CERT

Subscribe to CERT feed
Updated: 28 min 5 sec ago

FTC Releases Alert on Identity Theft

Thu, 05/25/2017 - 17:20
Original release date: May 25, 2017

The Federal Trade Commission (FTC) has released an alert about how quickly criminals begin using your personal information once it is posted to a hacker site by an identity thief. FTC researchers found that it can take as few as 9 minutes for crooks to access stolen personal information posted to hacker sites. To prevent identity theft, a user should follow password security best practices, such as multi-factor authentication, which requires a user to simultaneously present multiple pieces of information to verify their identity.

US-CERT encourages users to refer to the FTC alert and the US-CERT Tips on Preventing and Responding to Identity Theft, Choosing and Protecting Passwords, and Supplementing Passwords for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Samba Releases Security Updates

Wed, 05/24/2017 - 20:30
Original release date: May 24, 2017

The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Samba's Security Announcement and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-142: Vulnerability Summary for the Week of May 15, 2017

Mon, 05/22/2017 - 12:06
Original release date: May 22, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infogoogle -- androidAn elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901.2017-05-129.3CVE-2016-10274
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-34514954. References: QC-CR#1009111.2017-05-129.3CVE-2016-10275
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105.2017-05-129.3CVE-2016-10276
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445.2017-05-127.6CVE-2016-10280
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475.2017-05-127.6CVE-2016-10281
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189.2017-05-127.6CVE-2016-10282
CONFIRMgoogle -- androidA remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737.2017-05-129.3CVE-2017-0587
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607.2017-05-129.3CVE-2017-0588
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036.2017-05-129.3CVE-2017-0589
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946.2017-05-129.3CVE-2017-0590
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672.2017-05-129.3CVE-2017-0591
BID
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788.2017-05-129.3CVE-2017-0592
BID
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230.2017-05-129.3CVE-2017-0593
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444.2017-05-129.3CVE-2017-0594
BID
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519.2017-05-129.3CVE-2017-0595
BID
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392.2017-05-129.3CVE-2017-0596
BID
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571.2017-05-129.3CVE-2017-0597
BID
CONFIRMgoogle -- androidA remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748.2017-05-127.1CVE-2017-0599
BID
CONFIRM
CONFIRMgoogle -- androidA remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635.2017-05-127.1CVE-2017-0600
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.2017-05-129.3CVE-2017-0604
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278.2017-05-127.6CVE-2017-0615
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160.2017-05-127.6CVE-2017-0616
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173.2017-05-127.6CVE-2017-0617
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536.2017-05-127.6CVE-2017-0618
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566.2017-05-127.6CVE-2017-0619
BID
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711.2017-05-127.6CVE-2017-0620
BID
CONFIRMgoogle -- androidA remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107.2017-05-127.1CVE-2017-0635
CONFIRM
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.2017-05-129.3CVE-2016-10277
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052.2017-05-127.6CVE-2016-10283
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664.2017-05-127.6CVE-2016-10284
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33752702. References: QC-CR#1104899.2017-05-127.6CVE-2016-10285
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237.2017-05-127.6CVE-2016-10286
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33784446. References: QC-CR#1112751.2017-05-127.6CVE-2016-10287
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763.2017-05-127.6CVE-2016-10288
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295.2017-05-127.6CVE-2016-10289
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33898330. References: QC-CR#1109782.2017-05-127.6CVE-2016-10290
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837.2017-05-127.6CVE-2016-10291
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC-CR#1110747.2017-05-127.6CVE-2017-0465
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399704. References: QC-CR#1048480.2017-05-129.3CVE-2017-0605
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34088848. References: QC-CR#1116015.2017-05-127.6CVE-2017-0606
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928.2017-05-127.6CVE-2017-0607
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR#1098363.2017-05-127.6CVE-2017-0608
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399801. References: QC-CR#1090482.2017-05-127.6CVE-2017-0609
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852.2017-05-127.6CVE-2017-0610
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393841. References: QC-CR#1084210.2017-05-127.6CVE-2017-0611
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845.2017-05-127.6CVE-2017-0612
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140.2017-05-127.6CVE-2017-0613
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399405. References: QC-CR#1080290.2017-05-127.6CVE-2017-0614
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35399703. References: QC-CR#831322.2017-05-127.6CVE-2017-0621
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602.2017-05-127.6CVE-2017-0622
BID
CONFIRMlinux -- linux_kernelAn elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358.2017-05-127.6CVE-2017-0623
BID
CONFIRMtnef_project -- tnefAn integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.2017-05-127.5CVE-2017-8911
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadodb_project -- adodbCross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-124.3CVE-2016-4855
JVN
BID
CONFIRMartifex -- ghostscriptThe mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.2017-05-124.3CVE-2017-8908
MISCbasercms -- basercmsCross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.2017-05-126.8CVE-2016-4876
MISC
BID
JVNbasercms -- basercmsCross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-126.8CVE-2016-4878
CONFIRM
BID
JVNbasercms -- basercmsCross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-126.8CVE-2016-4879
CONFIRM
BID
JVNbasercms -- basercmsCross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-126.8CVE-2016-4881
CONFIRM
BID
JVNbasercms -- basercmsCross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-126.8CVE-2016-4882
CONFIRM
BID
JVNbasercms -- basercmsCross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-126.8CVE-2016-4884
CONFIRM
BID
JVNbasercms -- basercmsCross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-126.8CVE-2016-4885
CONFIRM
BID
JVNbasercms -- basercmsCross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-126.8CVE-2016-4886
CONFIRM
BID
JVNbasercms -- basercmsCross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-126.8CVE-2016-4887
CONFIRM
BID
JVNcmsmadesimple -- cms_made_simple** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug."2017-05-126.5CVE-2017-8912
MISCgoogle -- androidAn information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.2017-05-124.3CVE-2017-0493
BID
CONFIRMgoogle -- androidAn information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677.2017-05-124.3CVE-2017-0598
BID
CONFIRMgoogle -- androidAn Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579.2017-05-124.3CVE-2017-0601
BID
CONFIRMgoogle -- androidAn information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955.2017-05-124.3CVE-2017-0602
BID
CONFIRMgoogle -- androidA denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994.2017-05-125.4CVE-2017-0603
BID
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531.2017-05-124.3CVE-2017-0625
CONFIRMlinux -- linux_kernelA denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466.2017-05-124.3CVE-2016-10292
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832.2017-05-124.3CVE-2017-0624
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050.2017-05-124.3CVE-2017-0626
BID
CONFIRMsoftbank -- primedrive_desktop_applicationUntrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-05-126.8CVE-2017-2167
