
JVN
cisco — asr_5000_series A vulnerability in the Border Gateway Protocol (BGP) processing functionality of the Cisco StarOS operating system for Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core (VPC) Software could allow an unauthenticated, remote attacker to cause the BGP process on an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability affects the following products if they are running the Cisco StarOS operating system and BGP is enabled for the system: Cisco ASR 5000 Series Routers and Cisco Virtualized Packet Core Software. More Information: CSCvc44968. Known Affected Releases: 16.4.1 19.1.0 21.1.0 21.1.M0.65824. Known Fixed Releases: 21.3.A0.65902 21.2.A0.65905 21.1.b0.66164 21.1.V0.66014 21.1.R0.65898 21.1.M0.65894 21.1.0.66030 21.1.0. 2017-07-10 5.0 CVE-2017-6729
SECTRACK
CONFIRM
cisco — identity_services_engine A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151). 2017-07-10 4.3 CVE-2017-6733
BID
SECTRACK
CONFIRM
cisco — ios_xr A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary code at the root privilege level on an affected system, because of Incorrect Permissions. More Information: CSCvb99389. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.3.1.15i.BASE 6.2.3.1i.BASE 6.2.2.15i.BASE 6.1.4.10i.BASE. 2017-07-10 6.9 CVE-2017-6728
BID
SECTRACK
CONFIRM
cisco — ios_xr A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST. 2017-07-10 5.0 CVE-2017-6731
SECTRACK
CONFIRM
cisco — wide_area_application_services A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22). 2017-07-10 5.0 CVE-2017-6727
BID
SECTRACK
CONFIRM
cisco — wide_area_application_services A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affects the following products if they are running an affected release of Cisco Wide Area Application Services (WAAS) Software and are configured to use the Central Manager function: Cisco Virtual Wide Area Application Services (vWAAS), Cisco Wide Area Application Services (WAAS) Appliances, Cisco Wide Area Application Services (WAAS) Modules. Only Cisco WAAS products that are configured with the Central Manager role are affected by this vulnerability. More Information: CSCvd87574. Known Affected Releases: 4.4(7) 6.2(1) 6.2(3). Known Fixed Releases: 6.3(0.228) 6.3(0.226) 6.2(3d)8 5.5(7b)17. 2017-07-10 5.0 CVE-2017-6730
BID
SECTRACK
CONFIRM
cybozu — garoon Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user’s file through a specially crafted page. 2017-07-07 5.8 CVE-2017-2144
JVN
CONFIRM
cybozu — garoon Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. 2017-07-07 5.8 CVE-2017-2145
JVN
CONFIRM
dfactory — responsive_lightbox Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2243
JVN
BID
CONFIRM
dlink — dir-615 On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router’s Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim’s Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim’s Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware. 2017-07-07 6.8 CVE-2017-7404
MISC
MISC
dlink — dir-615 The D-Link DIR-615 device before v20.12PTb04 doesn’t use SSL for any of the authenticated pages. Also, it doesn’t allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user’s credentials and/or credentials of users being added while sniffing the traffic. 2017-07-07 5.0 CVE-2017-7406
MISC
MISC
download_manager_project — download_manager Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2017-07-07 5.8 CVE-2017-2217
JVN
CONFIRM
CONFIRM
etherpad — etherpad Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests. 2017-07-07 5.0 CVE-2015-3297
MLIST
MLIST
BID
CONFIRM
finecms_project — finecms FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account. 2017-07-11 4.3 CVE-2017-11179
MISC
finecms_project — finecms FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen. 2017-07-11 4.3 CVE-2017-11180
MISC
finecms_project — finecms Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter. 2017-07-12 4.3 CVE-2017-11198
MISC
finecms_project — finecms SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. 2017-07-12 6.5 CVE-2017-11200
MISC
finecms_project — finecms FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180. 2017-07-12 4.3 CVE-2017-11202
MISC
fossies — catdoc The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer. 2017-07-08 6.8 CVE-2017-11110
MISC
gnu — ncurses In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. 2017-07-08 5.0 CVE-2017-11112
MISC
gnu — ncurses In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. 2017-07-08 5.0 CVE-2017-11113
MISC
google — android Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running “pm install” with the target apk, and simultaneously running a crafted script to process logcat’s output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000. 2017-07-07 6.9 CVE-2014-7953
FULLDISC
BUGTRAQ
BID
CONFIRM
graphicsmagick — graphicsmagick The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. 2017-07-07 5.0 CVE-2017-11102
CONFIRM
CONFIRM
BID
ibm — infosphere_information_server IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125916. 2017-07-12 4.3 CVE-2017-1321
CONFIRM
MISC
ibm — websphere_mq IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. 2017-07-10 4.3 CVE-2017-1337
CONFIRM
BID
MISC
imagemagick — imagemagick The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. 2017-07-07 4.3 CVE-2017-10995
BID
CONFIRM
iodata — ts-wlce_camera_firmware Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 6.8 CVE-2017-2223
MISC
BID
JVN
ismartalarm — cube_one_firmware iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. 2017-07-11 5.0 CVE-2017-7726
MISC
ismartalarm — cube_one_firmware On iSmartAlarm cube devices, there is Incorrect Access Control because a “new key” is transmitted in cleartext. 2017-07-11 5.0 CVE-2017-7729
MISC
kddi — home_spot_cube_2_firmware HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. 2017-07-07 5.2 CVE-2017-2183
JVN
BID
CONFIRM
kddi — home_spot_cube_2_firmware Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. 2017-07-07 5.8 CVE-2017-2184
JVN
BID
CONFIRM
kddi — home_spot_cube_2_firmware HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. 2017-07-07 5.2 CVE-2017-2185
JVN
BID
CONFIRM
knot-dns — knot_dns Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. 2017-07-08 4.3 CVE-2017-11104
MISC
MISC
MISC
marp_project — marp Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript. 2017-07-07 6.8 CVE-2017-2239
