Category Archives: Cyber Security

Cyber Technology

Intel Firmware Vulnerability

Original release date: November 21, 2017

Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware.

 


This product is provided subject to this Notification and this Privacy & Use policy.

Symantec Releases Security Update

Original release date: November 21, 2017

Symantec has released an update to address a vulnerability in the Symantec Management Console. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Symantec Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Windows ASLR Vulnerability

Original release date: November 20, 2017

The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released.


This product is provided subject to this Notification and this Privacy & Use policy.

SB17-324: Vulnerability Summary for the Week of November 13, 2017

Original release date: November 20, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alchemist.vim — alchemist.vim
 
Elixir’s vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code. 2017-11-17 not yet calculated CVE-2017-1000212
CONFIRM
altavault — ost
 
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution. 2017-11-16 not yet calculated CVE-2017-15517
CONFIRM
amazon — key
 
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving. 2017-11-16 not yet calculated CVE-2017-16867
MISC
MISC
MISC
apache — camel
 
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. 2017-11-15 not yet calculated CVE-2017-12634
CONFIRM
BID
CONFIRM
apache — camel
 
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. 2017-11-15 not yet calculated CVE-2017-12633
CONFIRM
BID
CONFIRM
apache — couchdb
 
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for ‘roles’ used for access control within the database, including the special case ‘_admin’ role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two ‘roles’ keys are available in the JSON, the second one will be used for authorising the document write, but the first ‘roles’ key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. 2017-11-14 not yet calculated CVE-2017-12635
BID
MLIST
apache — couchdb
 
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet. 2017-11-14 not yet calculated CVE-2017-12636
MLIST
apache — cxf
 
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property “attachment-max-header-size”. 2017-11-14 not yet calculated CVE-2017-12624
CONFIRM
BID
apache — hadoop
 
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN’s localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file. 2017-11-13 not yet calculated CVE-2017-3166
MLIST
apache — karaf
 
Apache Karaf enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. 2017-11-15 not yet calculated CVE-2014-0219
BID
CONFIRM
apache — openoffice
 
An installer defect known as an “unquoted Windows search path vulnerability” affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. 2017-11-13 not yet calculated CVE-2016-6803
BID
SECTRACK
CONFIRM
apple — ios An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the “UIKit” component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event. 2017-11-12 not yet calculated CVE-2017-7113
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the “Siri” component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that should not have been available in the lock-screen state. 2017-11-12 not yet calculated CVE-2017-13805
SECTRACK
CONFIRM
apple — ios
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the “Messages” component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state. 2017-11-12 not yet calculated CVE-2017-13844
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the “libarchive” component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file. 2017-11-12 not yet calculated CVE-2017-13816
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Audio” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file. 2017-11-12 not yet calculated CVE-2017-13807
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party “PCRE” product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-11-12 not yet calculated CVE-2017-13846
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-11-12 not yet calculated CVE-2017-13818
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Sandbox” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-11-12 not yet calculated CVE-2017-13838
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions. 2017-11-12 not yet calculated CVE-2017-13782
SECTRACK
MISC
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-11-12 not yet calculated CVE-2017-13842
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “802.1X” component. It allows attackers to have an unspecified impact by leveraging TLS 1.0 support. 2017-11-12 not yet calculated CVE-2017-13832
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “AppleScript” component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile. 2017-11-12 not yet calculated CVE-2017-13809
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Fonts” component. It allows remote attackers to spoof the user interface via crafted text. 2017-11-12 not yet calculated CVE-2017-13828
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Kernel” component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted mach binary. 2017-11-12 not yet calculated CVE-2017-13834
SECTRACK
CONFIRM
apple — macos An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “ImageIO” component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image. 2017-11-12 not yet calculated CVE-2017-13831
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the “ATS” component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font. 2017-11-12 not yet calculated CVE-2017-13820
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the “HelpViewer” component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents. 2017-11-12 not yet calculated CVE-2017-13819
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “CFString” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-11-12 not yet calculated CVE-2017-13821
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Dictionary Widget” component. It allows attackers to read local files if pasted text is used in a search. 2017-11-12 not yet calculated CVE-2017-13801
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “ImageIO” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file. 2017-11-12 not yet calculated CVE-2017-13814
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “CoreText” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file. 2017-11-12 not yet calculated CVE-2017-13825
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the third-party “file” product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-11-12 not yet calculated CVE-2017-13815
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “QuickTime” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-11-12 not yet calculated CVE-2017-13823
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Quick Look” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-11-12 not yet calculated CVE-2017-13822
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-11-12 not yet calculated CVE-2017-13843
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-11-12 not yet calculated CVE-2017-13840
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “libarchive” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive file. 2017-11-12 not yet calculated CVE-2017-13812
SECTRACK
CONFIRM
apple — macos
 
An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Kernel” component. It allows local users to bypass intended memory-read restrictions. 2017-11-12 not yet calculated CVE-2017-13817
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the “HFS” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-11-12 not yet calculated CVE-2017-13830
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the “Open Scripting Architecture” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript file that is mishandled by osadecompile. 2017-11-12 not yet calculated CVE-2017-13824
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the “CFNetwork” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-11-12 not yet calculated CVE-2017-13829
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the “CFNetwork” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-11-12 not yet calculated CVE-2017-13833
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-11-12 not yet calculated CVE-2017-13841
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Kernel” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-11-12 not yet calculated CVE-2017-13836
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “APFS” component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter. 2017-11-12 not yet calculated CVE-2017-13786
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Kernel” component. It allows local users to obtain sensitive information by leveraging an error in packet counters. 2017-11-12 not yet calculated CVE-2017-13810
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Remote Management” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-11-12 not yet calculated CVE-2017-13808
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “libarchive” component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file. 2017-11-12 not yet calculated CVE-2017-13813
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “APFS” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-11-12 not yet calculated CVE-2017-13800
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the “fsck_msdos” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-11-12 not yet calculated CVE-2017-13811
SECTRACK
CONFIRM
apple — macos
 
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the “Quick Look” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document. 2017-11-12 not yet calculated CVE-2017-7132
SECTRACK
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the “Kernel” component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate. 2017-11-12 not yet calculated CVE-2017-13852
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the “CoreText” component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file. 2017-11-12 not yet calculated CVE-2017-13849
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13783
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the “StreamingZip” component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive. 2017-11-12 not yet calculated CVE-2017-13804
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13784
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13794
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13793
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13802
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13798
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13797
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13796
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13795
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13785
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13788
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13803
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13791
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13792
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — multiple_products
 
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-11-12 not yet calculated CVE-2017-13799
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — safari
 
An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the address bar via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13789
SECTRACK
CONFIRM
apple — safari
 
An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the address bar via a crafted web site. 2017-11-12 not yet calculated CVE-2017-13790
SECTRACK
CONFIRM
arris — arris_tg1682g_devices
 
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. 2017-11-15 not yet calculated CVE-2017-16836
MISC
EXPLOIT-DB
automationdirect — click_programming
 
An Uncontrolled Search Path Element issue was discovered in AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) versions 2.10 and prior, C-More Programming Software (Part Number EA9-PGMSW) versions 6.30 and prior, C-More Micro (Part Number EA-PGMSW) versions 4.20.01.0 and prior, GS Drives Configuration Software (Part Number GSOFT) versions 4.0.6 and prior, and SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) versions 1.1.0.5 and prior. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application. 2017-11-13 not yet calculated CVE-2017-14020
BID
MISC
b3log — symphony
 
b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid. 2017-11-14 not yet calculated CVE-2017-16821
CONFIRM
b3log — symphony
 
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java. 2017-11-18 not yet calculated CVE-2017-16881
CONFIRM
big-ip — big-ip
 
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself. 2017-11-17 not yet calculated CVE-2017-6168
SECTRACK
CONFIRM
blackberry — qnx_software_development_platform
 
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader. 2017-11-14 not yet calculated CVE-2017-9369
CONFIRM
blackberry — qnx_software_development_platform
 
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks. 2017-11-14 not yet calculated CVE-2017-3893
CONFIRM
blackberry — qnx_software_development_platform
 
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources. 2017-11-14 not yet calculated CVE-2017-3892
CONFIRM
blackberry — qnx_software_development_platform
 
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node. 2017-11-14 not yet calculated CVE-2017-3891
CONFIRM
blackberry — qnx_software_development_platform
 
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation. 2017-11-14 not yet calculated CVE-2017-9371
CONFIRM
book_walker — book_walker
 
Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-11-17 not yet calculated CVE-2017-10887
CONFIRM
JVN
book_walker — book_walker
 
BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors. 2017-11-17 not yet calculated CVE-2017-10888
CONFIRM
JVN
british_columbia_institute_of_technology — codeigniter
 
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. 2017-11-16 not yet calculated CVE-2017-1000247
MISC
ca_technologies — ca_identity_governance
 
A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. 2017-11-14 not yet calculated CVE-2017-9394
BID
CONFIRM
cacti — cacti
 
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. 2017-11-10 not yet calculated CVE-2017-16785
SECTRACK
MISC
cacti — cacti
 
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). 2017-11-15 not yet calculated CVE-2014-4000
CONFIRM
CONFIRM
GENTOO
CONFIRM
cern — root
 
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution 2017-11-17 not yet calculated CVE-2017-1000203
CONFIRM
cern — root
 
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution 2017-11-17 not yet calculated CVE-2017-1000215
MISC
CONFIRM
CONFIRM
cisco — asa_next-generation_firewall_services
 
A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is due to an implementation error that exists in the process of creating default IP blocks when the device is initialized, and the way in which those IP blocks interact with user-configured filters for local IP management traffic (for example, SSH to the device). An attacker could exploit this vulnerability by sending traffic to the local IP address of the targeted device. A successful exploit could allow the attacker to connect to the local IP address of the device even when there are filters configured to deny the traffic. Cisco Bug IDs: CSCvd97962. 2017-11-16 not yet calculated CVE-2017-12299
CONFIRM
cisco — asyncos
 
A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943. 2017-11-16 not yet calculated CVE-2017-12303
SECTRACK
CONFIRM
cisco — email_security_appliance
 
A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705. 2017-11-16 not yet calculated CVE-2017-12309
SECTRACK
CONFIRM
cisco — findit_network_discovery_utility
 
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCvf37955. 2017-11-16 not yet calculated CVE-2017-12314
CONFIRM
cisco — firepower_system_software
 
A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is due to the incorrect detection of an SMB2 file when the detection is based on the length of the file. An attacker could exploit this vulnerability by sending a crafted SMB2 transfer request through the targeted device. A successful exploit could allow the attacker to bypass filters that are configured to block SMB2 traffic. Cisco Bug IDs: CSCve58398. 2017-11-16 not yet calculated CVE-2017-12300
BID
CONFIRM
cisco — hyperflex_system
 
A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472. 2017-11-16 not yet calculated CVE-2017-12315
BID
CONFIRM
cisco — identity_services_engine
 
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518. 2017-11-16 not yet calculated CVE-2017-12316
SECTRACK
CONFIRM
cisco — immunet_antimalware_installer
 
An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvf23928. 2017-11-16 not yet calculated CVE-2017-12312
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the web-based management interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf60862. 2017-11-16 not yet calculated CVE-2017-12304
BID
SECTRACK
CONFIRM
cisco — ip_phone_8800_series
 
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034. 2017-11-16 not yet calculated CVE-2017-12305
BID
SECTRACK
CONFIRM
cisco — meeting_server A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition because the media process could restart. The media session should be re-established within a few seconds, during which there could be a brief interruption in service. Cisco Bug IDs: CSCvg12559. 2017-11-16 not yet calculated CVE-2017-12311
BID
SECTRACK
CONFIRM
cisco — network_academy_packet_tracer
 
An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. 2017-11-16 not yet calculated CVE-2017-12313
BID
CONFIRM
cisco — registered_envelope_service
 
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. 2017-11-16 not yet calculated CVE-2017-12323
BID
CONFIRM
cisco — registered_envelope_service
 
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. 2017-11-16 not yet calculated CVE-2017-12290
BID
CONFIRM
cisco — registered_envelope_service
 
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. 2017-11-16 not yet calculated CVE-2017-12320
BID
CONFIRM
cisco — registered_envelope_service
 
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. 2017-11-16 not yet calculated CVE-2017-12292
BID
CONFIRM
cisco — registered_envelope_service
 
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. 2017-11-16 not yet calculated CVE-2017-12322
BID
CONFIRM
cisco — registered_envelope_service
 
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. 2017-11-16 not yet calculated CVE-2017-12321
BID
CONFIRM
cisco — registered_envelope_service
 
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999. 2017-11-16 not yet calculated CVE-2017-12291
BID
CONFIRM
cisco — rf_gateway
 
A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. The vulnerability is due to a processing error with TCP connections to the affected device. An attacker could exploit this vulnerability by establishing a large number of TCP connections to an affected device and not actively closing those TCP connections. A successful exploit could allow the attacker to prevent the affected device from delivering SDV or VoD streams to set-top boxes. Cisco Bug IDs: CSCvf19887. 2017-11-16 not yet calculated CVE-2017-12318
BID
CONFIRM
cisco — spark_board
 
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502. 2017-11-16 not yet calculated CVE-2017-12306
CONFIRM
cisco — umbrella_insights_virtual_appliances
 
A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220. 2017-11-16 not yet calculated CVE-2017-12350
BID
CONFIRM
MISC
cisco — unified_communications_manager
 
A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Cisco Bug IDs: CSCvf36682. 2017-11-16 not yet calculated CVE-2017-12302
BID
SECTRACK
CONFIRM
cisco — voice_operating_system
 
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797. 2017-11-16 not yet calculated CVE-2017-12337
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
CONFIRM
cloud_foundry — foundation_grootfs
 
Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer. 2017-11-13 not yet calculated CVE-2017-14388
CONFIRM
cms_made_simple — cms_made_simple
 
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. 2017-11-12 not yet calculated CVE-2017-16799
MISC
cms_made_simple — cms_made_simple
 
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a “php” substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. 2017-11-12 not yet calculated CVE-2017-16798
MISC
codiad — codiad
 
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. 2017-11-17 not yet calculated CVE-2017-1000125
MISC
confire — confire
 
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from “~/.confire.yaml” using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-10 not yet calculated CVE-2017-16763
CONFIRM
MISC
MISC
creolabs — gravity
 
Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the ‘sublexer’ pointer has been freed. Line 542 of gravity_lexer.c. ‘lexer’ is being used to access a variable but ‘lexer’ has already been freed, creating a Heap Use-After-Free condition. 2017-11-16 not yet calculated CVE-2017-1000172
MISC
creolabs — gravity
 
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow. 2017-11-16 not yet calculated CVE-2017-1000173
MISC
cs-cart — cs-cart
 
Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2017-11-17 not yet calculated CVE-2017-10886
CONFIRM
JVN
cyberduck — cyberduck
 
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. 2017-11-15 not yet calculated CVE-2014-2845
SECUNIA
BUGTRAQ
CONFIRM
cygnux — syspass
 
Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information. 2017-11-17 not yet calculated CVE-2017-1000192
CONFIRM
d-link — dcs-936l_devices
 
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device’s IP address to be a substring of the HTTP Referer header. 2017-11-15 not yet calculated CVE-2017-7851
MISC
MISC

dahua_technology — network_video_recorders

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. 2017-11-13 not yet calculated CVE-2017-9314
CONFIRM
dayrui_finecms — dayrui_finecms
 
dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field. 2017-11-16 not yet calculated CVE-2017-16866
CONFIRM
debian — postgresql
 
The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files. 2017-11-13 not yet calculated CVE-2017-8806
CONFIRM
BID
CONFIRM
CONFIRM
django_make_app — django_make_app
 
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-10 not yet calculated CVE-2017-16764
MISC
MISC
ellislab — expressionengine
 
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection 2017-11-17 not yet calculated CVE-2017-1000160
MISC
exiv2 — exiv2
 
exiv2 0.26 contains a Stack out of bounds read in webp parser 2017-11-17 not yet calculated CVE-2017-1000126
MLIST
exiv2 — exiv2
 
Exiv2 0.26 contains a heap buffer overflow in tiff parser 2017-11-17 not yet calculated CVE-2017-1000127
MLIST
exiv2 — exiv2
 
Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser 2017-11-17 not yet calculated CVE-2017-1000128
MLIST
filp_whoops — filp_whoops
 
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS. 2017-11-17 not yet calculated CVE-2017-16880
CONFIRM
fortinet — fortios
 
A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim’s browser via sending a maliciously crafted URL to the victim. 2017-11-13 not yet calculated CVE-2017-7739
BID
SECTRACK
CONFIRM
freebsd — freebsd
 
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace. 2017-11-16 not yet calculated CVE-2017-1086
BID
SECTRACK
FREEBSD
freebsd — freebsd
 
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace. 2017-11-16 not yet calculated CVE-2017-1088
BID
SECTRACK
FREEBSD
freebsd — freebsd
 
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation. 2017-11-16 not yet calculated CVE-2017-1087
BID
SECTRACK
FREEBSD
geminabox — geminabox
 
Stored cross-site scripting (XSS) vulnerability in “geminabox” (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the “homepage” value of a “.gemspec” file, related to views/gem.erb and views/index.erb. 2017-11-13 not yet calculated CVE-2017-16792
CONFIRM
CONFIRM
MISC
gemirro — gemirro
 
Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the “homepage” value of a “.gemspec” file. 2017-11-15 not yet calculated CVE-2017-16833
CONFIRM
gnu — binutils
 
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. 2017-11-15 not yet calculated CVE-2017-16827
CONFIRM
CONFIRM
gnu — binutils
 
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame. 2017-11-15 not yet calculated CVE-2017-16828
CONFIRM
CONFIRM
gnu — binutils
 
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file. 2017-11-15 not yet calculated CVE-2017-16830
CONFIRM
CONFIRM
gnu — binutils
 
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file. 2017-11-15 not yet calculated CVE-2017-16826
CONFIRM
CONFIRM
gnu — binutils
 
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file. 2017-11-15 not yet calculated CVE-2017-16831
CONFIRM
CONFIRM
gnu — binutils
 
The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file. 2017-11-15 not yet calculated CVE-2017-16829
CONFIRM
CONFIRM
gnu — binutils
 
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file. 2017-11-15 not yet calculated CVE-2017-16832
CONFIRM
CONFIRM
google — android An elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. Android ID: A-36006981. 2017-11-16 not yet calculated CVE-2017-0861
CONFIRM
google — android Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894. 2017-11-16 not yet calculated CVE-2017-0858
CONFIRM
google — android Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131. 2017-11-16 not yet calculated CVE-2017-0859
CONFIRM
google — android An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818. 2017-11-16 not yet calculated CVE-2017-0838
CONFIRM
google — android An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779. 2017-11-16 not yet calculated CVE-2017-0862
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506. 2017-11-16 not yet calculated CVE-2017-0852
CONFIRM
google — android An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064. 2017-11-16 not yet calculated CVE-2017-0860
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226. 2017-11-16 not yet calculated CVE-2017-0836
BID
CONFIRM
google — android
 
An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941. 2017-11-16 not yet calculated CVE-2017-0831
BID
CONFIRM
google — android
 
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837. 2017-11-16 not yet calculated CVE-2017-0854
CONFIRM
google — android
 
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. 2017-11-16 not yet calculated CVE-2017-0845
CONFIRM
google — android
 
An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488. 2017-11-16 not yet calculated CVE-2017-0843
CONFIRM
google — android
 
An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498. 2017-11-16 not yet calculated CVE-2017-0830
BID
CONFIRM
google — android
 
An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-34705801. References: N-CVE-2017-6274. 2017-11-14 not yet calculated CVE-2017-6274
CONFIRM
google — android
 
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399. 2017-11-16 not yet calculated CVE-2017-0849
CONFIRM
google — android
 
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941. 2017-11-16 not yet calculated CVE-2017-0850
CONFIRM
google — android
 
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195. 2017-11-16 not yet calculated CVE-2017-0865
CONFIRM
google — android
 
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670. 2017-11-16 not yet calculated CVE-2017-0840
BID
CONFIRM
google — android
 
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644. 2017-11-16 not yet calculated CVE-2017-0853
CONFIRM
google — android
 
An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999. 2017-11-16 not yet calculated CVE-2017-0847
CONFIRM
google — android
 
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217. 2017-11-16 not yet calculated CVE-2017-0848
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820. 2017-11-16 not yet calculated CVE-2017-0832
BID
CONFIRM
google — android
 
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003. 2017-11-16 not yet calculated CVE-2017-0839
BID
CONFIRM
google — android
 
An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264. 2017-11-14 not yet calculated CVE-2017-6264
BID
CONFIRM
google — android
 
An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513. 2017-11-16 not yet calculated CVE-2017-0842
BID
CONFIRM
google — android
 
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570. 2017-11-16 not yet calculated CVE-2017-0851
CONFIRM
google — android
 
Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447. 2017-11-16 not yet calculated CVE-2017-0857
CONFIRM
google — android
 
An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571. 2017-11-16 not yet calculated CVE-2017-0864
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384. 2017-11-16 not yet calculated CVE-2017-0833
BID
CONFIRM
google — android
 
An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620. 2017-11-16 not yet calculated CVE-2017-0863
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832. 2017-11-16 not yet calculated CVE-2017-0835
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953. 2017-11-16 not yet calculated CVE-2017-0834
BID
CONFIRM
google — android
 
An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275. 2017-11-14 not yet calculated CVE-2017-6275
CONFIRM
google — android
 
A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026. 2017-11-16 not yet calculated CVE-2017-0841
BID
CONFIRM
google — pixel
 
An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could lead to kernel memory corruption and possible code execution. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-38415808. References: N-CVE-2017-0866. 2017-11-16 not yet calculated CVE-2017-0866
CONFIRM
hashicorp — vagrant-vmware-fusion
 
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root. 2017-11-16 not yet calculated CVE-2017-16777
MISC
i-o_data_device — lan_disk_connect
 
I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. 2017-11-13 not yet calculated CVE-2017-10875
JVN
CONFIRM
iBall — ib-wra300n3gt
 
Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi. 2017-11-13 not yet calculated CVE-2017-11169
MISC
i_librarian — i_librarian
 
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user’s password. 2017-11-16 not yet calculated CVE-2017-1000237
MISC
i_librarian — i_librarian
 
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. 2017-11-16 not yet calculated CVE-2017-1000236
MISC
i_librarian — i_librarian
 
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. 2017-11-16 not yet calculated CVE-2017-1000235
MISC
i_librarian — i_librarian
 
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the “dir” parameter 2017-11-16 not yet calculated CVE-2017-1000234
MISC
ibm — security_access_manager_appliance
 
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372. 2017-11-13 not yet calculated CVE-2017-1453
CONFIRM
MISC
ibm — security_access_manager_appliance
 
IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612. 2017-11-13 not yet calculated CVE-2017-1477
CONFIRM
MISC
ibm — storwize
 
A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531. 2017-11-13 not yet calculated CVE-2017-1710
CONFIRM
BID
SECTRACK
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908. 2017-11-13 not yet calculated CVE-2017-1229
CONFIRM
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861. 2017-11-13 not yet calculated CVE-2017-1221
CONFIRM
BID
MISC
icinga_core — icinga_core
 
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido. 2017-11-18 not yet calculated CVE-2017-16882
MISC
icon_time — icon_time_systems_rtc-1000
 
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges. 2017-11-17 not yet calculated CVE-2017-16819
MISC
ikarus — ikarus_anti.virus
 
In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c. 2017-11-15 not yet calculated CVE-2017-14961
MISC
MISC
EXPLOIT-DB
CONFIRM
intel — unite_app
 
Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure. 2017-11-16 not yet calculated CVE-2017-5738
CONFIRM
invoiceplane — invoiceplane
 
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. 2017-11-16 not yet calculated CVE-2017-1000239
MISC
invoiceplane — invoiceplane
 
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. 2017-11-16 not yet calculated CVE-2017-1000238
MISC
ipsilon — ipsilon
 
Ipsilon before 2.1.0 has a “SAML2 multi-session vulnerability.” 2017-11-16 not yet calculated CVE-2017-16855
MISC
java — java
 
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. 2017-11-16 not yet calculated CVE-2017-1000209
CONFIRM
jooan — ip_camera_a5_2.3.36_devices
 
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device. 2017-11-17 not yet calculated CVE-2017-16566
MISC
jool — jool
 
Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS. 2017-11-17 not yet calculated CVE-2017-1000191
CONFIRM
jqueryfiletree — jqueryfiletree
 
jqueryFileTree 2.1.5 and older Directory Traversal 2017-11-17 not yet calculated CVE-2017-1000170
MISC
kickbase — kickbase_bundesliga_manager
 
The Kickbase GmbH “Kickbase Bundesliga Manager” app before 2.2.1 — aka kickbase-bundesliga-manager/id678241305 — for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication. 2017-11-13 not yet calculated CVE-2017-14711
MISC
kirby_panel — kirby_panel
 
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file. 2017-11-13 not yet calculated CVE-2017-16807
CONFIRM
MISC
EXPLOIT-DB
kodak — insite
 
Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) “paramFile” parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) “paramFile” parameter to /Site/Troubleshooting/SpeedTest.asp. 2017-11-14 not yet calculated CVE-2017-9085
MISC
konversation — konversation
 
Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes. 2017-11-15 not yet calculated CVE-2017-15923
CONFIRM
CONFIRM
DEBIAN
lansweeper — lansweeper
 
LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx. 2017-11-15 not yet calculated CVE-2017-16841
EXPLOIT-DB
MISC
ldns — ldns
 
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. 2017-11-16 not yet calculated CVE-2017-1000232
MISC
ldns — ldns
 
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. 2017-11-16 not yet calculated CVE-2017-1000231
MISC
libav — libav
 
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream. 2017-11-13 not yet calculated CVE-2017-16803
BID
CONFIRM
CONFIRM
libavcodec — libavcodec
 
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact. 2017-11-15 not yet calculated CVE-2017-14034
MISC
libbpg — libbpg
 
The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference. 2017-11-15 not yet calculated CVE-2017-13136
MISC
libbpg — libbpg
 
A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure. 2017-11-15 not yet calculated CVE-2017-13135
MISC
libming — libming
 
The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file. 2017-11-18 not yet calculated CVE-2017-16883
CONFIRM
lightftp — lightftp
 
LightFTP version 1.1 is vulnerable to a buffer overflow in the “writelogentry” function resulting a denial of services or a remote code execution. 2017-11-16 not yet calculated CVE-2017-1000218
CONFIRM
linux — kernel
 
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls. 2017-11-15 not yet calculated CVE-2017-15115
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
linux — kernel
 
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. 2017-11-15 not yet calculated CVE-2017-15102
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
lynx — lynx
 
Lynx version 2.8.8 and older is vulnerable to a use after free in the HTML parser resulting in memory disclosure. 2017-11-17 not yet calculated CVE-2017-1000211
MISC
mediawiki — mediawiki MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. 2017-11-15 not yet calculated CVE-2017-8812
SECTRACK
CONFIRM
DEBIAN
mediawiki — mediawiki
 
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability. 2017-11-15 not yet calculated CVE-2017-8809
SECTRACK
CONFIRM
DEBIAN
mediawiki — mediawiki
 
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by “a lot of junk.” 2017-11-15 not yet calculated CVE-2017-8814
SECTRACK
CONFIRM
DEBIAN
mediawiki — mediawiki
 
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules. 2017-11-15 not yet calculated CVE-2017-8815
SECTRACK
CONFIRM
DEBIAN
mediawiki — mediawiki
 
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests. 2017-11-15 not yet calculated CVE-2017-8810
SECTRACK
CONFIRM
DEBIAN
mediawiki — mediawiki
 
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. 2017-11-15 not yet calculated CVE-2017-8808
SECTRACK
CONFIRM
DEBIAN
mediawiki — mediawiki

 

The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks. 2017-11-15 not yet calculated CVE-2017-8811
SECTRACK
CONFIRM
DEBIAN
microsoft — .net_core
 
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka “.NET CORE Denial Of Service Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11883
BID
SECTRACK
CONFIRM
microsoft — .net_core
 
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka “.NET CORE Denial Of Service Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11770
BID
SECTRACK
CONFIRM
microsoft — asp.net_core
 
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka “ASP.NET Core Elevation Of Privilege Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11879
BID
SECTRACK
CONFIRM
microsoft — asp.net_core
 
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka “ASP.NET Core Information Disclosure Vulnerability”. 2017-11-14 not yet calculated CVE-2017-8700
BID
SECTRACK
CONFIRM
microsoft — device_guard
 
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka “Device Guard Security Feature Bypass Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11830
BID
SECTRACK
CONFIRM
microsoft — edge
 
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11845
BID
SECTRACK
CONFIRM
microsoft — excel
 
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Excel Memory Corruption Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11878
BID
SECTRACK
CONFIRM
microsoft — excel
 
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka “Microsoft Excel Security Feature Bypass Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11877
BID
SECTRACK
CONFIRM
microsoft — excel
 
Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11882. 2017-11-14 not yet calculated CVE-2017-11884
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka “Internet Explorer Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11855. 2017-11-14 not yet calculated CVE-2017-11856
BID
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka “Microsoft Browser Memory Corruption Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11827
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka “Internet Explorer Information Disclosure Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11848
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka “Internet Explorer Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11856. 2017-11-14 not yet calculated CVE-2017-11855
BID
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11869
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — multiple_products Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker’s choice, due to how Microsoft Edge handles redirect requests, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874. 2017-11-14 not yet calculated CVE-2017-11872
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11839
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user’s system, due to how the scripting engine handles objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11791. 2017-11-14 not yet calculated CVE-2017-11834
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka “Microsoft Graphics Component Information Disclosure Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11850
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11837
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11836
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872. 2017-11-14 not yet calculated CVE-2017-11874
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user’s system, due to how Microsoft Edge handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11803 and CVE-2017-11833. 2017-11-14 not yet calculated CVE-2017-11844
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim’s identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka “Microsoft Project Server Elevation of Privilege Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11876
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11870
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11843
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11866
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user’s system, due to how Microsoft Edge handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11833 and CVE-2017-11844. 2017-11-14 not yet calculated CVE-2017-11803
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11871. 2017-11-14 not yet calculated CVE-2017-11873
BID
SECTRACK
CONFIRM
EXPLOIT-DB
microsoft — multiple_products
 