MISC
JVNsplunk -- splunkOpen redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2017-05-125.8CVE-2016-4857
JVN
CONFIRMsplunk -- splunkOpen redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2017-05-125.8CVE-2016-4859
BID
JVN
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infobasercms -- basercmsCross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-123.5CVE-2016-4877
CONFIRM
BID
JVNbasercms -- basercmsCross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-123.5CVE-2016-4880
CONFIRM
BID
JVNbasercms -- basercmsCross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-123.5CVE-2016-4883
CONFIRM
BID
JVNconexant -- mictray64Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.2017-05-122.1CVE-2017-8360
MISC
MISClinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943.2017-05-122.6CVE-2016-10293
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481.2017-05-122.6CVE-2016-10294
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326.2017-05-122.6CVE-2016-10295
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782.2017-05-122.6CVE-2016-10296
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353.2017-05-122.6CVE-2017-0627
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833.2017-05-122.6CVE-2017-0628
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833.2017-05-122.6CVE-2017-0629
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.2017-05-122.6CVE-2017-0630
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232.2017-05-122.6CVE-2017-0631
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915.2017-05-122.6CVE-2017-0632
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131.2017-05-122.6CVE-2017-0633
BID
CONFIRMlinux -- linux_kernelAn information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682.2017-05-122.6CVE-2017-0634
BID
CONFIRMlinux -- linux_kernelThe edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.2017-05-122.1CVE-2017-8924
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernelThe omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.2017-05-122.1CVE-2017-8925
CONFIRM
CONFIRM
CONFIRMsplunk -- splunkCross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.2017-05-123.5CVE-2016-4856
BID
JVN
CONFIRMsplunk -- splunkCross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-123.5CVE-2016-4858
JVN
CONFIRMtenable -- nessusCross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-123.5CVE-2017-2122
JVN
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info3s smart_software_solutions -- web_server
 An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution.2017-05-18not yet calculatedCVE-2017-6027
BID
MISC3s_smart_software_solutions -- web_server
 A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A malicious user could overflow the stack buffer by providing overly long strings to functions that handle the XML. Because the function does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code.2017-05-18not yet calculatedCVE-2017-6025
BID
MISCadmidio -- csrf
 admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.2017-05-16not yet calculatedCVE-2017-8382
EXPLOIT-DBallen_disk -- reg.php/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].2017-05-19not yet calculatedCVE-2017-9091
CONFIRMallen_disk -- reg.php
 reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].2017-05-19not yet calculatedCVE-2017-9090
CONFIRMambari -- server_host
 In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.2017-05-15not yet calculatedCVE-2017-5655
CONFIRM
CONFIRMapache-- cxf_fediz_shipApache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.2017-05-16not yet calculatedCVE-2017-7662
CONFIRMapache-- cxf_fediz_ship
 Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.2017-05-16not yet calculatedCVE-2017-7661
CONFIRMapache -- juddiAfter logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect.2017-05-19not yet calculatedCVE-2015-5241
MISCapache -- qpid_broker
 The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256.2017-05-15not yet calculatedCVE-2016-8741
MLIST
BID
CONFIRMauthconfig -- sssd
 Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.2017-05-16not yet calculatedCVE-2017-7488
CONFIRM
CONFIRMcairo -- ft_load__render_glyph_
 Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.2017-05-19not yet calculatedCVE-2017-7475
MLIST
MISC
MISCcalendarxp -- flatcalendarxp
 Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm.2017-05-18not yet calculatedCVE-2017-9072
MISCcisco -- aironetA vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point (AP) or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is due to insufficient validation of PnP server responses. The PnP feature is only active while the device does not contain a configuration, such as a first time boot or after a factory reset has been issued. An attacker with the ability to respond to PnP configuration requests from the affected device can exploit the vulnerability by returning malicious PnP responses. If a Cisco Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) is available on the network, the attacker would need to exploit the issue in the short window before a valid PnP response was received. If successful, the attacker could gain the ability to execute arbitrary code with root privileges on the underlying operating system of the device. Cisco has confirmed that the only vulnerable software version is 8.3.102.0. Cisco Bug IDs: CSCvb42386.2017-05-16not yet calculatedCVE-2017-3873
BID
CONFIRMcisco -- ios_xrA vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could allow the attacker to crash the device in such a manner that manual intervention is required to recover. This vulnerability affects all Cisco IOS XR platforms that are running release 6.1.1 of Cisco IOS XR Software when the gRPC service is enabled on the device. The gRPC service is not enabled by default. Cisco Bug IDs: CSCvb14441.2017-05-16not yet calculatedCVE-2017-3876
BID
CONFIRMcisco -- policy_suiteA vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users. The Cisco Policy Suite application is vulnerable when running software versions 10.0.0, 10.1.0, or 11.0.0. Cisco Bug IDs: CSCvc07366.2017-05-18not yet calculatedCVE-2017-6623
CONFIRMcisco -- routerA vulnerability in the Universal Plug-and-Play (UPnP) implementation in the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition. The remote code execution could occur with root privileges. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a malicious request to the UPnP listening port of the targeted device. An exploit could allow the attacker to cause the device to reload or potentially execute arbitrary code with root privileges. This vulnerability affects all firmware releases of the Cisco CVR100W Wireless-N VPN Router prior to Firmware Release 1.0.1.22. Cisco Bug IDs: CSCuz72642.2017-05-16not yet calculatedCVE-2017-3882
BID
CONFIRMcisco -- sourcefire_snortCisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread related to use of a decoder array. The size was off by one making it possible to read past the end of the array with an ether type of 0xFFFF. Increasing the array size solves this problem.2017-05-16not yet calculatedCVE-2017-6658
CONFIRMcisco -- sourcefire_snortCisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473.2017-05-16not yet calculatedCVE-2017-6657
CONFIRMcisco -- telepresence
 A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396.2017-05-16not yet calculatedCVE-2017-3825
BID
CONFIRMcisco -- telepresence
 A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. This vulnerability affects Cisco TelePresence IX5000 Series devices running software version 8.2.0. Cisco Bug IDs: CSCvc52325.2017-05-18not yet calculatedCVE-2017-6652
CONFIRMcisco -- web_interfaceA vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724.2017-05-18not yet calculatedCVE-2017-6622
CONFIRMcisco -- web_interface
 A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to insufficient protection of sensitive data when responding to an HTTP request on the web interface. An attacker could exploit the vulnerability by sending a crafted HTTP request to the application to access specific system files. An exploit could allow the attacker to obtain sensitive information about the application which could include user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases 10.6 through 11.5. Cisco Bug IDs: CSCvc99626.2017-05-18not yet calculatedCVE-2017-6621
CONFIRMcisco -- webex
 A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.2017-05-16not yet calculatedCVE-2017-6651
BID
CONFIRMdeluge -- webui
 The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file.2017-05-17not yet calculatedCVE-2017-9031
CONFIRM
CONFIRM
CONFIRMdropbear -- serverDropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.2017-05-19not yet calculatedCVE-2017-9079