JVN
mcafee — advanced_threat_defense Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a crafted HTTP request parameter. 2017-07-12 6.5 CVE-2017-4054
CONFIRM
mcafee — advanced_threat_defense Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via loose enforcement of authentication and authorization. 2017-07-12 5.0 CVE-2017-4055
CONFIRM
mcafee — advanced_threat_defense Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI terminal commands. 2017-07-12 6.5 CVE-2017-4057
CONFIRM
mext — ebidsettingchecker Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2225
JVN
MISC
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka “Microsoft Edge Security Feature Bypass Vulnerability”. 2017-07-11 4.3 CVE-2017-8599
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka “Microsoft Edge Spoofing Vulnerability.” 2017-07-11 4.3 CVE-2017-8611
BID
SECTRACK
CONFIRM
microsoft — exchange_server Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka “Microsoft Exchange Cross-Site Scripting Vulnerability”. This CVE ID is unique from CVE-2017-8560. 2017-07-11 4.3 CVE-2017-8559
BID
SECTRACK
CONFIRM
microsoft — exchange_server Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka “Microsoft Exchange Cross-Site Scripting Vulnerability”. This CVE ID is unique from CVE-2017-8559. 2017-07-11 4.3 CVE-2017-8560
BID
SECTRACK
CONFIRM
microsoft — internet_explorer Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka “Microsoft Browser Spoofing Vulnerability.” 2017-07-11 4.3 CVE-2017-8602
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — sharepoint_server Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka “SharePoint Server XSS Vulnerability”. 2017-07-11 6.5 CVE-2017-8569
BID
SECTRACK
CONFIRM
microsoft — windows_10 Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka “Windows IME Elevation of Privilege Vulnerability”. 2017-07-11 4.4 CVE-2017-8566
BID
SECTRACK
CONFIRM
microsoft — windows_rt_8.1 Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka “Windows Kernel Elevation of Privilege Vulnerability”. 2017-07-11 6.9 CVE-2017-8561
BID
CONFIRM
microsoft — windows_rt_8.1 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka “Windows Elevation of Privilege Vulnerability”. 2017-07-11 5.1 CVE-2017-8563
BID
CONFIRM
microsoft — windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. 2017-07-11 6.9 CVE-2017-8577
BID
SECTRACK
CONFIRM
microsoft — windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. 2017-07-11 6.2 CVE-2017-8580
BID
SECTRACK
CONFIRM
microsoft — windows_rt_8.1 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka “Windows CLFS Elevation of Privilege Vulnerability”. 2017-07-11 4.6 CVE-2017-8590
BID
SECTRACK
CONFIRM
mpg123 — mpg123 The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the “block_type != 2” case, a similar issue to CVE-2017-9870. 2017-07-09 4.3 CVE-2017-11126
MISC
MISC
national_tax_agency — e-tax Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2226
JVN
BID
nilim — road_construction_completion_diagram_check_program Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 6.8 CVE-2017-2230
JVN
MISC
MISC
nitro — nitro_pro Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. 2017-07-07 4.3 CVE-2017-7950
BID
CONFIRM
php — php In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). 2017-07-10 5.0 CVE-2016-10397
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php — php In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. 2017-07-10 5.0 CVE-2017-11143
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php — php In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. 2017-07-10 5.0 CVE-2017-11144
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php — php In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension’s timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function. 2017-07-10 5.0 CVE-2017-11145
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
php — php In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c. 2017-07-10 6.4 CVE-2017-11147
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
phpldapadmin — phpldapadmin phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. 2017-07-08 4.3 CVE-2017-11107
MISC
MISC
schneider_electric — wonderware_archestra_logger An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service. 2017-07-07 5.0 CVE-2017-9627
MISC
BID
SECTRACK
MISC
schneider_electric — wonderware_archestra_logger A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable). 2017-07-07 5.0 CVE-2017-9631
MISC
BID
SECTRACK
MISC
shortcodes_ultimate_project — shortcodes_ultimate Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. 2017-07-07 4.0 CVE-2017-2245
BID
JVN
CONFIRM
CONFIRM
swftools — swftools When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c. 2017-07-07 6.8 CVE-2017-11096
MISC
swftools — swftools When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c. 2017-07-07 6.8 CVE-2017-11097
MISC
swftools — swftools When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. 2017-07-07 6.8 CVE-2017-11098
MISC
swftools — swftools When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. 2017-07-07 6.8 CVE-2017-11099
MISC
swftools — swftools When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c. 2017-07-07 6.8 CVE-2017-11100
MISC
swftools — swftools When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. 2017-07-07 6.8 CVE-2017-11101
MISC
tcpdump — tcpdump tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. 2017-07-08 5.0 CVE-2017-11108
MISC
toshiba — hem-gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors. 2017-07-07 5.0 CVE-2017-2235
JVN
toshiba — hem-gw26a_firmware Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 6.8 CVE-2017-2238
JVN
vim — vim Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. 2017-07-08 6.8 CVE-2017-11109
MISC
MISC.
web-dorado — event_calendar_wd Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2224
BID
JVN
CONFIRM
CONFIRM
wp-members_project — wp-members Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2222
JVN
CONFIRM
CONFIRM
wp-statistics — wp_statistics The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. 2017-07-07 4.3 CVE-2017-10991
MISC
wpdownloadmanager — download_manager Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 4.3 CVE-2017-2216
JVN
CONFIRM
CONFIRM
yaws — yaws Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product. 2017-07-07 5.0 CVE-2017-10974
MISC
BID
EXPLOIT-DB