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user’s system, due to how the scripting engine handles objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11834. 2017-11-14 not yet calculated CVE-2017-11791
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11838
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11840
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11858
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11871
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11846
BID
SECTRACK
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11841
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11862
BID
SECTRACK
CONFIRM
microsoft — office
 
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11884. 2017-11-14 not yet calculated CVE-2017-11882
BID
SECTRACK
MISC
MISC
CONFIRM
CERT-VN
microsoft — office
 
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka “Microsoft Word Memory Corruption Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11854
BID
SECTRACK
CONFIRM
microsoft — windows_kernel
 
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user’s system due to the Windows kernel improperly initializing objects in memory, aka “Windows Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11831. 2017-11-14 not yet calculated CVE-2017-11880
BID
SECTRACK
CONFIRM
microsoft — windows_kernel
 
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka “Windows Kernel Elevation of Privilege Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11847
BID
SECTRACK
CONFIRM
microsoft — windows_kernel
 
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851. 2017-11-14 not yet calculated CVE-2017-11853
BID
SECTRACK
CONFIRM
microsoft — windows_kernel
 
Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11849, CVE-2017-11851, and CVE-2017-11853. 2017-11-14 not yet calculated CVE-2017-11842
BID
SECTRACK
CONFIRM
microsoft — windows_kernel
 
The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853. 2017-11-14 not yet calculated CVE-2017-11851
BID
SECTRACK
CONFIRM
microsoft — windows_kernel
 
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11842, CVE-2017-11851, and CVE-2017-11853. 2017-11-14 not yet calculated CVE-2017-11849
BID
SECTRACK
CONFIRM
microsoft — windows_kernel
 
Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user’s system due to how the Windows kernel initializes memory, aka “Windows Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11880. 2017-11-14 not yet calculated CVE-2017-11831
BID
SECTRACK
CONFIRM
microsoft — windows_media_player
 
Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka “Windows Media Player Information Disclosure Vulnerability.” 2017-11-14 not yet calculated CVE-2017-11768
BID
SECTRACK
CONFIRM
microsoft — windows_search
 
Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka “Windows Search Denial of Service Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11788
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka “Microsoft Edge Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844. 2017-11-14 not yet calculated CVE-2017-11833
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. 2017-11-14 not yet calculated CVE-2017-11861
BID
SECTRACK
CONFIRM
EXPLOIT-DB
microsoft — windows
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874. 2017-11-14 not yet calculated CVE-2017-11863
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka “Windows EOT Font Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11832. 2017-11-14 not yet calculated CVE-2017-11835
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka “Windows EOT Font Engine Information Disclosure Vulnerability.” This CVE ID is unique from CVE-2017-11835. 2017-11-14 not yet calculated CVE-2017-11832
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user’s system, due improperly disclosing kernel memory addresses, aka “Windows GDI Information Disclosure Vulnerability”. 2017-11-14 not yet calculated CVE-2017-11852
BID
SECTRACK
CONFIRM
misp — misp
 
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. 2017-11-13 not yet calculated CVE-2017-16802
CONFIRM
modx_revolution — modx_revolution
 
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims’ accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS. 2017-11-17 not yet calculated CVE-2017-1000223
MISC
moxa — eds-g512e_5.1_build_16072215_devices
 
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. 2017-11-17 not yet calculated CVE-2017-13700
MISC
moxa — eds-g512e_5.1_build_16072215_devices
 
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. 2017-11-17 not yet calculated CVE-2017-13702
MISC
moxa — eds-g512e_5.1_build_16072215_devices
 
An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. 2017-11-17 not yet calculated CVE-2017-13703
MISC
moxa – nport_5110
 
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device. 2017-11-16 not yet calculated CVE-2017-16719
MISC
moxa – nport_5110
 
A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets. 2017-11-16 not yet calculated CVE-2017-14028
MISC
moxa – nport_5110
 
An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure. 2017-11-16 not yet calculated CVE-2017-16715
MISC
netapp – snapcenter_server
 
NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface. 2017-11-16 not yet calculated CVE-2017-15516
CONFIRM
nodejs — nodejs_ejs
 
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function 2017-11-16 not yet calculated CVE-2017-1000228
MISC
nodejs — nodejs_ejs
 
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() 2017-11-16 not yet calculated CVE-2017-1000189
MISC
nodejs — nodejs_ejs
 
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection 2017-11-16 not yet calculated CVE-2017-1000188
MISC
npm — npm
 
npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user 2017-11-16 not yet calculated CVE-2017-1000219
CONFIRM
ntt_docomo — wi-fi_station_l-02f
 
Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors. 2017-11-13 not yet calculated CVE-2017-10871
JVN
october — october_cms
 
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. 2017-11-16 not yet calculated CVE-2017-1000195
MISC
october — october_cms
 
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server. 2017-11-16 not yet calculated CVE-2017-1000197
MISC
october — october_cms
 
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. 2017-11-16 not yet calculated CVE-2017-1000196
MISC
october — october_cms
 
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim’s browser. 2017-11-16 not yet calculated CVE-2017-1000193
MISC
october — october_cms
 
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. 2017-11-16 not yet calculated CVE-2017-1000194
MISC
octopus_deploy — octopus_deploy
 
Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter. 2017-11-13 not yet calculated CVE-2017-16801
CONFIRM
octopus_deploy — octopus_deploy
 
Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter. 2017-11-13 not yet calculated CVE-2017-16810
CONFIRM

open_ticket_request_system — open_ticket_request_system

 

In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information

open_ticket_request_system — open_ticket_request_system

like database user and password.

2017-11-16 not yet calculated CVE-2017-15864
CONFIRM
opencast — opencast
 
In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X. 2017-11-17 not yet calculated CVE-2017-1000221
CONFIRM
opencast — opencast
 
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0. 2017-11-17 not yet calculated CVE-2017-1000217
CONFIRM
openemr — openemr
 
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. 2017-11-16 not yet calculated CVE-2017-1000240
MISC
openemr — openemr
 
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators. 2017-11-16 not yet calculated CVE-2017-1000241
MISC
opensaml — opensaml
 
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105. 2017-11-16 not yet calculated CVE-2017-16853
CONFIRM
CONFIRM
CONFIRM
DEBIAN
openssl — openssl
 
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. 2017-11-13 not yet calculated CVE-2016-8610
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
MISC
DEBIAN
openstack — nova
 
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. 2017-11-14 not yet calculated CVE-2017-16239
CONFIRM
CONFIRM
optipng — optipng
 
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. 2017-11-17 not yet calculated CVE-2017-1000229
MISC
oracle — tuxedo
 
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L). 2017-11-14 not yet calculated CVE-2017-10272
CONFIRM
BID
oracle — tuxedo
 
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). 2017-11-14 not yet calculated CVE-2017-10266
CONFIRM
BID
oracle — tuxedo
 
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 2017-11-14 not yet calculated CVE-2017-10267
CONFIRM
BID
oracle — tuxedo
 
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L). 2017-11-14 not yet calculated CVE-2017-10269
CONFIRM
BID
oracle — tuxedo
 
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data as well as unauthorized update, insert or delete access to some of Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L). 2017-11-14 not yet calculated CVE-2017-10278
CONFIRM
BID
orange — livebox
 
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. 2017-11-15 not yet calculated CVE-2014-3150
MISC
paperclip — paperclip
 
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources. 2017-11-13 not yet calculated CVE-2017-0889
CONFIRM
MISC
MISC
paperclip — paperclip
 
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby’s Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery. 2017-11-13 not yet calculated CVE-2017-0904
MISC
CONFIRM
CONFIRM
MISC
MISC
paperclip — paperclip
 
The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery. 2017-11-16 not yet calculated CVE-2017-0909
CONFIRM
MISC
philips_intellispace — cardiovascular_and_xcelera
 
The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements. 2017-11-17 not yet calculated CVE-2017-14111
BID
MISC
CONFIRM
phoenix_framework — phoenix_framework
 
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks. 2017-11-17 not yet calculated CVE-2017-1000163
CONFIRM
picotcp — picotcp
 
picoTCP (versions 1.7.0 – 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack 2017-11-16 not yet calculated CVE-2017-1000210
CONFIRM
pjsip — pjsip
 
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values. 2017-11-17 not yet calculated CVE-2017-16872
CONFIRM
CONFIRM
pjsip — pjsip
 
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations. 2017-11-17 not yet calculated CVE-2017-16875
CONFIRM
CONFIRM
pnp4nagios — pnp4nagios
 
PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account. 2017-11-15 not yet calculated CVE-2017-16834
MISC
procmail — procmail
 
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618. 2017-11-16 not yet calculated CVE-2017-16844
MISC
psftpd — psftpd The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using “nmap -b” and allow performing scans via the FTP server. 2017-11-15 not yet calculated CVE-2017-15269
MISC
BUGTRAQ
MISC
psftpd — psftpd
 
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password “ITsILLEGAL”; however, this password is not required to extract the data. Cleartext is used for a user password. 2017-11-15 not yet calculated CVE-2017-15272
MISC
BUGTRAQ
MISC
psftpd — psftpd
 
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free. 2017-11-15 not yet calculated CVE-2017-15271
MISC
BUGTRAQ
EXPLOIT-DB
MISC
psftpd — psftpd
 
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as ‘”‘ and ‘,’ and ‘\r’ are not escaped and can be used to add new entries to the log. 2017-11-15 not yet calculated CVE-2017-15270
MISC
BUGTRAQ
EXPLOIT-DB
MISC
python — python
 
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) 2017-11-17 not yet calculated CVE-2017-1000158
MISC
python –python
 
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. 2017-11-16 not yet calculated CVE-2017-1000246
MISC
qemu — qemu
 
hw/input/ps2.c in Qemu does not validate ‘rptr’ and ‘count’ values during guest migration, leading to out-of-bounds access. 2017-11-17 not yet calculated CVE-2017-16845
MLIST
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in the service-locator driver function service_locator_send_msg(). 2017-11-16 not yet calculated CVE-2017-11032
CONFIRM
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge text of length up to 253 bytes, but the driver can not handle challenge text larger than 128 bytes. 2017-11-16 not yet calculated CVE-2017-11015
BID
CONFIRM
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions “sme_set_ft_ies” and “csr_roam_issue_ft_preauth_req” due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size. 2017-11-16 not yet calculated CVE-2017-11035
CONFIRM
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition. 2017-11-16 not yet calculated CVE-2017-11024
CONFIRM
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user’s phone contains the information elements which specifies the supported wifi features. This shall impact the user’s privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file. 2017-11-16 not yet calculated CVE-2017-11022
CONFIRM
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading “num_of_cea_blocks” from the untrusted source (EDID), kernel memory can be exposed. 2017-11-16 not yet calculated CVE-2017-11093
CONFIRM
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel 2017-11-16 not yet calculated CVE-2017-11018
CONFIRM
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early. 2017-11-16 not yet calculated CVE-2017-11091
CONFIRM
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers “user-memory-access” issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow. 2017-11-16 not yet calculated CVE-2017-11029
CONFIRM
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or access uninitialized memory. 2017-11-16 not yet calculated CVE-2017-11017
BID
CONFIRM
qualcomm — msm In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur. 2017-11-16 not yet calculated CVE-2017-11092
BID
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against “MSM_ISP_STATS_MAX”. 2017-11-16 not yet calculated CVE-2017-9696
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory. 2017-11-16 not yet calculated CVE-2017-9701
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability. 2017-11-16 not yet calculated CVE-2017-11027
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while parsing the splash image. 2017-11-16 not yet calculated CVE-2017-9721
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no boundary check against “pIe->arraybound”. 2017-11-16 not yet calculated CVE-2017-11013
BID
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information. 2017-11-16 not yet calculated CVE-2017-8279
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys. 2017-11-16 not yet calculated CVE-2017-11026
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver. 2017-11-16 not yet calculated CVE-2017-9702
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads. 2017-11-16 not yet calculated CVE-2017-11023
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow. 2017-11-16 not yet calculated CVE-2017-9690
BID
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range. 2017-11-16 not yet calculated CVE-2017-9719
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use. 2017-11-16 not yet calculated CVE-2017-11038
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes. 2017-11-16 not yet calculated CVE-2017-11090
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data(). 2017-11-16 not yet calculated CVE-2017-11028
BID
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur. 2017-11-16 not yet calculated CVE-2017-11058
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c 2017-11-16 not yet calculated CVE-2017-11085
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur. 2017-11-16 not yet calculated CVE-2017-11012
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes 2017-11-16 not yet calculated CVE-2017-11089
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur. 2017-11-16 not yet calculated CVE-2017-11025
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overflow can occur. 2017-11-16 not yet calculated CVE-2017-11014
BID
CONFIRM
qualcomm — msm
 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space. 2017-11-16 not yet calculated CVE-2017-11073
CONFIRM
quickerbb — quickerbb
 
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB. 2017-11-17 not yet calculated CVE-2017-1000169
CONFIRM
radare2 — radare2
 
In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. 2017-11-13 not yet calculated CVE-2017-16805
CONFIRM
CONFIRM
realtek — realtek_audio_driver
 
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. 2017-11-13 not yet calculated CVE-2017-3767
CONFIRM
recurly — recurly
 
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of “Uri.EscapeUriString” that could result in compromise of API keys or other critical resources. 2017-11-13 not yet calculated CVE-2017-0907
CONFIRM
CONFIRM
MISC
recurly — recurly
 
The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the “Resource.get” method that could result in compromise of API keys or other critical resources. 2017-11-13 not yet calculated CVE-2017-0906
CONFIRM
CONFIRM
MISC
recurly — recurly
 
The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the “Resource#find” method that could result in compromise of API keys or other critical resources. 2017-11-13 not yet calculated CVE-2017-0905
CONFIRM
CONFIRM
MISC
redis-store — redis-store
 
Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis 2017-11-16 not yet calculated CVE-2017-1000248
MISC
redmine — redmine
 
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages. 2017-11-13 not yet calculated CVE-2017-16804
CONFIRM
CONFIRM
CONFIRM
relevanssi — relevanssi_premium
 
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can 2017-11-17 not yet calculated CVE-2017-1000225
MISC
salutation_responsive — wordpress_buddypress_theme
 
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can 2017-11-17 not yet calculated CVE-2017-1000227
MISC
samtools — samtools
 