CONFIRMdropbear -- server
 The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.2017-05-19not yet calculatedCVE-2017-9078
CONFIRMedgewater -- networks_edgemarc
 The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, it executes. An example is the wget command. The page that allows this has been confirmed in firmware as old as 2006.2017-05-16not yet calculatedCVE-2017-6079
MISCeir -- d1000 
 The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.2017-05-16not yet calculatedCVE-2016-10372
MISC
MISCemc -- isilon_onefsEMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.2017-05-19not yet calculatedCVE-2017-4979
CONFIRMemc -- rsa_adaptive_authentication
 EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-05-19not yet calculatedCVE-2017-4978
CONFIRMflexnet -- manager_suite
 An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges.2017-05-16not yet calculatedCVE-2017-6885
MISCgeutebruck -- ip_cameraAn Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control that may allow remote code execution.2017-05-18not yet calculatedCVE-2017-5174
BID
MISCgeutebruck -- ip_camera
 An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution.2017-05-18not yet calculatedCVE-2017-5173
BID
MISCgnu -- binutilsGNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to MIPS GOT mishandling in the process_mips_specific function in readelf.c.2017-05-17not yet calculatedCVE-2017-9041
MISC
MISC
MISCgnu -- binutilsGNU Binutils 2017-04-03 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash), related to the process_mips_specific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt.2017-05-17not yet calculatedCVE-2017-9040
MISC
MISCgnu -- binutilsreadelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.2017-05-17not yet calculatedCVE-2017-9042
MISC
MISCgnu -- binutilsreadelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.2017-05-17not yet calculatedCVE-2017-9043
MISC
MISCgnu -- binutilsThe print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file.2017-05-17not yet calculatedCVE-2017-9044
MISCgnu -- binutilsGNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.2017-05-17not yet calculatedCVE-2017-9039
MISC
MISCgnu -- binutils
 GNU Binutils 2.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to the byte_get_little_endian function in elfcomm.c, the get_unwind_section_word function in readelf.c, and ARM unwind information that contains invalid word offsets.2017-05-17not yet calculatedCVE-2017-9038
MISC
MISCgoogle -- androidThe Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.2017-05-12not yet calculatedCVE-2016-4839
CONFIRM
BID
MISC
JVNgoogle -- android
 The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file.2017-05-18not yet calculatedCVE-2017-9045
MISCgoogle -- android
 ** DISPUTED ** Facebook WhatsApp Messenger 2.17.146 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legitimately want to preserve any file for use "in other apps like the Google Photos gallery" regardless of whether its associated chat is deleted.2017-05-18not yet calculatedCVE-2017-8769
MISCgoogle -- android
 In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.2017-05-16not yet calculatedCVE-2014-9932
BID
CONFIRMgoogle -- android
 The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application.2017-05-12not yet calculatedCVE-2016-4838
CONFIRM
BID
MISC
JVNhalliburton -- logview_pro
 Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.2017-05-15not yet calculatedCVE-2017-8926
EXPLOIT-DBhootoo_trip_mate -- heap_buffer
 Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted fname parameter of a GET request.2017-05-17not yet calculatedCVE-2017-9026
MISChootoo_trip_mate-- heap_buffer
 Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header.2017-05-17not yet calculatedCVE-2017-9025
MISCibm -- distributed_marketing
 IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379.2017-05-15not yet calculatedCVE-2016-5979
CONFIRMibm -- jazz_foundation
 IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,2017-05-15not yet calculatedCVE-2016-9735
CONFIRMibm -- qradar
 IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.2017-05-15not yet calculatedCVE-2016-9750
CONFIRMimagemagick -- rle_decoder
 ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.2017-05-19not yet calculatedCVE-2017-9098
MISC
MISC
MISCimagworsener -- libimageworsener.aThe lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.2017-05-19not yet calculatedCVE-2017-9094
CONFIRMimagworsener -- libimageworsener.a
 The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.2017-05-19not yet calculatedCVE-2017-9093
CONFIRMinfor -- eamINFOR EAM V11.0 Build 201410 has XSS via comment fields.2017-05-16not yet calculatedCVE-2017-7953
MISCinfor -- eam
 INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.2017-05-16not yet calculatedCVE-2017-7952
MISCios -- life_before_us_yo_app
 The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-15not yet calculatedCVE-2017-8937
MISCios-- ellentube_app
 The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-15not yet calculatedCVE-2017-8939
MISCios -- food_scanner_app
 The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-15not yet calculatedCVE-2017-8942
MISCios -- grocery_deals_app
 The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-15not yet calculatedCVE-2017-8940
MISCios -- international_app
 The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-15not yet calculatedCVE-2017-8941
MISCios -- pumatrac_app
 The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-15not yet calculatedCVE-2017-8943
MISCios -- radio_javan
 The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-15not yet calculatedCVE-2017-8938
MISCipswitch -- moveit_transfer
 Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20.2017-05-18not yet calculatedCVE-2017-6195
CONFIRMjms-- jbossHTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.2017-05-19not yet calculatedCVE-2017-7504
CONFIRMjoomla -- b2j_contact
 The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files.2017-05-17not yet calculatedCVE-2017-9030
MISCjoomla -- codextrous_b2j_contactThe Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a rename attack that bypasses a "safe file extension" protection mechanism, leading to remote code execution.2017-05-17not yet calculatedCVE-2017-5215
MISCjoomla -- codextrous_b2j_contact
 The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded files.2017-05-17not yet calculatedCVE-2017-5214
MISCjoomla -- sql_injection
 SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.2017-05-17not yet calculatedCVE-2017-8917
CONFIRMkde -- kdelibs
 KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.2017-05-17not yet calculatedCVE-2017-8422
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRMlarson -- vizex-reader
 Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.2017-05-15not yet calculatedCVE-2017-8927
EXPLOIT-DBlcds -- improper_access_control
 An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges.2017-05-18not yet calculatedCVE-2017-6016
BID
MISClibav -- libavformat/nsvdec.c
 libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.2017-05-18not yet calculatedCVE-2017-9051
MISC
MISClibdwarf -- dw201703-001
 An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.2017-05-18not yet calculatedCVE-2017-9055
MISClibdwarf -- dw201703-002An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.2017-05-18not yet calculatedCVE-2017-9054
MISClibdwarf --  dw201703-005An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function).2017-05-18not yet calculatedCVE-2017-9053
MISClibdwarf --  dw201703-006
 An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().2017-05-18not yet calculatedCVE-2017-9052
MISClibmenu -- cache
 Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).2017-05-15not yet calculatedCVE-2017-8933
CONFIRM
CONFIRMlibraw -- foveon_load_camf()A boundary error within the "foveon_load_camf()" function (dcraw_foveon.c) when initializing a huffman table in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a stack-based buffer overflow.2017-05-15not yet calculatedCVE-2017-6890
CONFIRM
MISClibraw -- foveon_load_camf()
 An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.2017-05-15not yet calculatedCVE-2017-6889
CONFIRM
MISClibraw -- parse_tiff_ifd()
 A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs.2017-05-16not yet calculatedCVE-2017-6887
MISC
MISC
MISClibraw -- parse_tiff_ifd()
 An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.2017-05-16not yet calculatedCVE-2017-6886
CONFIRM
MISC
MISClibxml2 -- 20904-gitv2.9.4-16-g0741801libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.2017-05-18not yet calculatedCVE-2017-9049
MISClibxml2 -- 20904-gitv2.9.4-16-g0741801libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.2017-05-18not yet calculatedCVE-2017-9050
MISClibxml2 -- 20904-gitv2.9.4-16-g0741801libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.2017-05-18not yet calculatedCVE-2017-9048