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cacti — cacti Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. 2017-07-10 3.5 CVE-2017-11163
CONFIRM
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800). 2017-07-10 3.5 CVE-2017-6734
BID
SECTRACK
CONFIRM
cisco — prime_network A vulnerability in the CLI of the Cisco Prime Network Gateway could allow an authenticated, local attacker to retrieve system process information, which could lead to the disclosure of confidential information. More Information: CSCvd59341. Known Affected Releases: 4.2(1.0)P1. 2017-07-10 2.1 CVE-2017-6726
BID
CONFIRM
cybozu — garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. 2017-07-07 3.5 CVE-2017-2146
JVN
CONFIRM
fairsketch — rise_ultimate_project_manager In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable. 2017-07-11 3.5 CVE-2017-11181
MISC
fairsketch — rise_ultimate_project_manager In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. 2017-07-11 3.5 CVE-2017-11182
MISC
finecms_project — finecms application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action. 2017-07-12 3.5 CVE-2017-11201
MISC
google — android Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request. 2017-07-07 2.1 CVE-2014-7954
MISC
FULLDISC
BUGTRAQ
BID
ibm — websphere_mq IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145. 2017-07-10 1.9 CVE-2017-1284
CONFIRM
BID
MISC
microsoft — windows_rt_8.1 Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. 2017-07-11 3.7 CVE-2017-8581
BID
SECTRACK
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — httpd
 