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution 2017-11-17 not yet calculated CVE-2017-1000206
CONFIRM
sandisk — secure_access
 
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes. 2017-11-16 not yet calculated CVE-2017-16560
MISC
sbi_securities — hyper_sbi
 
Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-11-13 not yet calculated CVE-2017-10885
JVN
scala — scala
 
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. 2017-11-15 not yet calculated CVE-2017-15288
CONFIRM
CONFIRM
CONFIRM
CONFIRM
schneider_electric — indusoft_web_studio
 
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges. 2017-11-13 not yet calculated CVE-2017-14024
BID
MISC
securimage — securimage
 
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER[‘HTTP_USER_AGENT’] parameter to example_form.ajax.php or example_form.php. 2017-11-17 not yet calculated CVE-2017-14077
MISC
serendipity — serendipity
 
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure 2017-11-17 not yet calculated CVE-2017-1000129
MISC
sharp — multiple_products
 
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors. 2017-11-17 not yet calculated CVE-2017-10890
JVN
shibboleth — shibboleth_service_provider
 
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763. 2017-11-16 not yet calculated CVE-2017-16852
CONFIRM
CONFIRM
CONFIRM
DEBIAN
siemens — sicam_rtus_sm-2556_com_module
 
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network. 2017-11-15 not yet calculated CVE-2017-12737
CONFIRM
siemens — sicam_rtus_sm-2556_com_module
 
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link. 2017-11-15 not yet calculated CVE-2017-12738
CONFIRM
siemens — sicam_rtus_sm-2556_com_module
 
An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device. 2017-11-15 not yet calculated CVE-2017-12739
CONFIRM
siemens — snap7
 
The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack. 2017-11-17 not yet calculated CVE-2017-1000230
MISC
simplexml — simplexml
 
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. 2017-11-17 not yet calculated CVE-2017-1000190
CONFIRM
snmp — snmp
 
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact). 2017-11-14 not yet calculated CVE-2017-16820
CONFIRM
CONFIRM
CONFIRM
CONFIRM
sodiumoxide — sodiumoxide
 
sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys 2017-11-17 not yet calculated CVE-2017-1000168
CONFIRM
soyuka/pidusage — soyuka/pidusage
 
soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution 2017-11-16 not yet calculated CVE-2017-1000220
MISC
swagger-parser — swagger-parser
 
A vulnerability in Swagger-Parser’s (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the ‘generate’ and ‘validate’ command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification. 2017-11-16 not yet calculated CVE-2017-1000208
CONFIRM
swftools — swftools
 
In SWFTools, a memcpy buffer overflow was found in gif2swf. 2017-11-16 not yet calculated CVE-2017-1000185
MISC
swftools — swftools
 
In SWFTools, a memory leak was found in wav2swf. 2017-11-16 not yet calculated CVE-2017-1000182
MISC
swftools — swftools
 
In SWFTools, an address access exception was found in swfdump swf_GetBits(). 2017-11-16 not yet calculated CVE-2017-1000174
MISC
swftools — swftools
 
In SWFTools, a memcpy buffer overflow was found in swfc. 2017-11-16 not yet calculated CVE-2017-1000176
MISC
swftools — swftools
 
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file. 2017-11-12 not yet calculated CVE-2017-16797
MISC
swftools — swftools
 
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF() 2017-11-16 not yet calculated CVE-2017-1000187
MISC
swftools — swftools
 
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. 2017-11-12 not yet calculated CVE-2017-16796
MISC
swftools — swftools
 
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. 2017-11-12 not yet calculated CVE-2017-16793
MISC
swftools — swftools
 
In SWFTools, a stack overflow was found in pdf2swf. 2017-11-16 not yet calculated CVE-2017-1000186
MISC
swftools — swftools
 
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file. 2017-11-17 not yet calculated CVE-2017-16868
MISC
swftools — swftools
 
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf. 2017-11-12 not yet calculated CVE-2017-16794
MISC
symantec – endpoint_encryption
 
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario. 2017-11-13 not yet calculated CVE-2017-15526
BID
CONFIRM
symantec – endpoint_encryption
 
Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. 2017-11-13 not yet calculated CVE-2017-15525
BID
CONFIRM
tablepress — tablepress
 
TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. 2017-11-17 not yet calculated CVE-2017-10889
JVN
CONFIRM
tcmu_runner — tcmu_runner
 
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service 2017-11-16 not yet calculated CVE-2017-1000198
MISC
tcmu_runner — tcmu_runner
 
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon’s on_unregister_handler() function resulting in denial of service 2017-11-16 not yet calculated CVE-2017-1000200
MISC
tcmu_runner — tcmu_runner
 
The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack 2017-11-16 not yet calculated CVE-2017-1000201
MISC
tcmu_runner — tcmu_runner
 
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. 2017-11-16 not yet calculated CVE-2017-1000199
MISC
tcpdump — tcpdump
 
tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c. 2017-11-13 not yet calculated CVE-2017-16808
SECTRACK
CONFIRM
tibco — jasperreports
 
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0. 2017-11-15 not yet calculated CVE-2017-5533
BID
CONFIRM
tibco — jasperreports
 
A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below. 2017-11-15 not yet calculated CVE-2017-5532
BID
CONFIRM
tine — tine
 
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation 2017-11-17 not yet calculated CVE-2017-1000164
MISC
trusted_boot — trusted_boot
 
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers. 2017-11-15 not yet calculated CVE-2017-16837
MISC
ulterius — ulterius
 
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal. 2017-11-13 not yet calculated CVE-2017-16806
CONFIRM
EXPLOIT-DB
upx — upx
 
** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated “there is no security implication whatsoever.” 2017-11-17 not yet calculated CVE-2017-16869
MISC
varnish-cache — varnish_http_cache
 
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects. 2017-11-15 not yet calculated CVE-2017-8807
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
vmware — airwatch_console
 
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device’s ‘Links’ page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL. 2017-11-16 not yet calculated CVE-2017-4930
BID
SECTRACK
CONFIRM
vmware — airwatch_console
 
VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device’s log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content. 2017-11-16 not yet calculated CVE-2017-4931
BID
SECTRACK
CONFIRM
vmware — airwatch_launcher
 
VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege. 2017-11-16 not yet calculated CVE-2017-4932
BID
SECTRACK
CONFIRM
vmware — nsx_edge
 
VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. 2017-11-17 not yet calculated CVE-2017-4929
SECTRACK
CONFIRM
vmware — vcenter_server
 
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. 2017-11-17 not yet calculated CVE-2017-4927
BID
SECTRACK
CONFIRM
vmware — workstation_and_fusion
 
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. 2017-11-17 not yet calculated CVE-2017-4934
SECTRACK
CONFIRM
vmware — workstation_and_fusion
 
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. 2017-11-17 not yet calculated CVE-2017-4938
SECTRACK
CONFIRM
vmware — workstation_and_horizon_view_client_for_windows
 
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client. 2017-11-17 not yet calculated CVE-2017-4935
SECTRACK
SECTRACK
CONFIRM
vmware — workstation_and_horizon_view_client_for_windows
 
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client. 2017-11-17 not yet calculated CVE-2017-4937
SECTRACK
SECTRACK
CONFIRM
vmware — workstation_and_horizon_view_client_for_windows
 
VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. 2017-11-17 not yet calculated CVE-2017-4936
SECTRACK
SECTRACK
CONFIRM
vmware — workstation
 
VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker’s choosing that could execute arbitrary code. 2017-11-17 not yet calculated CVE-2017-4939
CONFIRM
vonage — vdv-23_115_3.2.11-0.9.40_devices
 
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic. 2017-11-16 not yet calculated CVE-2017-16843
MISC
EXPLOIT-DB
vsphere — web_client
 
The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. 2017-11-17 not yet calculated CVE-2017-4928
BID
SECTRACK
CONFIRM
wbce — wbce
 
WBCE v1.1.11 is vulnerable to reflected XSS via the “begriff” POST parameter in /admin/admintools/tool.php?tool=user_search 2017-11-16 not yet calculated CVE-2017-1000213
CONFIRM
wordpress — wordpress
 
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. 2017-11-17 not yet calculated CVE-2017-16871
MISC
wordpress — wordpress
 
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values “url_new” (/wp-content/plugins/duplicator/installer/build/view.step4.php) and “logging” (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly. 2017-11-14 not yet calculated CVE-2017-16815
MISC
MISC
wordpress — wordpress
 
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. 2017-11-17 not yet calculated CVE-2017-16870
MISC
wordpress — wordpress
 
Stop User Enumeration 1.3.8 allows user enumeration via the REST API 2017-11-17 not yet calculated CVE-2017-1000226
MISC
wordpress — wordpress
 
Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML. 2017-11-15 not yet calculated CVE-2017-16842
MISC
MISC
youtube — youtube
 
CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin 2017-11-16 not yet calculated CVE-2017-1000224
MISC
zeit_next.js — zeit_next.js
 
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. 2017-11-17 not yet calculated CVE-2017-16877
CONFIRM
zeta_components — mail
 
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing “-X/path/to/wwwroot/file.php.” 2017-11-15 not yet calculated CVE-2017-15806
BID
CONFIRM
CONFIRM
MISC
MISC
EXPLOIT-DB
zoho — manageengine_applications_manager
 
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action. 2017-11-16 not yet calculated CVE-2017-16847
MISC
zoho — manageengine_applications_manager
 
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /MyPage.do widgetid parameter. 2017-11-16 not yet calculated CVE-2017-16851
MISC
zoho — manageengine_applications_manager
 
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. 2017-11-16 not yet calculated CVE-2017-16850
MISC
zoho — manageengine_applications_manager
 
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter. 2017-11-16 not yet calculated CVE-2017-16848
MISC
zoho — manageengine_applications_manager
 
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. 2017-11-16 not yet calculated CVE-2017-16846
MISC
zoho — manageengine_applications_manager
 
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter. 2017-11-16 not yet calculated CVE-2017-16849
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Holiday Scams and Malware Campaigns

Original release date: November 16, 2017

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Emails and ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver attachments infected with malware. Spoofed email messages and phony posts on social networking sites may request support for fraudulent causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

  • Avoid following unsolicited links or downloading attachments from unknown sources.
  • Visit the Federal Trade Commission’s Consumer Information page on Charity Scams.

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites. See Choosing and Protecting Passwords for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

ST17-001: Securing the Internet of Things

Original release date: November 16, 2017

The Internet of Things refers to any object or device that sends and receives data automatically through the Internet. This rapidly expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices that interact with people and share information machine to machine.

Why Should We Care?

Cars, appliances, wearables, lighting, healthcare, and home security all contain sensing devices that can talk to other machines and trigger additional actions. Examples include devices that direct your car to an open spot in a parking lot; mechanisms that control energy use in your home; control systems that deliver water and power to your workplace; and other tools that track your eating, sleeping, and exercise habits.

This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information, and the security of these devices, is not always guaranteed.

What Are the Risks?

Though many security and resilience risks are not new, the scale of interconnectedness created by the Internet of Things increases the consequences of known risks and creates new ones. Attackers take advantage of this scale to infect large segments of devices at a time, allowing them access to the data on those devices or to, as part of a botnet, attack other computers or devices for malicious intent. See Cybersecurity for Electronic Devices, Understanding Hidden Threats: Rootkits and Botnets, and Understanding Denial-of-Service Attacks for more information.

How Do I Improve the Security of Internet-Enabled Devices?

Without a doubt, the Internet of Things makes our lives easier and has many benefits; but we can only reap these benefits if our Internet-enabled devices are secure and trusted. The following are important steps you should consider to make your Internet of Things more secure.

Evaluate your security settings. Most devices offer a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more vulnerable to being attacked. It is important to examine the settings, particularly security settings, and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of software, or if you become aware of something that might affect your device, reevaluate your settings to make sure they are still appropriate. See Good Security Habits for more information.

Ensure you have up-to-date software. When manufacturers become aware of vulnerabilities in their products, they often issue patches to fix the problem. Patches are software updates that fix a particular issue or vulnerability within your device’s software. Make sure to apply relevant patches as soon as possible to protect your devices. See Understanding Patches for more information.

Connect carefully. Once your device is connected to the Internet, it’s also connected to millions of other computers, which could allow attackers access to your device. Consider whether continuous connectivity to the Internet is needed. See Securing Your Home Network for more information.

Use strong passwords. Passwords are a common form of authentication and are often the only barrier between you and your personal information. Some Internet-enabled devices are configured with default passwords to simplify setup. These default passwords are easily found online, so they don’t provide any protection. Choose strong passwords to help secure your device. See Choosing and Protecting Passwords for more information.

Additional Information

The following organizations offer additional information about this topic:


Authors: Stop.Think.Connect. and National Cybersecurity and Communications Integration Center (NCCIC)


This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases Security Alert

Original release date: November 16, 2017

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Oracle Security Alert Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Update

Original release date: November 15, 2017

Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates

Original release date: November 14, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57 and ESR 52.5 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer

Original release date: November 14, 2017

Systems Affected

Network systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan malware variant used by the North Korean government—commonly known as Volgmer. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and to further network exploitation. DHS and FBI are distributing these IP addresses to enable network defense and reduce exposure to North Korean government malicious cyber activity.

This alert includes IOCs related to HIDDEN COBRA, IP addresses linked to systems infected with Volgmer malware, malware descriptions, and associated signatures. This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on reporting incidents. If users or administrators detect activity associated with the Volgmer malware, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation.

For a downloadable copy of IOCs, see:

NCCIC conducted analysis on five files associated with or identified as Volgmer malware and produced a Malware Analysis Report (MAR). MAR-10135536-D examines the tactics, techniques, and procedures observed. For a downloadable copy of the MAR, see:

Description

Volgmer is a backdoor Trojan designed to provide covert access to a compromised system. Since at least 2013, HIDDEN COBRA actors have been observed using Volgmer malware in the wild to target the government, financial, automotive, and media industries.

It is suspected that spear phishing is the primary delivery mechanism for Volgmer infections; however, HIDDEN COBRA actors use a suite of custom tools, some of which could also be used to initially compromise a system. Therefore, it is possible that additional HIDDEN COBRA malware may be present on network infrastructure compromised with Volgmer

The U.S. Government has analyzed Volgmer’s infrastructure and have identified it on systems using both dynamic and static IP addresses. At least 94 static IP addresses were identified, as well as dynamic IP addresses registered across various countries. The greatest concentrations of dynamic IPs addresses are identified below by approximate percentage:

  • India (772 IPs) 25.4 percent
  • Iran (373 IPs) 12.3 percent
  • Pakistan (343 IPs) 11.3 percent
  • Saudi Arabia (182 IPs) 6 percent
  • Taiwan (169 IPs) 5.6 percent
  • Thailand (140 IPs) 4.6 percent
  • Sri Lanka (121 IPs) 4 percent
  • China (82 IPs, including Hong Kong (12) 2.7 percent
  • Vietnam (80 IPs) 2.6 percent
  • Indonesia (68 IPs) 2.2 percent
  • Russia (68 IPs) 2.2 percent

Technical Details

As a backdoor Trojan, Volgmer has several capabilities including: gathering system information, updating service registry keys, downloading and uploading files, executing commands, terminating processes, and listing directories. In one of the samples received for analysis, the US-CERT Code Analysis Team observed botnet controller functionality.