MISClibxml2 -- 20904-gitv2.9.4-16-g0741801
 A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.2017-05-18not yet calculatedCVE-2017-9047
MISClibytnef -- ytnef
 In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.2017-05-18not yet calculatedCVE-2017-9058
CONFIRMlinux -- kernel
 fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.2017-05-15not yet calculatedCVE-2017-7495
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- kernelIf shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory.2017-05-16not yet calculatedCVE-2016-10237
BID
CONFIRMlinux -- kernelIn TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur.2017-05-16not yet calculatedCVE-2016-10239
BID
CONFIRMlinux -- kernelIn QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.2017-05-16not yet calculatedCVE-2016-10238
BID
CONFIRMlinux -- kernelThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.2017-05-19not yet calculatedCVE-2017-9075
CONFIRM
CONFIRM
CONFIRMlinux -- kernelIn TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2015-9000
BID
CONFIRMlinux -- kernelThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.2017-05-19not yet calculatedCVE-2017-9077
CONFIRM
CONFIRM
CONFIRMlinux -- kernelThe dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.2017-05-19not yet calculatedCVE-2017-9076
CONFIRM
CONFIRM
CONFIRMlinux -- kernelIn TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2015-8998
BID
CONFIRMlinux -- kernelIn TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2015-9001
BID
CONFIRMlinux -- kernelIn TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2015-9002
BID
CONFIRMlinux -- kernelIn TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2015-9003
BID
CONFIRMlinux -- kernel
 In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2015-8995
BID
CONFIRMlinux -- kernel
 The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.2017-05-14not yet calculatedCVE-2017-7487
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- kernel
 The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.2017-05-19not yet calculatedCVE-2017-9074
CONFIRM
CONFIRM
CONFIRMlinux -- kernel
 A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.2017-05-16not yet calculatedCVE-2014-9931
BID
CONFIRMlinux -- kernel
 In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2014-9936
BID
CONFIRMlinux -- kernel
 In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2014-9935
BID
CONFIRMlinux -- kernel
 A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2016-10242
CONFIRMlinux -- kernel
 In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2014-9937
BID
CONFIRMlinux -- kernel
 In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.2017-05-16not yet calculatedCVE-2015-8999
BID
CONFIRMlinux -- kernel
 In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2015-8996
BID
CONFIRMlinux -- kernel
 Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.2017-05-16not yet calculatedCVE-2014-9933
BID
CONFIRMlinux -- kernel
 The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.2017-05-18not yet calculatedCVE-2017-9059
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- kernel
 A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.2017-05-16not yet calculatedCVE-2014-9934
BID
CONFIRMlinux -- kernel
 In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.2017-05-16not yet calculatedCVE-2015-8997
BID
CONFIRMmailcow -- mailcow
 mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.2017-05-14not yet calculatedCVE-2017-8928
CONFIRMmcafee -- ndlpClickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.2017-05-17not yet calculatedCVE-2017-4015
CONFIRMmcafee -- ndlpBanner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header.2017-05-17not yet calculatedCVE-2017-4013
CONFIRMmcafee -- ndlpSession Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.2017-05-17not yet calculatedCVE-2017-4014
CONFIRMmcafee -- ndlpWeb Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via HTTP response header.2017-05-17not yet calculatedCVE-2017-4016
CONFIRMmcafee -- ndlpUser Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface.2017-05-17not yet calculatedCVE-2017-4017
CONFIRMmcafee -- ndlpPrivilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.2017-05-17not yet calculatedCVE-2017-4012
CONFIRMmcafee -- ndlpEmbedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.2017-05-17not yet calculatedCVE-2017-4011
CONFIRMmcafee -- orchestrator
 A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.2017-05-18not yet calculatedCVE-2017-3980
CONFIRMmicrofocus -- vibe
 An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without authentication if Guest access is enabled (Guest access is disabled by default).2017-05-18not yet calculatedCVE-2017-7433
CONFIRMmicrosoft-- explorer
 A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability."2017-05-12not yet calculatedCVE-2017-0064
BID
CONFIRMmicrosoft -- .net_frameworkMicrosoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."2017-05-12not yet calculatedCVE-2017-0248
BID
CONFIRMmicrosoft -- activexAn information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability."2017-05-12not yet calculatedCVE-2017-0242
BID
CONFIRMmicrosoft -- browserA remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236.2017-05-12not yet calculatedCVE-2017-0238
BID
CONFIRMmicrosoft -- browserA spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."2017-05-12not yet calculatedCVE-2017-0231
BID
CONFIRMmicrosoft -- browsersA remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0228
BID
CONFIRMmicrosoft -- chakra_coreA remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252.2017-05-15not yet calculatedCVE-2017-0223
CONFIRMmicrosoft -- chakra_coreA remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223.2017-05-15not yet calculatedCVE-2017-0252
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability."2017-05-12not yet calculatedCVE-2017-0266
BID
CONFIRMmicrosoft -- edgeA vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240.2017-05-12not yet calculatedCVE-2017-0221
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0224
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240.2017-05-12not yet calculatedCVE-2017-0227
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0229
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0234
BID
CONFIRMmicrosoft -- edgeAn elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0241.2017-05-12not yet calculatedCVE-2017-0233
BID
CONFIRMmicrosoft -- edgeThe kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability."2017-05-12not yet calculatedCVE-2017-0245
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0236
BID
CONFIRMmicrosoft -- edgeAn elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0233.2017-05-12not yet calculatedCVE-2017-0241
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227.2017-05-12not yet calculatedCVE-2017-0240
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0230
BID
CONFIRMmicrosoft -- edgeA remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0235
BID
CONFIRMmicrosoft -- explorerA remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0222.2017-05-12not yet calculatedCVE-2017-0226
BID
CONFIRMmicrosoft -- explorerA remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.2017-05-12not yet calculatedCVE-2017-0222
BID
CONFIRMmicrosoft -- officeMicrosoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.2017-05-12not yet calculatedCVE-2017-0281
BID
CONFIRMmicrosoft -- officeMicrosoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.2017-05-12not yet calculatedCVE-2017-0262
BID
CONFIRMmicrosoft -- officeThe kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."2017-05-12not yet calculatedCVE-2017-0263
BID
CONFIRMmicrosoft -- officeMicrosoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.2017-05-12not yet calculatedCVE-2017-0254
BID
CONFIRMmicrosoft -- officeMicrosoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.2017-05-12not yet calculatedCVE-2017-0261
BID
CONFIRMmicrosoft -- powerpointMicrosoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265.2017-05-12not yet calculatedCVE-2017-0264
BID
CONFIRMmicrosoft -- powerpointMicrosoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264.2017-05-12not yet calculatedCVE-2017-0265
BID
CONFIRMmicrosoft -- serverThe Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.2017-05-12not yet calculatedCVE-2017-0278
BID
CONFIRMmicrosoft -- serverThe Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability."2017-05-12not yet calculatedCVE-2017-0246
BID
CONFIRMmicrosoft -- serverThe Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0258.2017-05-12not yet calculatedCVE-2017-0259
BID
CONFIRMmicrosoft -- serverThe Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.2017-05-12not yet calculatedCVE-2017-0280
BID