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type ‘Digest’ was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no ‘=’ assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. 2017-07-13 not yet calculated CVE-2017-9788
CONFIRM
CONFIRM
MLIST
apache — httpd
 
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. 2017-07-13 not yet calculated CVE-2017-9789
CONFIRM
MLIST
apache — impala
 
During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext. 2017-07-10 not yet calculated CVE-2017-5652
MLIST
apache — impala
 
It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with ‘COMPLETE’ before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened. 2017-07-10 not yet calculated CVE-2017-5640
BID
MLIST
apache — solr
 
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either “HttpClientInterceptorPlugin” or “HttpClientBuilderPlugin”, his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected. 2017-07-07 not yet calculated CVE-2017-7660
MLIST
BID
apache — spark
 
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user’s trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script, would then be reflected back to the user and could be evaluated and executed by MS Windows-based clients. It is not an attack on Spark itself, but on the user, who may then execute the script inadvertently when viewing elements of the Spark web UIs. 2017-07-12 not yet calculated CVE-2017-7678
MLIST
apache — struts
 
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12. 2017-07-13 not yet calculated CVE-2017-7672
CONFIRM
MLIST
apache — struts
 
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack when user was properly authenticated. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33. 2017-07-13 not yet calculated CVE-2017-9787
CONFIRM
MLIST
apache — traffic_router
 
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol. 2017-07-10 not yet calculated CVE-2017-7670
MLIST
avg — antivirus
 
AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. 2017-07-12 not yet calculated CVE-2017-9977
MISC
canonical — ubuntu
 
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories. 2017-07-11 not yet calculated CVE-2017-10600
CONFIRM
cloud_foundry — cloud_foundry
 
In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider. 2017-07-10 not yet calculated CVE-2017-8032
CONFIRM
emc — data_protection_advisor

 

EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying OS server by supplying specially crafted strings in input parameters of the application. 2017-07-09 not yet calculated CVE-2017-8003
CONFIRM
BID
SECTRACK
emc — data_protection_advisor
 
EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands. 2017-07-09 not yet calculated CVE-2017-8002
CONFIRM
BID
SECTRACK
emc — esrs_policy_manager
 
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server. 2017-07-09 not yet calculated CVE-2017-4976
CONFIRM
SECTRACK
finecms — finecms
 
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the file extension is not checked. 2017-07-11 not yet calculated CVE-2017-11178
MISC
gnome_project — gnome
 
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible. 2017-07-11 not yet calculated CVE-2017-11171
CONFIRM
CONFIRM
google — android
 
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249. 2017-07-13 not yet calculated CVE-2017-6249
CONFIRM
google — android
 
An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340. 2017-07-07 not yet calculated CVE-2017-0340
BID
CONFIRM
google — android
 
An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326. 2017-07-07 not yet calculated CVE-2017-0326
BID
CONFIRM
heimdal — heimdal
 
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus’ Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in ‘enc_part’ instead of the unencrypted version stored in ‘ticket’. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. 2017-07-13 not yet calculated CVE-2017-11103
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM
ibm — bigfix_inventory
 