Volgmer payloads have been observed in 32-bit form as either executables or dynamic-link library (.dll) files. The malware uses a custom binary protocol to beacon back to the command and control (C2) server, often via TCP port 8080 or 8088, with some payloads implementing Secure Socket Layer (SSL) encryption to obfuscate communications.

Malicious actors commonly maintain persistence on a victim’s system by installing the malware-as-a-service. Volgmer queries the system and randomly selects a service in which to install a copy of itself. The malware then overwrites the ServiceDLL entry in the selected service’s registry entry. In some cases, HIDDEN COBRA actors give the created service a pseudo-random name that may be composed of various hardcoded words.

Detection and Response

This alert’s IOC files provide HIDDEN COBRA indicators related to Volgmer. DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.

When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.

Network Signatures and Host-Based Rules

This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.

Network Signatures

alert tcp any any -> any any (msg:"Malformed_UA"; content:"User-Agent: Mozillar/"; depth:500; sid:99999999;)

___________________________________________________________________________________________________

YARA Rules

rule volgmer
{
meta:
    description = "Malformed User Agent"
strings:
    $s = "Mozillar/"
condition:
    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and $s
}

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Solution

Mitigation Strategies

DHS recommends that users and administrators use the following best practices as preventive measures to protect their computer networks:

  • Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
  • Keep operating systems and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
  • Maintain up-to-date antivirus software, and scan all software downloaded from the Internet before executing.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
  • Do not follow unsolicited web links in emails. See Avoiding Social Engineering and Phishing Attacks for more information.

Response to Unauthorized Network Access

  • Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), FBI through a local field office, or the FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).

References

Revision History

  • November 14, 2017: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.

TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

Original release date: November 14, 2017

Systems Affected

Network systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.

FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and to further network exploitation. DHS and FBI are distributing these IP addresses to enable network defense and reduce exposure to any North Korean government malicious cyber activity.

This alert includes IOCs related to HIDDEN COBRA, IP addresses linked to systems infected with FALLCHILL malware, malware descriptions, and associated signatures. This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on reporting incidents. If users or administrators detect activity associated with the FALLCHILL malware, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation.

For a downloadable copy of IOCs, see:

NCCIC conducted analysis on two samples of FALLCHILL malware and produced a Malware Analysis Report (MAR). MAR-10135536-A examines the tactics, techniques, and procedures observed in the malware. For a downloadable copy of the MAR, see:

Description

According to trusted third-party reporting, HIDDEN COBRA actors have likely been using FALLCHILL malware since 2016 to target the aerospace, telecommunications, and finance industries. The malware is a fully functional RAT with multiple commands that the actors can issue from a command and control (C2) server to a victim’s system via dual proxies. FALLCHILL typically infects a system as a file dropped by other HIDDEN COBRA malware or as a file downloaded unknowingly by users when visiting sites compromised by HIDDEN COBRA actors. HIDDEN COBRA actors use an external tool or dropper to install the FALLCHILL malware-as-a-service to establish persistence. Because of this, additional HIDDEN COBRA malware may be present on systems compromised with FALLCHILL.

During analysis of the infrastructure used by FALLCHILL malware, the U.S. Government identified 83 network nodes. Additionally, using publicly available registration information, the U.S. Government identified the countries in which the infected IP addresses are registered.

Technical Details

FALLCHILL is the primary component of a C2 infrastructure that uses multiple proxies to obfuscate network traffic between HIDDEN COBRA actors and a victim’s system. According to trusted third-party reporting, communication flows from the victim’s system to HIDDEN COBRA actors using a series of proxies as shown in figure 1.

HIDDEN COBRA Communication Flow

Figure 1. HIDDEN COBRA Communication Flow

FALLCHILL uses fake Transport Layer Security (TLS) communications, encoding the data with RC4 encryption with the following key: [0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82]. FALLCHILL collects basic system information and beacons the following to the C2:

  • operating system (OS) version information,
  • processor information,
  • system name,
  • local IP address information,
  • unique generated ID, and
  • media access control (MAC) address.

FALLCHILL contains the following built-in functions for remote operations that provide various capabilities on a victim’s system:

  • retrieve information about all installed disks, including the disk type and the amount of free space on the disk;
  • create, start, and terminate a new process and its primary thread;
  • search, read, write, move, and execute files;
  • get and modify file or directory timestamps;
  • change the current directory for a process or file; and
  • delete malware and artifacts associated with the malware from the infected system.

Detection and Response

This alert’s IOC files provide HIDDEN COBRA indicators related to FALLCHILL. DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.

When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.

Network Signatures and Host-Based Rules

This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.

Network Signatures

alert tcp any any -> any any (msg:"Malicious SSL 01 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\x04\x88\x4d\x76/"; rev:1; sid:2;)

___________________________________________________________________________________________

alert tcp any any -> any any (msg:"Malicious SSL 02 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\x06\x88\x4d\x76/"; rev:1; sid:3;)

___________________________________________________________________________________________

alert tcp any any -> any any (msg:"Malicious SSL 03 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\xb2\x63\x70\x7b/"; rev:1; sid:4;)

___________________________________________________________________________________________

alert tcp any any -> any any (msg:"Malicious SSL 04 Detected";content:"|17 03 01 00 08|";  pcre:"/\x17\x03\x01\x00\x08.{4}\xb0\x63\x70\x7b/"; rev:1; sid:5;)

___________________________________________________________________________________________

YARA Rules

The following rules were provided to NCCIC by a trusted third party for the purpose of assisting in the identification of malware associated with this alert.

THIS DHS/NCCIC MATERIAL IS FURNISHED ON AN “AS-IS” BASIS.  These rules have been tested and determined to function effectively in a lab environment, but we have no way of knowing if they may function differently in a production network.  Anyone using these rules are encouraged to test them using a data set representitive of their environment.

rule rc4_stack_key_fallchill
{
meta:
    description = "rc4_stack_key"
strings:
    $stack_key = { 0d 06 09 2a ?? ?? ?? ?? 86 48 86 f7 ?? ?? ?? ?? 0d 01 01 01 ?? ?? ?? ?? 05 00 03 82 41 8b c9 41 8b d1 49 8b 40 08 48 ff c2 88 4c 02 ff ff c1 81 f9 00 01 00 00 7c eb }
condition:
    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and $stack_key
}

rule success_fail_codes_fallchill

{
meta:
    description = "success_fail_codes"
strings:
    $s0 = { 68 7a 34 12 00 }  
    $s1 = { ba 7a 34 12 00 }  
    $f0 = { 68 5c 34 12 00 }  
    $f1 = { ba 5c 34 12 00 }
condition:
    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and (($s0 and $f0) or ($s1 and $f1))
}

___________________________________________________________________________________________

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Solution

Mitigation Strategies

DHS recommends that users and administrators use the following best practices as preventive measures to protect their computer networks:

  • Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
  • Keep operating systems and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
  • Maintain up-to-date antivirus software, and scan all software downloaded from the Internet before executing.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
  • Do not follow unsolicited web links in emails. See Avoiding Social Engineering and Phishing Attacks for more information.

Response to Unauthorized Network Access

  • Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), FBI through a local field office, or the FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).

 

References

Revision History

  • November 14, 2017: Initial version

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates

Original release date: November 14, 2017

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41, and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

SB17-317: Vulnerability Summary for the Week of November 6, 2017

Original release date: November 13, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
graphicsmagick — graphicsmagick The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. 2017-11-05 6.8 CVE-2017-16545
CONFIRM
CONFIRM
graphicsmagick — graphicsmagick The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. 2017-11-06 6.8 CVE-2017-16547
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. 2017-11-05 6.8 CVE-2017-16546
CONFIRM
CONFIRM
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — fox515t
 
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. 2017-11-06 not yet calculated CVE-2017-14025
BID
MISC
advantech — webaccess
 
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. 2017-11-06 not yet calculated CVE-2017-12719
BID
MISC
advantech — webaccess
 
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. 2017-11-06 not yet calculated CVE-2017-14016
BID
MISC
asterisk — open_source_certified_asterisk
 
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer. 2017-11-08 not yet calculated CVE-2017-16671
CONFIRM
BID
CONFIRM
asterisk — open_source_certified_asterisk
 
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash. 2017-11-08 not yet calculated CVE-2017-16672
CONFIRM
BID
CONFIRM
avaya — ip_office_contact_center
 
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. 2017-11-09 not yet calculated CVE-2017-12969
CONFIRM
MISC
MISC
FULLDISC
BID
EXPLOIT-DB
avaya — ip_office
 
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. 2017-11-09 not yet calculated CVE-2017-11309
CONFIRM
MISC
MISC
BID
EXPLOIT-DB
backintime — backintime
 
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands. 2017-11-08 not yet calculated CVE-2017-16667
CONFIRM
CONFIRM
CONFIRM
bludit — bludit
 
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts. 2017-11-06 not yet calculated CVE-2017-16636
MISC
bolt_technology — bolt
 
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. 2017-11-09 not yet calculated CVE-2017-16754
BID
MISC
MISC
brother — debut_software
 
The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. NOTE: this might overlap CVE-2017-12568. 2017-11-09 not yet calculated CVE-2017-16249
MISC
EXPLOIT-DB
cacti — cacti
 
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. 2017-11-08 not yet calculated CVE-2017-16660
MISC
cacti — cacti
 
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. 2017-11-08 not yet calculated CVE-2017-16661
MISC
cacti — cacti
 
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. 2017-11-10 not yet calculated CVE-2017-16785
MISC
cacti — cacti
 
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. 2017-11-07 not yet calculated CVE-2017-16641
CONFIRM
cesanta — mongoose
 
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2892
MISC
cesanta — mongoose
 
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2891
MISC
cesanta — mongoose
 
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2922
MISC
cesanta — mongoose
 
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2921
MISC
cesanta — mongoose
 
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2895
MISC
cesanta — mongoose
 
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2893
MISC
cesanta — mongoose
 
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2894
MISC
cesanta — mongoose
 
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2909
MISC
cms_made_simple — cms_made_simple
 
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. 2017-11-10 not yet calculated CVE-2017-16784
MISC
cms_made_simple — cms_made_simple
 
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. 2017-11-10 not yet calculated CVE-2017-16783
MISC
confire — confire
 
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from “~/.confire.yaml” using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-10 not yet calculated CVE-2017-16763
MISC
cumulus_networks — linux
 
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492). 2017-11-08 not yet calculated CVE-2017-15865
CONFIRM
CONFIRM
CONFIRM
CONFIRM
d-link — dwr-933_device
 
XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. 2017-11-10 not yet calculated CVE-2017-16765
MISC
datto — backup_agent
 
Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to “pair” with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified “specific information” by which the agent identifies a network device that is “appearing to be a valid Datto.” 2017-11-08 not yet calculated CVE-2017-16673
CONFIRM
datto — windows_agent
 
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this “primary/secondary” attack with the CVE-2017-16673 “rogue pairing” attack to achieve unauthenticated access to all agent machines running these older DWA versions. 2017-11-08 not yet calculated CVE-2017-16674
CONFIRM
disney — circle An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2916
MISC
disney — circle An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2898
MISC
disney — circle
 
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-12094
MISC
disney — circle
 
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2913
MISC
disney — circle
 
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2917
MISC
disney — circle
 
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2911
MISC
disney — circle
 
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2881
MISC
disney — circle
 
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-12083
MISC
disney — circle
 
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-12085
MISC
disney — circle
 
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2914
MISC
disney — circle
 
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server. 2017-11-07 not yet calculated CVE-2017-12084
MISC
disney — circle
 
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2912
MISC
disney — circle
 
An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2884
MISC
disney — circle
 
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2889
MISC
disney — circle
 
An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2864
MISC
disney — circle
 
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2883
MISC
disney — circle
 
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2866
MISC
disney — circle
 
An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2865
MISC
disney — circle
 
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2882
MISC
disney — circle
 
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2915
MISC
disney — circle
 
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2890
MISC
disney — circle
 
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed “deauth” packets to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-12096
MISC
django_make_app — django_make_app
 
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-10 not yet calculated CVE-2017-16764
MISC
docker — moby
 
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a “scsi remove-single-device” line to /proc/scsi/scsi, aka SCSI MICDROP. 2017-11-04 not yet calculated CVE-2017-16539
MISC
MISC
MISC
MISC
MISC
drupal — drupal
 
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names. 2017-11-06 not yet calculated CVE-2015-7878
MISC
ffmpeg — ffmpeg
 
The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. 2017-11-06 not yet calculated CVE-2017-15672
CONFIRM
MLIST
BID
forcepoint — triton_ap-email
 
TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory. 2017-11-06 not yet calculated CVE-2017-11177
CONFIRM
gentoo — gentoo
 
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the “qemu” group to gain root privileges by creating a hard link in a directory on which “chown” is called recursively by the OpenRC service script. 2017-11-06 not yet calculated CVE-2017-16638
CONFIRM
gentoo — gentoo
 
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script. 2017-11-08 not yet calculated CVE-2017-16659
CONFIRM
graphicsmagick — graphicsmagick
 
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. 2017-11-08 not yet calculated CVE-2017-16669
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
hashicorp — vagrant
 
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. 2017-11-06 not yet calculated CVE-2017-16001
MISC
hola — hola
 
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. 2017-11-09 not yet calculated CVE-2017-16757
MISC
home_assistant — home_assistant
 
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. 2017-11-10 not yet calculated CVE-2017-16782
CONFIRM
hpe — content_manager_workgroup_service
 
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). 2017-11-08 not yet calculated CVE-2017-14360
CONFIRM
inedo — buildmaster Inedo BuildMaster before 5.8.2 has XSS. 2017-11-10 not yet calculated CVE-2017-16760
CONFIRM
CONFIRM
inedo — buildmaster
 
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. 2017-11-10 not yet calculated CVE-2017-16521
MISC
MISC
MISC
MISC
MISC
inedo — buildmaster
 
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. 2017-11-10 not yet calculated CVE-2017-16761
CONFIRM
CONFIRM
CONFIRM
inedo — buildmaster
 
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. 2017-11-10 not yet calculated CVE-2017-16520
CONFIRM
CONFIRM
CONFIRM
ingenious — school_management_system
 
/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the ‘friend_index’ parameter of a GET request. 2017-11-07 not yet calculated CVE-2017-16561
EXPLOIT-DB
inpage — inpage
 
Special crafted InPage document leads to arbitrary code execution in InPage reader. 2017-11-08 not yet calculated CVE-2017-12824
MISC
ipswitch — ws_ftp_professional
 
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. 2017-11-03 not yet calculated CVE-2017-16513
MISC
MISC
EXPLOIT-DB
itext — itext
 
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. 2017-11-08 not yet calculated CVE-2017-9096
BUGTRAQ
MISC
joomla! — joomla!
 