CONFIRMmicrosoft -- serverThe Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.2017-05-12not yet calculatedCVE-2017-0279
BID
CONFIRMmicrosoft -- serverMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0274
BID
CONFIRMmicrosoft -- serverMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0270
BID
CONFIRMmicrosoft -- serverMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0271
BID
CONFIRMmicrosoft -- serverThe Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.2017-05-12not yet calculatedCVE-2017-0269
BID
CONFIRMmicrosoft -- serverMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0268
BID
CONFIRMmicrosoft -- serverMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0267
BID
CONFIRMmicrosoft -- serverThe kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka "Windows Kernel Elevation of Privilege Vulnerability."2017-05-12not yet calculatedCVE-2017-0244
BID
CONFIRMmicrosoft -- serverThe Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.2017-05-12not yet calculatedCVE-2017-0272
BID
CONFIRMmicrosoft -- serverThe Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.2017-05-12not yet calculatedCVE-2017-0277
BID
CONFIRMmicrosoft -- serverMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275.2017-05-12not yet calculatedCVE-2017-0276
BID
CONFIRMmicrosoft -- serverMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0275
BID
CONFIRMmicrosoft -- serverThe Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280.2017-05-12not yet calculatedCVE-2017-0273
BID
CONFIRMmicrosoft -- serverThe Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259.2017-05-12not yet calculatedCVE-2017-0258
BID
CONFIRMmicrosoft -- sharepoint_foundationMicrosoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".2017-05-12not yet calculatedCVE-2017-0255
BID
CONFIRMmicrosoft -- windowsThe Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259.2017-05-12not yet calculatedCVE-2017-0175
BID
CONFIRMmicrosoft -- windowsWindows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.2017-05-12not yet calculatedCVE-2017-0213
BID
CONFIRMmicrosoft -- windowsWindows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0213.2017-05-12not yet calculatedCVE-2017-0214
BID
CONFIRMmicrosoft -- windowsThe Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.2017-05-12not yet calculatedCVE-2017-0220
BID
CONFIRMmicrosoft -- windowsThe GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."2017-05-12not yet calculatedCVE-2017-0190
BID
CONFIRMmicrosoft -- windowsWindows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability".2017-05-12not yet calculatedCVE-2017-0212
BID
CONFIRMmicrosoft -- windowsWindows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability".2017-05-12not yet calculatedCVE-2017-0171
BID
CONFIRMmicrosoft -- windows
 The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka "Win32k Information Disclosure Vulnerability."2017-05-12not yet calculatedCVE-2017-0077
BID
CONFIRMmicrosoft -- windows
 A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.2017-05-18not yet calculatedCVE-2017-9073
MISC
MISCmikrotik -- l2tp
 A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.2017-05-18not yet calculatedCVE-2017-8338
MISC
MISC
MISC
MISCmobotap_dolphin -- web_browser
 The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-15not yet calculatedCVE-2017-8936
MISCmodx-- revolutionIn MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.2017-05-18not yet calculatedCVE-2017-9068
MISC
MISCmodx-- revolutionIn MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.2017-05-18not yet calculatedCVE-2017-9069
MISC
MISCmodx-- revolutionIn MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.2017-05-18not yet calculatedCVE-2017-9070
MISC
MISCmodx-- revolutionIn MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.2017-05-18not yet calculatedCVE-2017-9071
MISC
MISCmodx-- revolution
 In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.2017-05-18not yet calculatedCVE-2017-9067
MISC
MISC
MISCmoodle -- moodleIn Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.2017-05-15not yet calculatedCVE-2017-7490
CONFIRMmoodle -- moodleIn Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.2017-05-15not yet calculatedCVE-2017-7489
CONFIRMmoodle -- moodleIn Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.2017-05-15not yet calculatedCVE-2017-7491
CONFIRMopenvpn -- openvpnOpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.2017-05-15not yet calculatedCVE-2017-7479
CONFIRMopenvpn -- openvpn
 OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.2017-05-15not yet calculatedCVE-2017-7478
CONFIRMpcmanfm -- pcmanfm
 PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability).2017-05-15not yet calculatedCVE-2017-8934
CONFIRM
CONFIRMperlcritic -- perltidy
 perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.2017-05-17not yet calculatedCVE-2016-10374
CONFIRMphoenix_contrac -- gmbh_mguardAn Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable.2017-05-18not yet calculatedCVE-2017-7937
MISCphoenix_contrac -- gmbh_mguard
 A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests.2017-05-18not yet calculatedCVE-2017-7935
MISCphpwhois -- phpwhois
 Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php.2017-05-17not yet calculatedCVE-2015-3998
MISCplaysms -- playsms
 PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.2017-05-19not yet calculatedCVE-2017-9080
MISC
EXPLOIT-DBpoppler -- evince
 poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.2017-05-19not yet calculatedCVE-2017-9083
MISCqemu -- virtfs
 Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest.2017-05-17not yet calculatedCVE-2017-7493
MLIST
CONFIRM
MLISTquest -- information_systemThe Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-15not yet calculatedCVE-2017-8935
MISCredhat -- jboss
 It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.2017-05-18not yet calculatedCVE-2017-7503
CONFIRMrockwell -- automation_connected_workbench
 A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVESE, and 9328-CCWDEVPTE; and Connected Components Workbench - Free Standard Edition (All Supported Languages), v9.01.00 and earlier. Certain DLLs included with versions of CCW software can be potentially hijacked to allow an attacker to gain rights to a victim's affected personal computer. Such access rights can be at the same or potentially higher level of privileges as the compromised user account, including and up to computer administrator privileges.2017-05-18not yet calculatedCVE-2017-5176
BID
MISCschneider -- electric_wonderware_historian_client
 An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network.2017-05-18not yet calculatedCVE-2017-7907
MISC
BID
MISCschneider -- electric_wonderware_indusoft_webAn Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges.2017-05-19not yet calculatedCVE-2017-7968
MISC
MISCsennet -- command_injection
 A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system.2017-05-18not yet calculatedCVE-2017-6048
MISCsimple_invoices -- csrf
 Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.2017-05-14not yet calculatedCVE-2017-8930
MISCsmb4k -- smb4k
 smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.2017-05-17not yet calculatedCVE-2017-8849
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRMvipa -- controls_winplc7
 A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution.2017-05-18not yet calculatedCVE-2017-5177
BID
MISCwordpress -- filesystem_credentials_dialog
 In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.2017-05-18not yet calculatedCVE-2017-9064
CONFIRM
CONFIRM
CONFIRMwordpress -- http_class
 In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.2017-05-18not yet calculatedCVE-2017-9066
CONFIRM
CONFIRM
MISC
CONFIRMwordpress -- wordpressIn WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.2017-05-18not yet calculatedCVE-2017-9063
CONFIRM
CONFIRM
CONFIRMwordpress -- wordpress
 In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.2017-05-18not yet calculatedCVE-2017-9061
CONFIRM
CONFIRM
CONFIRMwordpress -- xml-rpc api
 In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.2017-05-18not yet calculatedCVE-2017-9065
CONFIRM
CONFIRM
CONFIRMwordpress --  xml-rpc apiIn WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.2017-05-18not yet calculatedCVE-2017-9062
CONFIRM
CONFIRM
CONFIRMwow -- moodboard
 Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.2017-05-17not yet calculatedCVE-2015-4070
BID
MISCyara --  libyara/sizedstr.c
 The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.2017-05-14not yet calculatedCVE-2017-8929
CONFIRM
CONFIRMzimbra -- collaboration
 Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.2017-05-17not yet calculatedCVE-2016-3403
FULLDISC
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMzoho -- manageengine_desktop
 Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.2017-05-15not yet calculatedCVE-2017-7213
CONFIRMack to top