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. 2017-07-13 not yet calculated CVE-2016-8964
CONFIRM
MISC
ibm — daeja_viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462. 2017-07-13 not yet calculated CVE-2017-1308
CONFIRM
MISC
ibm — emptoris_sourcing IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352. 2017-07-12 not yet calculated CVE-2016-6114
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118834 2017-07-12 not yet calculated CVE-2016-8947
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833. 2017-07-12 not yet calculated CVE-2016-8946
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118837. 2017-07-12 not yet calculated CVE-2016-8950
CONFIRM
MISC
ibm — emptoris_sourcing
 
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118835. 2017-07-12 not yet calculated CVE-2016-8948
CONFIRM
MISC
ibm — emptoris_sourcing

 

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840. 2017-07-12 not yet calculated CVE-2016-8953
CONFIRM
MISC
ibm — emptoris_strategic_supply_management _platform
 
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739. 2017-07-13 not yet calculated CVE-2016-6019
CONFIRM
MISC
ibm — emptoris_strategic_supply_management_platform
 
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838. 2017-07-13 not yet calculated CVE-2016-8951
CONFIRM
MISC
ibm — emptoris_strategic_supply_management_platform
 
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118839. 2017-07-13 not yet calculated CVE-2016-8952
CONFIRM
MISC
ibm — websphere_commerece_enterprise
 
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385. 2017-07-10 not yet calculated CVE-2017-1398
CONFIRM
BID
MISC
ibm — websphere_mq
 
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. 2017-07-12 not yet calculated CVE-2017-1285
MISC
CONFIRM
iceni — infix
 
An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. 2017-07-12 not yet calculated CVE-2017-2863
MISC
imagemagick — imagemagick
 
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file. 2017-07-11 not yet calculated CVE-2017-11170
CONFIRM
imagemagick — imagemagick
 
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files. 2017-07-13 not yet calculated CVE-2017-11310
CONFIRM
CONFIRM
ipsilon — ipsilon
 
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. 2017-07-12 not yet calculated CVE-2016-8638
CONFIRM
CONFIRM
CONFIRM
microsoft — office
 
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8570. 2017-07-11 not yet calculated CVE-2017-0243
BID
SECTRACK
CONFIRM
microsoft — windows Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka “WordPad Remote Code Execution Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8588
BID
SECTRACK
CONFIRM
microsoft — windows Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka “Windows ALPC Elevation of Privilege Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8562
BID
CONFIRM
microsoft — windows Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Microsoft Graphics Component Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574. 2017-07-11 not yet calculated CVE-2017-8556
BID
SECTRACK
CONFIRM
microsoft — windows Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka “Windows System Information Console Information Disclosure Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8557
BID
BID
SECTRACK
CONFIRM
microsoft — windows
 
Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Microsoft Graphics Component Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556. 2017-07-11 not yet calculated CVE-2017-8573
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka “Windows PowerShell Remote Code Execution Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8565
BID
SECTRACK
CONFIRM
microsoft — windows
 
Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Microsoft Graphics Component Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556. 2017-07-11 not yet calculated CVE-2017-8574
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka “Windows Kernel Information Disclosure Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8564
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. 2017-07-11 not yet calculated CVE-2017-8585
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka “Microsoft Exchange Open Redirect Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8621
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability due to the way it parses XML input, aka “Windows Performance Monitor Information Disclosure Vulnerability”. 2017-07-11 not yet calculated CVE-2017-0170
BID
SECTRACK
CONFIRM
microsoft — windows
 
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka “Internet Explorer Memory Corruption Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8594
BID
CONFIRM
microsoft — windows
 
Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka “Microsoft Browser Security Feature Bypass”. 2017-07-11 not yet calculated CVE-2017-8592
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — windows
 
Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka “HoloLens Remote Code Execution Vulnerability.” 2017-07-11 not yet calculated CVE-2017-8584
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability when it attempts to open a non-existent file, aka “Windows Explorer Denial of Service Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8587
BID
SECTRACK
CONFIRM
microsoft — windows
 
HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka “Https.sys Information Disclosure Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8582
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka “Kerberos SNAME Security Feature Bypass Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8495
BID
SECTRACK
CONFIRM
microsoft — windows
 
Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka “Windows Explorer Remote Code Execution Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8463
BID
SECTRACK
CONFIRM
microsoft — windows
 
Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8467
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka “Win32k Information Disclosure Vulnerability”. 2017-07-11 not yet calculated CVE-2017-8486
BID
SECTRACK
CONFIRM
nginx — nginx
 
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. 2017-07-13 not yet calculated CVE-2017-7529
MLIST
php_group — php
 
In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension’s timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11145. 2017-07-10 not yet calculated CVE-2017-11146
CONFIRM
CONFIRM
CONFIRM
phpmyfaq — phpmyfaq
 
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly. 2017-07-12 not yet calculated CVE-2017-11187
CONFIRM
poppler — poppler
 
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library. 2017-07-12 not yet calculated CVE-2017-2820
MISC
poppler — poppler
 
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. 2017-07-12 not yet calculated CVE-2017-2818
MISC
poppler — poppler
 
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability. 2017-07-12 not yet calculated CVE-2017-2814
MISC
project_c-ares — c-ares
 
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. 2017-07-07 not yet calculated CVE-2017-1000381
BID
CONFIRM
CONFIRM
pulse_secure — pulse_connect_secure Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page. 2017-07-12 not yet calculated CVE-2017-11196
MISC
MISC
pulse_secure — pulse_connect_secure
 
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this. 2017-07-12 not yet calculated CVE-2017-11195
MISC
MISC
pulse_secure — pulse_connect_secure
 
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application’s response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc. 2017-07-12 not yet calculated CVE-2017-11194
MISC
MISC
pulse_secure — pulse_connect_secure
 
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page. 2017-07-12 not yet calculated CVE-2017-11193
MISC
MISC
rack-cors — rack-cors
 
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed. 2017-07-12 not yet calculated CVE-2017-11173
MISC
MISC
MISC
sap — netweaver SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. 2017-07-12 not yet calculated CVE-2017-9844
MISC
sap — netweaver
 
SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841. 2017-07-12 not yet calculated CVE-2017-9843
MISC
sap — netweaver
 
disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. 2017-07-12 not yet calculated CVE-2017-9845
MISC
siemens — simatic_cp_44x-1_rna
 
An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA’s CPU. 2017-07-07 not yet calculated CVE-2017-6868
BID
SECTRACK
MISC
thermo_fisher_scientific — datataker_dt80_dex
 
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI. 2017-07-12 not yet calculated CVE-2017-11165
MISC
unrar-free — unrar-free
 
unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename. 2017-07-12 not yet calculated CVE-2017-11190
MISC
unrar-free — unrar-free
 
unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. 2017-07-12 not yet calculated CVE-2017-11189
MISC
xoops — xoops
 
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses. 2017-07-12 not yet calculated CVE-2017-11174
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

FTC Releases Alert on Digital Security While Traveling

Original release date: July 14, 2017

The Federal Trade Commission (FTC) has released an alert on ensuring good digital security while traveling. Security recommendations include using caution while accessing free Wi-Fi hotspots, keeping all software updated, and using Virtual Private Networks (VPNs).    

US-CERT encourages users to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information.


This product is provided subject to this Notification and this Privacy & Use policy.

FTC Releases Alert on Digital Security While Traveling

Original release date: July 14, 2017

The Federal Trade Commission (FTC) has released an alert on ensuring good digital security while traveling. Security recommendations include using caution while accessing free Wi-Fi hotspots, keeping all software updated, and using Virtual Private Networks (VPNs).    

US-CERT encourages users to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: July 13, 2017

Cisco has released security updates to address several Simple Network Management Protocol (SNMP) vulnerabilities in its IOS and IOS XE software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: July 13, 2017

Cisco has released security updates to address several Simple Network Management Protocol (SNMP) vulnerabilities in its IOS and IOS XE software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Juniper Releases ScreenOS Security Update

Original release date: July 13, 2017

Juniper has released ScreenOS 6.3.0r24 to address multiple cross-site scripting vulnerabilities found in prior versions. An attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Juniper’s Security Bulletin and update all affected ScreenOS versions.


This product is provided subject to this Notification and this Privacy & Use policy.