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user’s 2-factor authentication method. 2017-11-09 not yet calculated CVE-2017-16634
BID
SECTRACK
CONFIRM
joomla! — joomla!
 
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site’s custom fields to unauthorized users. 2017-11-09 not yet calculated CVE-2017-16633
BID
SECTRACK
CONFIRM
kabona_ab — webdatorcentral
 
A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. 2017-11-07 not yet calculated CVE-2016-0872
MISC
keystonejs — keystonejs
 
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. 2017-11-06 not yet calculated CVE-2017-16570
MISC
MISC
MISC
libebml2 — libebml2
 
The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12800
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12801
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12802
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12783
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12781
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12782
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12780
MISC
FULLDISC
CONFIRM
librenms — librenms
 
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. 2017-11-09 not yet calculated CVE-2017-16759
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. 2017-11-06 not yet calculated CVE-2017-15306
MISC
MISC
MISC
BID
MISC
linux — linux_kernel
 
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16650
MISC
MISC
linux — linux_kernel
 
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16644
MISC
MISC
linux — linux_kernel
 
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16643
MISC
BID
MISC
MISC
linux — linux_kernel
 
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16645
BID
MISC
MISC
linux — linux_kernel
 
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16646
MISC
MISC
linux — linux_kernel
 
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. 2017-11-07 not yet calculated CVE-2017-16648
BID
MISC
MISC
linux — linux_kernel
 
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16647
BID
MISC
MISC
linux — linux_kernel
 
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16649
BID
MISC
MISC
logitech — media_server
 
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a “favorite.” 2017-11-09 not yet calculated CVE-2017-16567
EXPLOIT-DB
logitech — media_server
 
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. 2017-11-09 not yet calculated CVE-2017-16568
EXPLOIT-DB
manageengine — applications_manager
 
Zoho ManageEngine Applications Manager 13 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. 2017-11-05 not yet calculated CVE-2017-16543
MISC
EXPLOIT-DB
manageengine — applications_manager
 
Zoho ManageEngine Applications Manager 13 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. 2017-11-05 not yet calculated CVE-2017-16542
MISC
EXPLOIT-DB
manageengine — servicedesk
 
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. 2017-11-08 not yet calculated CVE-2017-11512
MISC
manageengine — servicedesk
 
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. 2017-11-08 not yet calculated CVE-2017-11511
MISC
matroska — mkvalidator
 
The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12779
MISC
FULLDISC
CONFIRM
metalgenix — genixcms
 
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. 2017-11-08 not yet calculated CVE-2015-3933
CONFIRM
EXPLOIT-DB
mitrastar — gpt-2541gnac_router
 
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. 2017-11-03 not yet calculated CVE-2017-16523
BID
MISC
EXPLOIT-DB
mkclean — mkclean
 
The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12803
MISC
FULLDISC
CONFIRM
mlalchemy — mlalchemy
 
An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-16615
CONFIRM
CONFIRM
MISC
mybb_group — mybb
 
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. 2017-11-10 not yet calculated CVE-2017-16780
CONFIRM
mybb_group — mybb
 
The installer in MyBB before 1.8.13 has XSS. 2017-11-10 not yet calculated CVE-2017-16781
CONFIRM
netapp — clustered_data_ontap
 
NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. 2017-11-09 not yet calculated CVE-2017-5201
BID
CONFIRM
netapp — oncommand_unified_manager
 
NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or “UI redress attack” which could be used to cause a user to perform an unintended action in the user interface. 2017-11-09 not yet calculated CVE-2017-11461
BID
CONFIRM
netiq — imanager
 
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. 2017-11-06 not yet calculated CVE-2017-7425
CONFIRM
CONFIRM
CONFIRM
CONFIRM
owlmixin — owlmixin
 
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A “Load YAML” string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-16618
CONFIRM
CONFIRM
MISC
perl — perl
 
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used. 2017-11-07 not yet calculated CVE-2008-7319
MISC
MISC
MISC
MISC
php — php
 
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension’s timelib_meridian handling of ‘front of’ and ‘back of’ directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. 2017-11-07 not yet calculated CVE-2017-16642
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
pyanyapi — pyanyapi
 
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-16616
CONFIRM
CONFIRM
MISC
CONFIRM
red_hat — enterprise_linux
 
It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. 2017-11-08 not yet calculated CVE-2017-15087
BID
CONFIRM
red_hat — enterprise_linux
 
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. 2017-11-08 not yet calculated CVE-2017-15086
BID
CONFIRM
red_hat — enterprise_linux
 
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. 2017-11-08 not yet calculated CVE-2017-15085
BID
CONFIRM
red_hat — multiple_products
 
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. 2017-11-09 not yet calculated CVE-2015-7501
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
remobjects — remobjects
 
RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL. 2017-11-08 not yet calculated CVE-2017-16665
CONFIRM
roundcube — roundcube
 
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host’s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. 2017-11-09 not yet calculated CVE-2017-16651
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
rsync — rsync
 
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing ‘\0’ character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. 2017-11-06 not yet calculated CVE-2017-16548
CONFIRM
CONFIRM
sam2p — sam2p
 
In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because “width * height” multiplications occur unsafely. 2017-11-08 not yet calculated CVE-2017-16663
CONFIRM
samsung — srn-1670d
 
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: ‘network_ssl_upload.php’ allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI. 2017-11-06 not yet calculated CVE-2017-16524
MISC
sanic — sanic
 
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. 2017-11-10 not yet calculated CVE-2017-16762
CONFIRM
CONFIRM
savitech_corp — savitech_drivers
 
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka “Inaudible Subversion.” 2017-11-09 not yet calculated CVE-2017-9758
BID
MISC
CERT-VN
MISC
siemens — simatic_pcs_7
 
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. 2017-11-06 not yet calculated CVE-2017-14023
BID
SECTRACK
MISC
sos — sos
 
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. 2017-11-06 not yet calculated CVE-2015-7529
BID
UBUNTU
MISC
MISC
CONFIRM
CONFIRM
suse — suse_linux_enterprise_desktop
 
The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. 2017-11-09 not yet calculated CVE-2017-15638
SUSE
swftools — swftools
 
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender. 2017-11-09 not yet calculated CVE-2017-16711
MISC
symantec — endpoint_protection
 
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product’s UI to perform unauthorized file deletes on the resident file system. 2017-11-06 not yet calculated CVE-2017-13680
BID
CONFIRM
symantec — endpoint_protection
 
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients. 2017-11-06 not yet calculated CVE-2017-6331
BID
CONFIRM
symantec — endpoint_protection
 
Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack. 2017-11-06 not yet calculated CVE-2017-13681
BID
CONFIRM
synology — carddav_server
 
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. 2017-11-07 not yet calculated CVE-2017-15887
CONFIRM
tinywebgallery — tinywebgallery
 
In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create. 2017-11-06 not yet calculated CVE-2017-16635
MISC
tor — browser
 
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. 2017-11-04 not yet calculated CVE-2017-16541
BID
MISC
MISC
MISC
MISC
MISC
trihedral — vtscada
 
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. 2017-11-06 not yet calculated CVE-2017-14029
MISC
trihedral — vtscada
 
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine. 2017-11-06 not yet calculated CVE-2017-14031
MISC
vectura — perfect_privacy_vpn_manager
 
In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a “FrmAdvancedProtection” crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the “FrmAdvancedProtection” component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers. 2017-11-06 not yet calculated CVE-2017-16637
MISC
MISC
vonage/grandstream — ht802_device
 
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. 2017-11-06 not yet calculated CVE-2017-16563
MISC
vonage/grandstream — ht802_device
 
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. 2017-11-06 not yet calculated CVE-2017-16565
MISC
vonage/grandstream — ht802_device
 
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). 2017-11-06 not yet calculated CVE-2017-16564
MISC
wordpress — wordpress
 
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the “admin” username, allows remote attackers to bypass authentication and obtain administrative access via a “true” value for the up_auto_log parameter in the QUERY_STRING to the default URI. 2017-11-09 not yet calculated CVE-2017-16562
CONFIRM
EXPLOIT-DB
wordpress — wordpress
 
Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the “access_token” parameter. 2017-11-09 not yet calculated CVE-2017-16758
MISC
MISC
MISC
zurmo — zurmo
 
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. 2017-11-06 not yet calculated CVE-2017-16569
MISC
zurmo — zurmo
 
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. 2017-11-06 not yet calculated CVE-2017-15039
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

Original release date: November 09, 2017

Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT’s Tip on Using Caution with Email Attachments.


This product is provided subject to this Notification and this Privacy & Use policy.

Joomla! Releases Security Update

Original release date: November 07, 2017

Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

US-CERT encourages users and administrators to review the Joomla! Security Release and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome

Original release date: November 06, 2017

Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

SB17-310: Vulnerability Summary for the Week of October 30, 2017

Original release date: November 06, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
fortinet — fortios A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the ‘params’ parameter of the JSON web API. 2017-10-27 4.0 CVE-2017-14182
MISC
BID
SECTRACK
CONFIRM
fortinet — fortios A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI “Login Disclaimer” redir parameter. 2017-10-27 4.3 CVE-2017-7733
BID
SECTRACK
CONFIRM
gnu — binutils dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). 2017-10-27 5.0 CVE-2017-15938
BID
MISC
MISC
MISC
gnu — binutils dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. 2017-10-27 4.3 CVE-2017-15939
BID
MISC
MISC
MISC
graphicsmagick — graphicsmagick In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. 2017-10-27 6.8 CVE-2017-15930
CONFIRM
CONFIRM
BID
CONFIRM
radare — radare2 In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. 2017-10-27 6.8 CVE-2017-15931
BID
CONFIRM
CONFIRM
radare — radare2 In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. 2017-10-27 6.8 CVE-2017-15932
BID
CONFIRM
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adult_script_pro — adult_script_pro
 
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. 2017-10-29 not yet calculated CVE-2017-15959
MISC
EXPLOIT-DB
amazon_web_services — cloudformation_boostrap
 
The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory. 2017-10-30 not yet calculated CVE-2017-9450
BID
CONFIRM
apache — cordova
 
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI. 2017-10-30 not yet calculated CVE-2014-0073
MISC
FULLDISC
BUGTRAQ
BID
XF
CONFIRM
MLIST
apache — cordova
 
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option. 2017-10-30 not yet calculated CVE-2014-0072
MISC
FULLDISC
BUGTRAQ
XF
CONFIRM
MLIST
apache — hadoop
 
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack. 2017-10-30 not yet calculated CVE-2012-4449
MLIST
CONFIRM
apache — hive
 
Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for masked columns. 2017-11-01 not yet calculated CVE-2017-12625
MLIST
apache — httpclient
 
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification. 2017-10-30 not yet calculated CVE-2013-4366
CONFIRM
CONFIRM
apache — juddi
 
Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp. 2017-10-30 not yet calculated CVE-2009-1198
CONFIRM
MLIST
BID
apache — juddi
 
Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp. 2017-10-30 not yet calculated CVE-2009-1197
CONFIRM
MLIST
BID
apache — qpid
 
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203. 2017-10-30 not yet calculated CVE-2015-0224
FEDORA
MLIST
MISC
REDHAT
REDHAT
REDHAT
REDHAT
BUGTRAQ
BID
SECTRACK
REDHAT
CONFIRM
CONFIRM
apache — storm
 
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log. 2017-10-30 not yet calculated CVE-2014-0115
CONFIRM
MLIST
apache — struts
 
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. 2017-10-30 not yet calculated CVE-2016-3090
BID
CONFIRM
SECTRACK
apache — subversion
 
libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. 2017-10-30 not yet calculated CVE-2013-4246
BID
CONFIRM
apache — traffic_server
 
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function. 2017-10-30 not yet calculated CVE-2015-3249
MLIST
BID
MISC
apache — traffic_server
 
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. 2017-10-30 not yet calculated CVE-2014-3624
MLIST
BID
CONFIRM
apache — wicket
 
Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions. 2017-10-30 not yet calculated CVE-2014-3526
CONFIRM
apache — wicket
 
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response. 2017-10-30 not yet calculated CVE-2012-5636
BID
CONFIRM
apache — wss4j
 
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487. 2017-10-30 not yet calculated CVE-2015-0226
BID
CONFIRM
apache — xerces2_java
 
Apache Xerces2 Java allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. 2017-10-30 not yet calculated CVE-2012-0881
MLIST
CONFIRM
apache — xml-rpc
 
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element. 2017-10-27 not yet calculated CVE-2016-5003
MLIST
BID
BID
SECTRACK
MISC
XF
arox — school_erp_php_script
 
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. 2017-10-31 not yet calculated CVE-2017-15978
EXPLOIT-DB
article_directory_script — article_directory_script
 
Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. 2017-10-29 not yet calculated CVE-2017-15960
MISC
EXPLOIT-DB
barco — clickshare
 
Unspecified vulnerability in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10 has unknown impact and attack vectors. 2017-10-30 not yet calculated CVE-2017-12460
CONFIRM
CONFIRM
barco — clickshare
 
A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product’s web API can exploit this vulnerability to completely compromise the vulnerable device. 2017-10-30 not yet calculated CVE-2017-9377
BID
CONFIRM
CONFIRM
MISC
basic — b2b_script
 
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. 2017-10-31 not yet calculated CVE-2017-15985
EXPLOIT-DB
bchunk — bchunk
 
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an “Access violation near NULL on destination operand” and crash when processing a malformed CUE (.cue) file. 2017-10-28 not yet calculated CVE-2017-15955
MISC
bchunk — bchunk
 
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. 2017-10-28 not yet calculated CVE-2017-15954
MISC
bchunk — bchunk
 
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. 2017-10-28 not yet calculated CVE-2017-15953
MISC
bitdefender — internet_security_2018
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361. 2017-10-31 not yet calculated CVE-2017-10954
BID
MISC
cisco — access_network_query_protocol
 
A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779. 2017-11-02 not yet calculated CVE-2017-12282
BID
SECTRACK
CONFIRM
cisco — aironet
 
A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient frame validation of the 802.11 association request. An attacker could exploit this vulnerability by sending a malformed 802.11 association request to the targeted device. An exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve12189. 2017-11-02 not yet calculated CVE-2017-12273
BID
SECTRACK
CONFIRM
cisco — aironet
 
A vulnerability in Extensible Authentication Protocol (EAP) ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency (RF) adjacent attacker to cause the Access Point (AP) to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of the EAP frame. An attacker could exploit this vulnerability by sending a malformed EAP frame to the targeted device. A successful exploit could allow the attacker to cause the AP to reload, resulting in a DoS condition while the AP is reloading. It may be necessary to manually power cycle the device in order for it to recover. This vulnerability affects the following Cisco products running either the Lightweight AP Software or Mobility Express image: Aironet 1560 Series Access Points, Aironet 2800 Series Access Points, Aironet 3800 Series Access Points. Note: The Cisco Aironet 1560 Series Access Point device is supported as of release 8.3.112.0. Cisco Bug IDs: CSCve18935. 2017-11-02 not yet calculated CVE-2017-12274
BID
SECTRACK
CONFIRM
cisco — application_policy_infrastructure_controller_enterprise_module
 