This product is provided subject to this Notification and this Privacy & Use policy.


ICS-CERT Releases WannaCry Fact Sheet

Wed, 05/17/2017 - 23:14
Original release date: May 17, 2017

The Industrial Control Systems Cybersecurity Emergency Response Team (ICS-CERT) has released a short overview of the WannaCry ransomware infections. This fact sheet provides information on how the WannaCry program spreads, what users should do if they have been infected, and how to protect against similar attacks in the future.

US-CERT encourages users and administrators to review the ICS-CERT Fact Sheet on WannaCry and the US-CERT Current Activity on the topic. For more technical details, please consult TA17-132A, Indicators Associated With WannaCry Ransomware.

This product is provided subject to this Notification and this Privacy & Use policy.


Joomla! Releases Security Update for CMS

Wed, 05/17/2017 - 13:48
Original release date: May 17, 2017

Joomla! has released version 3.7.1 of its Content Management System (CMS) software to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to take control of an affected website.

Users and administrators are encouraged to review the Joomla! Security Release and US-CERT's Alert on Content Management Systems Security and Associated Risks and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 05/17/2017 - 13:31
Original release date: May 17, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


WordPress Releases Security Update

Wed, 05/17/2017 - 09:09
Original release date: May 17, 2017

WordPress versions prior to 4.7.5 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

Users and administrators are encouraged to review the WordPress Security Release and upgrade to WordPress 4.7.5.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Releases Alert on Fraudulent Emails

Tue, 05/16/2017 - 17:10
Original release date: May 16, 2017

The Federal Trade Commission (FTC) has released an alert about scammers sending out fake emails that look authentic to trick you into sending money to them. Users should be suspicious of unsolicited phone calls or email messages from individuals asking about your information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.

US-CERT encourages users and administrators to refer to the FTC Scam Alert and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Updates

Mon, 05/15/2017 - 17:33
Original release date: May 15, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-135: Vulnerability Summary for the Week of May 8, 2017

Mon, 05/15/2017 - 09:44
Original release date: May 15, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoibm -- websphere_cast_iron_solutionIBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.2017-05-059.0CVE-2016-9691
CONFIRM
BIDibm -- websphere_cast_iron_solutionIBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516.2017-05-057.8CVE-2016-9692
CONFIRM
BIDBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infogenixcms -- genixcmsforgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.2017-05-086.4CVE-2017-8827
MISCibm -- marketing_platformIBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564.2017-05-054.3CVE-2016-0255
CONFIRM
BIDimagemagick -- imagemagickIn ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.2017-05-084.3CVE-2017-8830
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- experience_manager_forms
 Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.2017-05-09not yet calculatedCVE-2017-3067
BID
CONFIRMadobe -- flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3070
BID
CONFIRMadobe -- flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3069
BID
CONFIRMadobe -- flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3072
BID
CONFIRMadobe -- flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3071
BID
CONFIRMadobe -- flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3074
BID
CONFIRMadobe -- flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3073
BID
CONFIRMadobe -- flash_player
 Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3068
BID
CONFIRMadodb -- adodb
 Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4855
JVN
CONFIRMadvantech -- b+b_smartworx_mesr901A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.2017-05-05not yet calculatedCVE-2017-7909
BID
MISCadvantech -- webaccess
 An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.2017-05-05not yet calculatedCVE-2017-7929
BID
MISCallendisk -- id_parameter
 Allen Disk 1.6 has XSS in the id parameter to downfile.php.2017-05-08not yet calculatedCVE-2017-8832
CONFIRMallendisk -- setpass.php
 Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.2017-05-08not yet calculatedCVE-2017-8848
MISCambari -- ambari
 In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.2017-05-12not yet calculatedCVE-2017-5654
CONFIRM
CONFIRMartifexghostscript -- mark_line_tr
 The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.2017-05-12not yet calculatedCVE-2017-8908
MISCasus_rt-ac_rt-n -- firmwareASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.2017-05-10not yet calculatedCVE-2017-5892
MISC
MISCasus_rt-ac_rt-n -- firmware
 ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.2017-05-10not yet calculatedCVE-2017-5891
MISC
MISCasus_rt-ac_rt-n -- asus_rt_ac_rt_nASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.2017-05-10not yet calculatedCVE-2017-8878
MISCasus_rt-ac_rt-n -- asus_rt_ac_rt_n
 ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.2017-05-10not yet calculatedCVE-2017-8877
MISCatlassian -- hipchat
 Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.2017-05-05not yet calculatedCVE-2017-8058
BID
MISCbasercms -- basercms
 Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4878
CONFIRM
JVNbasercms -- basercms
 Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4882
CONFIRM
JVNbasercms -- basercms
 Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4883
CONFIRM
JVNbasercms -- plugin_blog
 Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4884
CONFIRM
JVNbasercms -- plugin_blog
 Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4881
CONFIRM
JVNbasercms -- plugin_blog
 Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4880
CONFIRM
JVNbasercms -- plugin_feed
 Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4885
CONFIRM
JVNbasercms -- plugin_mail
 Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4879
CONFIRM
JVNbasercms -- plugin_mail
 Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4886
CONFIRM
JVNbasercms -- plugin_mail
 Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4877
CONFIRM
JVNbasercms -- plugin_uploader
 Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4887
CONFIRM
JVNbasercms -- basercms
 Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4876
MISC
JVNblackberry -- management_console
 A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.2017-05-10not yet calculatedCVE-2017-3894
CONFIRMblf_tech_llc -- visualview_hmi
 An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.2017-05-08not yet calculatedCVE-2017-6051
BID
MISCbrocadefibrechannelsan -- os_(fos)
 A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.2017-05-08not yet calculatedCVE-2016-8202
BID
CONFIRM
CONFIRMbrocadenetiron -- brocade_netiron
 Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.2017-05-08not yet calculatedCVE-2016-8209
CONFIRMcaclientautomation -- os_installation_management_component
 The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.2017-05-05not yet calculatedCVE-2017-8391
BID
CONFIRMcertec -- edv_gmbh_atvise_scadaA Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.2017-05-05not yet calculatedCVE-2017-6031
BID
MISCcertec -- edv_gmbh_atvise_scada
 A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution.2017-05-05not yet calculatedCVE-2017-6029
BID
MISCcitrix -- xenmobile_server
 Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page.2017-05-05not yet calculatedCVE-2016-6877
BID
MISCcmsmadesimple --  admin_editusertag_php
 ** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug."2017-05-12not yet calculatedCVE-2017-8912
MISCconexantsystems -- mictray64task
 Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.2017-05-12not yet calculatedCVE-2017-8360
MISC
MISCcybervision -- kaa_iot_platformA Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution.2017-05-05not yet calculatedCVE-2017-7911
BID
MISCdahua -- configuration_file
 A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.2017-05-05not yet calculatedCVE-2017-7925
MISC
BID
MISCdahua -- dh_ipcA Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.2017-05-05not yet calculatedCVE-2017-7927
MISC
BID
MISCdolibarr -- erp_crm
 Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.2017-05-10not yet calculatedCVE-2017-8879
MISCdolibarr -- erp_crmDolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.2017-05-10not yet calculatedCVE-2017-7888
MISCdolibarr -- erp_crmDolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.2017-05-10not yet calculatedCVE-2017-7887
MISCdolibarr -- erp_crm
 Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.2017-05-10not yet calculatedCVE-2017-7886
MISCdropboxlepton -- dos_lepton_file
 Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.2017-05-10not yet calculatedCVE-2017-8891
MISC
MISC
MISCemc -- mainframe_enablers_resourcepak_base
 EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-05-08not yet calculatedCVE-2017-4982
CONFIRM
BIDf5 -- big_ip 
 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations.2017-05-09not yet calculatedCVE-2017-6137
CONFIRMf5 -- big_ipIn F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.2017-05-09not yet calculatedCVE-2016-9253
CONFIRMf5 -- big_ipIn F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.2017-05-09not yet calculatedCVE-2016-9251
CONFIRMf5 -- big_ipIn F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.2017-05-09not yet calculatedCVE-2016-9257
CONFIRMf5 -- big_ipIn F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.2017-05-09not yet calculatedCVE-2016-9256
BID
CONFIRMf5 -- big_ip_apm
 In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.2017-05-09not yet calculatedCVE-2017-0302
CONFIRMf5 -- big_ip
 In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.2017-05-10not yet calculatedCVE-2016-9250
CONFIRMfiyocms -- dapur_apps_app_config_controller_backuper_php
 Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.2017-05-09not yet calculatedCVE-2017-8853
MISCflatcore -- acp_core_files_browser_php
 acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.2017-05-10not yet calculatedCVE-2017-8868
CONFIRMflightgear -- fgcommand_interface
 In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.2017-05-12not yet calculatedCVE-2017-8921
CONFIRMgemalto -- smartdiag_diagnosisGemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.2017-05-08not yet calculatedCVE-2017-6953
EXPLOIT-DBgnu -- c_library
 The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.2017-05-07not yet calculatedCVE-2017-8804
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMgoodix -- touchscreen_driverAn elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602.2017-05-12not yet calculatedCVE-2017-0622
CONFIRMgoogle -- androidAn information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682.2017-05-12not yet calculatedCVE-2017-0634
CONFIRMgoogle -- androidA remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107.2017-05-12not yet calculatedCVE-2017-0635
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833.2017-05-12not yet calculatedCVE-2017-0628
CONFIRMgoogle -- androidAn information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232.2017-05-12not yet calculatedCVE-2017-0631
CONFIRMgoogle -- androidAn information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833.2017-05-12not yet calculatedCVE-2017-0629
CONFIRMgoogle -- androidAn information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.2017-05-12not yet calculatedCVE-2017-0630
CONFIRMgoogle -- androidAn information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131.2017-05-12not yet calculatedCVE-2017-0633
CONFIRMgoogle -- android
 An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353.2017-05-12not yet calculatedCVE-2017-0627
CONFIRMgoogle -- android
 The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.2017-05-12not yet calculatedCVE-2016-4839
CONFIRM
MISC
JVNgoogle -- android
 Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.2017-05-09not yet calculatedCVE-2016-6799
BID
MLISTgoogle -- android
 The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application.2017-05-12not yet calculatedCVE-2016-4838
CONFIRM
MISC
JVNgoogle -- androidAn elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.2017-05-12not yet calculatedCVE-2017-0604
CONFIRMgoogle -- androidAirwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.2017-05-10not yet calculatedCVE-2017-4896
BID
CONFIRMgoogle -- androidIn function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.2017-05-12not yet calculatedCVE-2017-8246
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399704. References: QC-CR#1048480.2017-05-12not yet calculatedCVE-2017-0605
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928.2017-05-12not yet calculatedCVE-2017-0607
CONFIRMgoogle -- androidA denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994.2017-05-12not yet calculatedCVE-2017-0603
CONFIRM
CONFIRMgoogle -- androidA remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635.2017-05-12not yet calculatedCVE-2017-0600
CONFIRM
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs.2017-05-12not yet calculatedCVE-2017-8245
CONFIRMgoogle -- androidA remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748.2017-05-12not yet calculatedCVE-2017-0599
CONFIRM
CONFIRMgoogle -- androidAn information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677.2017-05-12not yet calculatedCVE-2017-0598
CONFIRMgoogle -- androidAn information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955.2017-05-12not yet calculatedCVE-2017-0602
CONFIRMgoogle -- androidAn Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579.2017-05-12not yet calculatedCVE-2017-0601
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444.2017-05-12not yet calculatedCVE-2017-0594
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392.2017-05-12not yet calculatedCVE-2017-0596
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519.2017-05-12not yet calculatedCVE-2017-0595
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672.2017-05-12not yet calculatedCVE-2017-0591
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230.2017-05-12not yet calculatedCVE-2017-0593
CONFIRMgoogle -- androidA remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607.2017-05-12not yet calculatedCVE-2017-0588
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788.2017-05-12not yet calculatedCVE-2017-0592
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946.2017-05-12not yet calculatedCVE-2017-0590
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571.2017-05-12not yet calculatedCVE-2017-0597
CONFIRMgoogle -- androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036.2017-05-12not yet calculatedCVE-2017-0589
CONFIRM
CONFIRMgoogle -- androidA remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737.2017-05-12not yet calculatedCVE-2017-0587
CONFIRM
CONFIRMgoogle -- android
 Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.2017-05-10not yet calculatedCVE-2017-4895
BID
CONFIRMgoogle -- android
 In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_buf->filled_size" could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write).2017-05-12not yet calculatedCVE-2017-8244