A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638. 2017-11-02 not yet calculated CVE-2017-12262
BID
SECTRACK
CONFIRM
cisco — identity_services_engine
 
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916. 2017-11-02 not yet calculated CVE-2017-12261
BID
SECTRACK
CONFIRM
cisco — ios_software
 
A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks that are performed by the affected device when the device adds padding to egress packets. An attacker could exploit this vulnerability by sending a crafted IP packet to an affected device. A successful exploit could allow the attacker to retrieve content from memory on the affected device, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvc21581. 2017-11-02 not yet calculated CVE-2017-12279
BID
SECTRACK
CONFIRM
cisco — prime_collaboration_provisioning
 
A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.3. Cisco Bug IDs: CSCvf47935. 2017-11-02 not yet calculated CVE-2017-12276
BID
SECTRACK
CONFIRM
cisco — protected_extensible_authentication_protocol
 
A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314. 2017-11-02 not yet calculated CVE-2017-12281
BID
SECTRACK
CONFIRM
cisco — protected_management_frames
 
A vulnerability in the handling of 802.11w Protected Management Frames (PAF) by Cisco Aironet 3800 Series Access Points could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device, aka Denial of Service. The vulnerability exists because the affected device does not properly validate 802.11w PAF disassociation and deauthentication frames that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PAF frame from a valid, authenticated client on an adjacent network to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. This vulnerability affects Access Points that are configured to run in FlexConnect mode. Cisco Bug IDs: CSCvc20627. 2017-11-02 not yet calculated CVE-2017-12283
BID
SECTRACK
CONFIRM
cisco — simple_network_management_protocol
 
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674. 2017-11-02 not yet calculated CVE-2017-12278
BID
SECTRACK
CONFIRM
cisco — smart_licensing_manager
 
A vulnerability in the Smart Licensing Manager service of the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow an authenticated, remote attacker to inject arbitrary commands that could be executed with root privileges. The vulnerability is due to insufficient input validation of certain Smart Licensing configuration parameters. An authenticated attacker could exploit the vulnerability by configuring a malicious URL within the affected feature. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. This vulnerability affects the following Cisco Firepower Security products running FX-OS code trains 1.1.3, 1.1.4, and 2.0.1 (versions 2.1.1, 2.2.1, and 2.2.2 are not affected): Firepower 4100 Series Next-Generation Firewall and Firepower 9300 Security Appliance. Cisco Bug IDs: CSCvb86863. 2017-11-02 not yet calculated CVE-2017-12277
BID
CONFIRM
cisco — unified_computing_system
 
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078. 2017-11-02 not yet calculated CVE-2017-12243
BID
SECTRACK
CONFIRM
cisco — webex_meetings_server
 
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf85562. 2017-11-02 not yet calculated CVE-2017-12294
BID
SECTRACK
CONFIRM
cisco — webex_meetings_server
 
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header reply from the Cisco WebEx Meetings Server to the client, which could include internal network information that should be restricted. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to discover sensitive data about the application. Cisco Bug IDs: CSCve65818. 2017-11-02 not yet calculated CVE-2017-12295
BID
SECTRACK
CONFIRM
cisco — wireless_lan_controllers
 
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of fields in CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending crafted CAPWAP Discovery Request packets to an affected device. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb95842. 2017-11-02 not yet calculated CVE-2017-12280
BID
SECTRACK
CONFIRM
cisco — wireless_lan_controllers
 
A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803. 2017-11-02 not yet calculated CVE-2017-12275
BID
SECTRACK
CONFIRM
converto — video_downloader_and_converter
 
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php. 2017-10-29 not yet calculated CVE-2017-15956
MISC
creative_management_system — creative_management_system_lite
 
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php. 2017-10-31 not yet calculated CVE-2017-15984
EXPLOIT-DB
d-link — dsl-2740e_1.00_BG_20150720_devices
 
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs. 2017-10-31 not yet calculated CVE-2016-10699
BID
MISC
d-park_pro — domain_parking_script
 
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php. 2017-10-29 not yet calculated CVE-2017-15958
MISC
EXPLOIT-DB
docker-ce — docker-ce
 
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a “scsi remove-single-device” line to /proc/scsi/scsi, aka SCSI MICDROP. 2017-11-04 not yet calculated CVE-2017-16539
MISC
MISC
MISC
docker-ce — docker-ce
 
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing. 2017-11-01 not yet calculated CVE-2017-14992
MISC
CONFIRM
dulwich — dulwich
 
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117. 2017-10-29 not yet calculated CVE-2017-16228
MISC
MISC
MISC
dynamic — news_magazine_and_blog_cms
 
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. 2017-10-31 not yet calculated CVE-2017-15982
EXPLOIT-DB
ektron — content_management_system
 
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data. 2017-10-30 not yet calculated CVE-2012-5357
CONFIRM
MISC
MISC
MISC
ektron — content_management_system
 
The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data. 2017-10-30 not yet calculated CVE-2012-5358
CONFIRM
MISC
MISC
emc — appsync_server
 
EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. 2017-10-31 not yet calculated CVE-2017-14376
CONFIRM
BID
emc — rsa_authentication_manager
 
EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. 2017-10-31 not yet calculated CVE-2017-14373
CONFIRM
BID
SECTRACK
emc — unisphere
 
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. 2017-10-31 not yet calculated CVE-2017-14375
CONFIRM
SECTRACK
enalean — tuleap
 
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution). 2017-10-30 not yet calculated CVE-2017-7411
MISC
MISC
FULLDISC
MLIST
CONFIRM
eyesofnetwork — eyesofnetwork
 
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. 2017-10-29 not yet calculated CVE-2017-16000
MISC
eyesofnetwork — eyesofnetwork
 
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. 2017-10-27 not yet calculated CVE-2017-15933
BID
MISC
f5 — multiple_products
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections. 2017-10-27 not yet calculated CVE-2017-0303
BID
SECTRACK
CONFIRM
f5 — multiple_products
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 – 12.1.2, 11.6.0 – 11.6.1, 11.4.0 – 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion. 2017-10-27 not yet calculated CVE-2017-6161
BID
SECTRACK
SECTRACK
CONFIRM
f5 — multiple_products
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 – 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system. 2017-10-27 not yet calculated CVE-2017-6157
BID
SECTRACK
CONFIRM
f5 — multiple_products
 
In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable. 2017-10-27 not yet calculated CVE-2017-6160
BID
SECTRACK
CONFIRM
f5 — multiple_products
 
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic. 2017-10-27 not yet calculated CVE-2017-6159
BID
SECTRACK
CONFIRM
f5 — multiple_products
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device. 2017-10-27 not yet calculated CVE-2017-6162
BID
SECTRACK
CONFIRM
f5 — multiple_products
 
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed. 2017-10-27 not yet calculated CVE-2017-6163
BID
SECTRACK
CONFIRM
flets — easy_setup_tool
 
Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-11-02 not yet calculated CVE-2017-10825
MISC
MISC
flexense — syncbreeze
 
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the “Destination directory” field, either within an XML document or through use of passive mode. 2017-10-31 not yet calculated CVE-2017-15950
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4722. 2017-10-31 not yet calculated CVE-2017-10947
CONFIRM
MISC
foxit — reader
 
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ObjStm objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-4846. 2017-10-31 not yet calculated CVE-2017-10944
CONFIRM
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.alert function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4855. 2017-10-31 not yet calculated CVE-2017-10945
CONFIRM
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.execMenuItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4723. 2017-10-31 not yet calculated CVE-2017-10948
CONFIRM
MISC
foxit — reader
 
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4737. 2017-10-31 not yet calculated CVE-2017-10942
CONFIRM
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the gotoURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5030. 2017-10-31 not yet calculated CVE-2017-10953
BID
CONFIRM
MISC
foxit — reader
 
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4738. 2017-10-31 not yet calculated CVE-2017-10943
CONFIRM
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFParseDateEx function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4816. 2017-10-31 not yet calculated CVE-2017-10941
CONFIRM
MISC
foxit — reader
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4721. 2017-10-31 not yet calculated CVE-2017-10946
CONFIRM
MISC
gnu — wget The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk’s length, but doesn’t check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. 2017-10-27 not yet calculated CVE-2017-13089
CONFIRM
DEBIAN
BID
SECTRACK
MISC
MISC
gnu — wget
 
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk’s length, but doesn’t check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. 2017-10-27 not yet calculated CVE-2017-13090
CONFIRM
DEBIAN
BID
SECTRACK
MISC
gnu — binutils
 
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a “buffer overflow on fuzzed archive header,” related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions. 2017-10-29 not yet calculated CVE-2017-15996
BID
CONFIRM
CONFIRM
gnu — emacs
 
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file (“[ORIGINAL_FILENAME]~”) resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. 2017-10-31 not yet calculated CVE-2017-1000383
MLIST
google — android
 
In the “NQ Contacts Backup & Restore” application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network. 2017-10-29 not yet calculated CVE-2017-15998
MISC
google — android
 
In the “NQ Contacts Backup & Restore” application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required. 2017-10-29 not yet calculated CVE-2017-15999
MISC
google — android
 
In the “NQ Contacts Backup & Restore” application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file. 2017-10-29 not yet calculated CVE-2017-15997
MISC
google — chrome
 
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5117
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5119
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5116
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial “www.” substring). 2017-10-27 not yet calculated CVE-2017-5120
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5115
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5118
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5112
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. 2017-10-27 not yet calculated CVE-2017-5111
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. 2017-10-27 not yet calculated CVE-2017-5114
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5122
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. 2017-10-27 not yet calculated CVE-2017-5121
DEBIAN
BID
SECTRACK
MISC
MISC
MISC
GENTOO
google — chrome
 
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5113
DEBIAN
BID
SECTRACK
MISC
MISC
GENTOO
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. 2017-11-01 not yet calculated CVE-2017-16353
MISC
MISC
BID
MISC
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the “Display visual image directory” feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. 2017-11-01 not yet calculated CVE-2017-16352
MISC
MISC
BID
MISC
hashicorp — vagrant
 
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. 2017-10-31 not yet calculated CVE-2017-15884
MISC
hpe — performance_center
 
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting. 2017-11-03 not yet calculated CVE-2017-14359
BID
CONFIRM
hp — arcsight
 
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS) 2017-10-31 not yet calculated CVE-2017-14357
CONFIRM
AUSCERT
hp — arcsight
 
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. 2017-10-31 not yet calculated CVE-2017-14358
CONFIRM
AUSCERT
hp — arcsight
 
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection. 2017-10-31 not yet calculated CVE-2017-14356
BID
CONFIRM
AUSCERT
ibm — infosphere_biginsights
 
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131398. 2017-11-01 not yet calculated CVE-2017-1554
CONFIRM
BID
MISC
ibm — infosphere_biginsights
 
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131397. 2017-11-01 not yet calculated CVE-2017-1553
CONFIRM
BID
MISC
ibm — infosphere_biginsights
 
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 131396. 2017-11-01 not yet calculated CVE-2017-1552
CONFIRM
BID
MISC
ibm — jazz_reporting_services
 
IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated user to obtain information on another server that the current report builder interacts with. IBM X-Force ID: 126455. 2017-11-01 not yet calculated CVE-2017-1340
CONFIRM
MISC
ibm — openpages_grc_platform
 
IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201. 2017-11-01 not yet calculated CVE-2017-1148
CONFIRM
MISC
ibm — openpages_grc_platform
 
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114711. 2017-11-01 not yet calculated CVE-2016-3048
CONFIRM
BID
MISC
ibm — openpages_grc_platform
 
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162. 2017-11-01 not yet calculated CVE-2017-1300
CONFIRM
MISC
ibm — openpages_grc_platform
 
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 122200. 2017-11-01 not yet calculated CVE-2017-1147
CONFIRM
MISC
ibm — openpages_grc_platform
 
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force ID: 126241. 2017-11-01 not yet calculated CVE-2017-1333
CONFIRM
BID
MISC
ibm — openpages_grc_platform
 
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125151. 2017-11-01 not yet calculated CVE-2017-1290
CONFIRM
MISC
imap — imap
 
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl’s deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. 2017-10-31 not yet calculated CVE-2017-1000257
BID
SECTRACK
CONFIRM
ingenious — school_management_system
 
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. 2017-10-29 not yet calculated CVE-2017-15957
MISC
EXPLOIT-DB
iproject — management_system
 
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php. 2017-10-29 not yet calculated CVE-2017-15961
MISC
EXPLOIT-DB
ipswitch — ws_ftp_professional
 
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. 2017-11-03 not yet calculated CVE-2017-16513
MISC
MISC
istock — management_system
 
iStock Management System 1.0 allows Arbitrary File Upload via user/profile. 2017-10-29 not yet calculated CVE-2017-15962
MISC
EXPLOIT-DB
itech — gigs_script
 
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. 2017-10-29 not yet calculated CVE-2017-15963
MISC
EXPLOIT-DB
jenkins — jenkins
 
Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite status, allowing any user to set any other user’s favorites 2017-11-01 not yet calculated CVE-2017-1000243
CONFIRM
jenkins — jenkins
 
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification 2017-11-01 not yet calculated CVE-2017-1000244
CONFIRM
jenkins — jenkins
 
Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulting in information disclosure 2017-11-01 not yet calculated CVE-2017-1000242
CONFIRM
job_board — script_software
 
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. 2017-10-29 not yet calculated CVE-2017-15964
MISC
EXPLOIT-DB
joomla! — joomla!
 
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. 2017-10-29 not yet calculated CVE-2017-15965
BID
MISC
EXPLOIT-DB
joomla! — joomla!
 
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php. 2017-10-29 not yet calculated CVE-2017-15966
MISC
EXPLOIT-DB
joyent — smart_data_center
 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853. 2017-10-31 not yet calculated CVE-2017-10940
BID
MISC
MISC
korenix — jetnet
 
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access. 2017-10-31 not yet calculated CVE-2017-14027
BID
MISC
korenix — jetnet
 
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks. 2017-10-31 not yet calculated CVE-2017-14021
BID
MISC
libvirt — libvirt
 
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of “verify-peer=no” passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. 2017-10-31 not yet calculated CVE-2017-1000256
CONFIRM
MISC
MLIST
linux — linux_kernel
 
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the “negative” state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. 2017-10-27 not yet calculated CVE-2017-15951
CONFIRM
CONFIRM
BID
CONFIRM
linux — linux_kernel
 
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: “5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)” which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable. 2017-10-30 not yet calculated CVE-2017-1000255
BID
MISC
linux — linux_kernel
 
The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction. 2017-10-29 not yet calculated CVE-2006-5331
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-03 not yet calculated CVE-2017-16532
MISC
MISC
linux — linux_kernel
 
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-03 not yet calculated CVE-2017-16537
MISC
MISC
linux — linux_kernel
 
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner). 2017-11-03 not yet calculated CVE-2017-16538
MISC
MISC
MISC
linux — linux_kernel
 
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-03 not yet calculated CVE-2017-16529
MISC
MISC
linux — linux_kernel
 
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-03 not yet calculated CVE-2017-16527
MISC
MISC
linux — linux_kernel
 
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-03 not yet calculated CVE-2017-16535
MISC
MISC
linux — linux_kernel
 
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. 2017-11-03 not yet calculated CVE-2017-16531
MISC
MISC
linux — linux_kernel
 
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-03 not yet calculated CVE-2017-16533
MISC
MISC
linux — linux_kernel
 
drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-03 not yet calculated CVE-2017-16526
MISC
MISC
linux — linux_kernel
 
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-03 not yet calculated CVE-2017-16536
MISC
MISC
linux — linux_kernel
 
The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c. 2017-11-03 not yet calculated CVE-2017-16530
MISC
MISC
linux — linux_kernel
 
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-03 not yet calculated CVE-2017-16534
MISC
MISC
linux — linux_kernel
 
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. 2017-11-03 not yet calculated CVE-2017-16525
MISC
MISC
MISC
linux — linux_kernel
 
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-03 not yet calculated CVE-2017-16528
MISC
MISC
mahara — mahara_mobile
 
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. 2017-11-03 not yet calculated CVE-2017-1000171
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. 2017-11-03 not yet calculated CVE-2017-1000151
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions. 2017-11-03 not yet calculated CVE-2017-1000131
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara. 2017-10-31 not yet calculated CVE-2017-14752
CONFIRM
mahara — mahara
 
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. 2017-11-03 not yet calculated CVE-2017-1000134
MISC
mahara — mahara
 
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change. 2017-11-03 not yet calculated CVE-2017-1000136
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user – in some circumstances causing another user’s artefacts to be included in a Leap2a export of their own pages. 2017-11-03 not yet calculated CVE-2017-1000133
MISC
mahara — mahara
 
An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the ‘mahara’ cookie to the old value, they can get access to the user’s account. 2017-10-31 not yet calculated CVE-2017-14163
CONFIRM
mahara — mahara
 
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title. 2017-11-03 not yet calculated CVE-2017-1000138
MISC
mahara — mahara
 
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation. 2017-11-03 not yet calculated CVE-2017-1000142
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user’s uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the “default” or used in any pages. 2017-11-03 not yet calculated CVE-2017-1000155
MISC
mahara — mahara
 
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended. 2017-11-03 not yet calculated CVE-2017-1000135
MISC
mahara — mahara
 
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop). 2017-11-03 not yet calculated CVE-2017-1000137
MISC
mahara — mahara
 
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file. 2017-11-03 not yet calculated CVE-2017-1000132
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara’s built-in login form, still allowing users to log in even if their institution was expired or suspended. 2017-11-03 not yet calculated CVE-2017-1000154
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts. 2017-10-31 not yet calculated CVE-2017-15273
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mahara — mahara
 
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages. 2017-11-03 not yet calculated CVE-2017-1000146
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group’s configuration page being editable by any group member even when they didn’t have the admin role. 2017-11-03 not yet calculated CVE-2017-1000156
MISC
mahara — mahara
 
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments. 2017-11-03 not yet calculated CVE-2017-1000145
MISC
mahara — mahara
 
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore. 2017-11-03 not yet calculated CVE-2017-1000143
MISC
mahara — mahara
 
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages. 2017-11-03 not yet calculated CVE-2017-1000144
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on. 2017-11-03 not yet calculated CVE-2017-1000157
MISC
mahara — mahara
 
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. 2017-11-03 not yet calculated CVE-2017-1000139
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user’s account settings. 2017-11-03 not yet calculated CVE-2017-1000152
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP “unserialize()” function when importing a skin from an XML file. 2017-11-03 not yet calculated CVE-2017-1000148
MISC
mahara — mahara
 
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target=”_blank” and window.open()) 2017-11-03 not yet calculated CVE-2017-1000149
MISC
mahara — mahara
 
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file. 2017-11-03 not yet calculated CVE-2017-1000140
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user’s account. 2017-11-03 not yet calculated CVE-2017-1000153
MISC
mahara — mahara
 
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks. 2017-11-03 not yet calculated CVE-2017-1000150
MISC
mahara — mahara
 
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara’s filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account. 2017-11-03 not yet calculated CVE-2017-1000147
MISC
mailing_list — manager_pro
 
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. 2017-10-29 not yet calculated CVE-2017-15967
MISC
EXPLOIT-DB
mcafee — network_data_loss_prevention
 
Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type. 2017-10-31 not yet calculated CVE-2017-3935
CONFIRM
mcafee — network_data_loss_prevention
 
Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack. 2017-10-31 not yet calculated CVE-2017-3933
BID
CONFIRM
mcafee — network_data_loss_prevention
 
Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver. 2017-10-31 not yet calculated CVE-2017-3934
CONFIRM
microsoft — chakracore
 
ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. 2017-11-02 not yet calculated CVE-2017-11767
BID
SECTRACK
CONFIRM
mitrastar — mitrastar
 
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute. 2017-11-03 not yet calculated CVE-2017-16522
MISC
EXPLOIT-DB
mitrastar — mitrastar
 
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. 2017-11-03 not yet calculated CVE-2017-16523
MISC
EXPLOIT-DB
mongodb — mongodb
 
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. 2017-10-31 not yet calculated CVE-2017-15535
CONFIRM
mybuilder — clone
 
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. 2017-10-29 not yet calculated CVE-2017-15968
MISC
EXPLOIT-DB
mymagazine — magazine_and_blog_cms
 
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. 2017-10-31 not yet calculated CVE-2017-15983
EXPLOIT-DB
nice  —  php 
 
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. 2017-10-31 not yet calculated CVE-2017-15988
EXPLOIT-DB
node.js — node.js
 
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. 2017-10-30 not yet calculated CVE-2017-14919
CONFIRM
CONFIRM
CONFIRM
CONFIRM
octobercms — octobercms
 
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim’s account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable. 2017-10-31 not yet calculated CVE-2017-16244
CONFIRM
EXPLOIT-DB
online_exam_test_application — online_exam_test_application
 
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action. 2017-10-31 not yet calculated CVE-2017-15989
EXPLOIT-DB
openam — openam
 
OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. 2017-11-02 not yet calculated CVE-2017-10873
JVN
MISC
MISC
openemr — openemr
 
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter. 2017-11-04 not yet calculated CVE-2017-16540
MISC
MISC
openssl — openssl
 
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. 2017-11-02 not yet calculated CVE-2017-3736
SECTRACK
CONFIRM
oracle — fusion_middleware
 
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). 2017-10-30 not yet calculated CVE-2017-10151
CONFIRM
BID
SECTRACK
perl — perl
 
The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a ‘.’ character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a ‘.’ character. 2017-10-31 not yet calculated CVE-2017-16248
CONFIRM
CONFIRM
CONFIRM
pg — all_share_video
 
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. 2017-10-29 not yet calculated CVE-2017-15969
MISC
EXPLOIT-DB
php — cityportal
 
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter. 2017-10-29 not yet calculated CVE-2017-15970
MISC
EXPLOIT-DB
php — inventory_and_invoice_management_system
 
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/. 2017-10-31 not yet calculated CVE-2017-15990
EXPLOIT-DB
pluxml — pluxml
 
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. 2017-11-01 not yet calculated CVE-2017-1001001
CONFIRM
progress — openedge
 
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. 2017-10-31 not yet calculated CVE-2015-9245
MISC
protected_links — expiring_download_links
 
Protected Links – Expiring Download Links 1.0 allows SQL Injection via the username parameter. 2017-10-31 not yet calculated CVE-2017-15977
EXPLOIT-DB
qemu — qemu
 
The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by leveraging failure to define the .write method. 2017-10-30 not yet calculated CVE-2015-7549
CONFIRM
FEDORA
DEBIAN
MLIST
BID
CONFIRM
GENTOO
quagga — quagga
 
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message. 2017-10-29 not yet calculated CVE-2017-16227
MISC
DEBIAN
MISC
MISC
MISC
radare — radare
 
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. 2017-11-01 not yet calculated CVE-2017-16358
CONFIRM
CONFIRM
radare — radare
 
In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. 2017-11-01 not yet calculated CVE-2017-16359
CONFIRM
CONFIRM
CONFIRM
CONFIRM
radare — radare
 
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. 2017-11-01 not yet calculated CVE-2017-16357
CONFIRM
CONFIRM
rakuraku — hagaki
 
Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 2018, Rakuraku Hagaki 2017, Rakuraku Hagaki 2016) and Rakuraku Hagaki Select for Ichitaro (Ichitaro 2017, Ichitaro 2016, Ichitaro 2015, Ichitaro Pro3, Ichitaro Pro2, Ichitaro Pro, Ichitaro 2011, Ichitaro Government 8, Ichitaro Government 7, Ichitaro Government 6 and Ichitaro 2017 Trial version) allows attackers to execute arbitrary code with privileges of the application via specially crafted file. 2017-11-02 not yet calculated CVE-2017-10870
MISC
MISC
responsive — newspaper_magazine_and_blog_cms
 
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. 2017-10-31 not yet calculated CVE-2017-15981
EXPLOIT-DB
rsync — rsync
 
rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. 2017-10-29 not yet calculated CVE-2017-15994
MISC
MISC
MISC
ruby — ruby
 
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. 2017-11-03 not yet calculated CVE-2017-16516
MISC
MISC
same_sex_dating_software_pro — same_sex_dating_software_pro
 
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972. 2017-10-29 not yet calculated CVE-2017-15971
MISC
EXPLOIT-DB
schedmd — slurm
 
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution. 2017-11-01 not yet calculated CVE-2017-15566
CONFIRM
scriptcopy — cpa_lead_reward_script
 
CPA Lead Reward Script allows SQL Injection via the username parameter. 2017-10-31 not yet calculated CVE-2017-15986
EXPLOIT-DB
serasoft.com — sera
 
Sera 1.2 stores the user’s login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks. 2017-11-01 not yet calculated CVE-2017-15918
MISC
shadowsocks-libev — shadowsocks-libev
 
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. 2017-10-27 not yet calculated CVE-2017-15924
MISC
DEBIAN
MISC
MISC
MISC
sharett — shareet
 
Shareet – Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. 2017-10-31 not yet calculated CVE-2017-15979
EXPLOIT-DB
softech_products — softdatepro
 
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971. 2017-10-29 not yet calculated CVE-2017-15972
MISC
EXPLOIT-DB
sokial — sokial
 
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php. 2017-10-29 not yet calculated CVE-2017-15973
MISC
EXPLOIT-DB
ssh — ssh_plugin
 
The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file. 2017-11-01 not yet calculated CVE-2017-1000245
CONFIRM
synology — audio_station
 
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. 2017-10-30 not yet calculated CVE-2017-15888
CONFIRM
tenable — securitycenter
 
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access. 2017-11-02 not yet calculated CVE-2017-11508
CONFIRM
tor — browser
 
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. 2017-11-04 not yet calculated CVE-2017-16541
MISC
MISC
MISC
MISC
MISC
tp-link — tl-wr741n/tl-wr741nd_router
 
In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Firmware Version 3.11.7 Build 100603 Rel.56412n and Hardware Version: WR741N v1/v2 00000000, parameter SSID in the “Wireless Settings” is not properly validated. It’s possible to inject malicious code: </script><H1>BUG/* </script><a href=XXX.com>. The second payload blocks the change of wireless settings. A factory reset is required. 2017-10-31 not yet calculated CVE-2017-14250
MISC
tpanel — tpanel
 
tPanel 2009 allows SQL injection for Authentication Bypass via ‘or 1=1 or ”=’ to login.php. 2017-10-29 not yet calculated CVE-2017-15974
MISC
EXPLOIT-DB
typecho — typecho
 
In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit. 2017-10-30 not yet calculated CVE-2017-16230
MISC
us_zip_codes — database_script
 
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. 2017-10-31 not yet calculated CVE-2017-15980
EXPLOIT-DB
vastal — i-tech_agent_zone
 
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. 2017-10-31 not yet calculated CVE-2017-15991
EXPLOIT-DB
vastal — i-tech_dating_zone
 
Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the ‘product_id’ to add_to_cart.php, a different vulnerability than CVE-2008-4461. 2017-10-29 not yet calculated CVE-2017-15975
MISC
EXPLOIT-DB
vim — vim
 
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (“[ORIGINAL_FILENAME].swp”) resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. 2017-10-31 not yet calculated CVE-2017-1000382
MLIST
vir.it — explorer_anti-virus
 
In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C. 2017-11-03 not yet calculated CVE-2017-16237
EXPLOIT-DB
watchdog — anti-malware
 
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated. 2017-10-30 not yet calculated CVE-2017-15920
MISC
EXPLOIT-DB
watchdog — anti-malware
 
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated. 2017-10-30 not yet calculated CVE-2017-15921
MISC
EXPLOIT-DB
webkit — webkit
 
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products. 2017-11-01 not yet calculated CVE-2017-1000121
CONFIRM
webkit — webkit
 
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products. 2017-11-01 not yet calculated CVE-2017-1000122
CONFIRM
website_broker_script — website_broker_script
 
Website Broker Script allows SQL Injection via the ‘status_id’ Parameter to status_list.php. 2017-10-31 not yet calculated CVE-2017-15992
EXPLOIT-DB
websitescripts.org — fake_magazine_cover_script
 
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. 2017-10-31 not yet calculated CVE-2017-15987
EXPLOIT-DBnice
wordpress — wordpress
 
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a “double prepare” approach, a different vulnerability than CVE-2017-14723. 2017-11-02 not yet calculated CVE-2017-16510
MISC
MISC
MISC
MISC
xen — xen
 
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out. 2017-10-30 not yet calculated CVE-2017-15597
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
zeebuddy — zeebuddy
 
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. 2017-10-29 not yet calculated CVE-2017-15976
MISC
EXPLOIT-DB
zomato — clone_script
 
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. 2017-10-31 not yet calculated CVE-2017-15993
EXPLOIT-DB

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Update for IOS XE Software

Original release date: November 03, 2017

Cisco has released a security update to address a vulnerability in its IOS XE software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates

Original release date: November 01, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability cisco-sa-20171101-wlc2
  • Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability cisco-sa-20171101-wlc1
  • Identity Services Engine Privilege Escalation Vulnerability cisco-sa-20171101-ise
  • Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability cisco-sa-20171101-fpwr
  • Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability cisco-sa-20171101-cpcp
  • Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability cisco-sa-20171101-apicem
  • Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability cisco-sa-20171101-aironet2
  • Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability cisco-sa-20171101-aironet1

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Multiple Security Updates

Original release date: October 31, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.