CONFIRMgoogle -- android
 An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.2017-05-12not yet calculatedCVE-2017-0493
CONFIRMh2o -- h2o
 H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.2017-05-12not yet calculatedCVE-2016-4864
CONFIRM
JVNhikvision -- ds-2cd2xx2f_iA Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.2017-05-05not yet calculatedCVE-2017-7923
MISC
BID
MISChikvision -- ds-2cd2xx2f_i
 An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.2017-05-05not yet calculatedCVE-2017-7921
MISC
BID
MISChtc-- bootloader
 An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358.2017-05-12not yet calculatedCVE-2017-0623
CONFIRMibmtivolistoragemanager -- ibm_tivoli_storage_manager
 IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.2017-05-05not yet calculatedCVE-2016-8916
CONFIRM
BIDibm -- cognos_analytics
 IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516.2017-05-10not yet calculatedCVE-2016-3032
CONFIRMibm -- interact
 IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 115084.2017-05-10not yet calculatedCVE-2016-5888
CONFIRMibm -- interact
 IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085.2017-05-10not yet calculatedCVE-2016-5889
CONFIRMibm -- rational_quality_manager
 IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896.2017-05-10not yet calculatedCVE-2016-6035
CONFIRMibm -- rational_team_concert
 IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 116918.2017-05-10not yet calculatedCVE-2016-6037
CONFIRMibm -- team_concert
 IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665.2017-05-10not yet calculatedCVE-2017-1103
CONFIRMibm -- websphere_application_server
 IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.2017-05-10not yet calculatedCVE-2017-1137
CONFIRMibm -- websphere_portalIBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 1225922017-05-05not yet calculatedCVE-2017-1156
CONFIRM
BIDinstaller -- primedrive_desktop_application
 Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-05-12not yet calculatedCVE-2017-2167
MISC
JVNinvisionpowerservices -- community_suiteInvision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.2017-05-11not yet calculatedCVE-2017-8899
MISC
MISC
MISCinvisionpowerservices -- community_suiteInvision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the "<> Source" option.2017-05-11not yet calculatedCVE-2017-8898
MISC
MISC
MISCinvisionpowerservices -- community_suite
 Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement.2017-05-11not yet calculatedCVE-2017-8897
MISC
MISC
MISCkeycloak -- node_js_adapter
 It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.2017-05-12not yet calculatedCVE-2017-7474
CONFIRMlibetpan -- mime_handling_component
 A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.2017-05-08not yet calculatedCVE-2017-8825
CONFIRM
CONFIRM
CONFIRMlibtiff -- tiffwritedirectorytagcheckedrational
 The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.2017-05-10not yet calculatedCVE-2016-10371
CONFIRM
CONFIRMlibxml2 -- html_parser_c
 The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.2017-05-10not yet calculatedCVE-2017-8872
MISClibzpaq -- bufread::get()_function
 The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.2017-05-08not yet calculatedCVE-2017-8842
MISC
MISClibzpaq -- bufread::get()_function
 The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.2017-05-08not yet calculatedCVE-2017-8847
MISC
MISClibzpaq -- join_pthread_functionThe join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.2017-05-08not yet calculatedCVE-2017-8843
MISC
MISClibzrip -- read_1g
 The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.2017-05-08not yet calculatedCVE-2017-8844
MISC
MISClintian -- lintian
 Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.2017-05-08not yet calculatedCVE-2017-8829
CONFIRMlinux -- kernelThe omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.2017-05-12not yet calculatedCVE-2017-8925
CONFIRM
CONFIRM
CONFIRMlinux -- kernel
 The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.2017-05-11not yet calculatedCVE-2017-7472
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- kernel
 The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.2017-05-10not yet calculatedCVE-2017-8890
CONFIRM
CONFIRMlinux -- kernel
 The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.2017-05-12not yet calculatedCVE-2017-8924
CONFIRM
CONFIRM
CONFIRMlzolx_d_ch -- lzolx_decompress
 The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.2017-05-08not yet calculatedCVE-2017-8845
MISC
MISCmautic -- mautic
 Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.2017-05-10not yet calculatedCVE-2017-8874
MISCmediatek -- camera_driver
 An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35399703. References: QC-CR#831322.2017-05-12not yet calculatedCVE-2017-0621
CONFIRMmediatek -- command_queue_driverAn elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536.2017-05-12not yet calculatedCVE-2017-0618
CONFIRMmediatek -- pin_controller_driverAn elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566.2017-05-12not yet calculatedCVE-2017-0619
CONFIRMmediatek -- power_driverAn elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278.2017-05-12not yet calculatedCVE-2017-0615
CONFIRMmediatek -- system_managementAn elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160.2017-05-12not yet calculatedCVE-2017-0616
CONFIRMmediatek -- video_driverAn elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173.2017-05-12not yet calculatedCVE-2017-0617
CONFIRMmediatek -- command_queue_driver
 An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531.2017-05-12not yet calculatedCVE-2017-0625
CONFIRMmediatek -- thermal_driver
 An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445.2017-05-12not yet calculatedCVE-2016-10280
CONFIRMmediatek -- thermal_driver
 An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475.2017-05-12not yet calculatedCVE-2016-10281
CONFIRMmediatek -- thermal_driver
 An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189.2017-05-12not yet calculatedCVE-2016-10282
CONFIRMmediatek -- touchscreen
 An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901.2017-05-12not yet calculatedCVE-2016-10274
CONFIRMmicrosoft -- .net_framework
 Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."2017-05-12not yet calculatedCVE-2017-0248
CONFIRMmicrosoft -- activex
 An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability."2017-05-12not yet calculatedCVE-2017-0242
CONFIRMmicrosoft -- asp_netA denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests.2017-05-12not yet calculatedCVE-2017-0247
MISCmicrosoft -- asp_net
 A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.2017-05-12not yet calculatedCVE-2017-0256
MISCmicrosoft -- asp_net
 An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.2017-05-12not yet calculatedCVE-2017-0249
MISCmicrosoft -- browsers
 A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."2017-05-12not yet calculatedCVE-2017-0231
CONFIRMmicrosoft -- edge
 A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0235
CONFIRMmicrosoft -- edge
 A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240.2017-05-12not yet calculatedCVE-2017-0221
CONFIRMmicrosoft -- edge
 A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0234
CONFIRMmicrosoft -- edge
 A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0236
CONFIRMmicrosoft -- edge
 An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0233.2017-05-12not yet calculatedCVE-2017-0241
CONFIRMmicrosoft -- edge
 An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0241.2017-05-12not yet calculatedCVE-2017-0233
CONFIRMmicrosoft -- edge
 A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0230
CONFIRMmicrosoft -- edge
 A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0229
CONFIRMmicrosoft -- edge
 A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability."2017-05-12not yet calculatedCVE-2017-0266
CONFIRMmicrosoft -- edge
 A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227.2017-05-12not yet calculatedCVE-2017-0240
CONFIRMmicrosoft -- edge
 A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240.2017-05-12not yet calculatedCVE-2017-0227
CONFIRMmicrosoft -- explorer
 A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability."2017-05-12not yet calculatedCVE-2017-0064
CONFIRMmicrosoft -- explorer
 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226.2017-05-12not yet calculatedCVE-2017-0222
CONFIRMmicrosoft -- explorer
 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0222.2017-05-12not yet calculatedCVE-2017-0226
CONFIRMmicrosoft -- javascript_engines
 A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0224
CONFIRMmicrosoft -- javascript_engines
 A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0228
CONFIRMmicrosoft -- javascript_engines
 A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236.2017-05-12not yet calculatedCVE-2017-0238
CONFIRMmicrosoft -- malware_protection_engineThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."2017-05-09not yet calculatedCVE-2017-0290
BID
MISC
MISC
CONFIRM
CONFIRM
MISCmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0351
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges2017-05-09not yet calculatedCVE-2017-0352
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0348
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0347
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0350
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.2017-05-09not yet calculatedCVE-2017-0355
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0349
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privileges2017-05-09not yet calculatedCVE-2017-0345
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0343
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical memory, leading to escalation of privileges.2017-05-09not yet calculatedCVE-2017-0344
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0346
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service.2017-05-09not yet calculatedCVE-2017-0354
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service2017-05-09not yet calculatedCVE-2017-0353
CONFIRMmicrosoft -- nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0342
CONFIRMmicrosoft -- nvidia_gpu_display_driver
 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0341
CONFIRMmicrosoft -- officeMicrosoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.2017-05-12not yet calculatedCVE-2017-0281
CONFIRMmicrosoft -- office
 Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.2017-05-12not yet calculatedCVE-2017-0261
CONFIRMmicrosoft -- office
 Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.2017-05-12not yet calculatedCVE-2017-0262
CONFIRMmicrosoft -- powerpoint_mac
 Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265.2017-05-12not yet calculatedCVE-2017-0264
CONFIRMmicrosoft -- powerpoint_mac
 Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264.2017-05-12not yet calculatedCVE-2017-0265
CONFIRMmicrosoft -- server_message_blockThe Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.2017-05-12not yet calculatedCVE-2017-0280
CONFIRMmicrosoft -- server_message_blockThe Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.2017-05-12not yet calculatedCVE-2017-0278
CONFIRMmicrosoft -- server_message_blockThe Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.2017-05-12not yet calculatedCVE-2017-0277
CONFIRMmicrosoft -- server_message_blockMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0275
CONFIRMmicrosoft -- server_message_blockMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0274
CONFIRMmicrosoft -- server_message_blockThe Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.2017-05-12not yet calculatedCVE-2017-0279
CONFIRMmicrosoft -- server_message_block
 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275.2017-05-12not yet calculatedCVE-2017-0276
CONFIRMmicrosoft -- server_message_block
 The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.2017-05-12not yet calculatedCVE-2017-0272
CONFIRMmicrosoft -- server_message_block
 The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.2017-05-12not yet calculatedCVE-2017-0269
CONFIRMmicrosoft -- server_message_block
 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0268
CONFIRMmicrosoft -- server_message_block
 The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280.2017-05-12not yet calculatedCVE-2017-0273
CONFIRMmicrosoft -- server_message_block
 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0270
CONFIRMmicrosoft -- server_message_block
 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0271
CONFIRMmicrosoft -- server_message_block
 Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0267
CONFIRMmicrosoft -- server
 The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability."2017-05-12not yet calculatedCVE-2017-0245
CONFIRMmicrosoft -- server
 The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka "Windows Kernel Elevation of Privilege Vulnerability."2017-05-12not yet calculatedCVE-2017-0244
CONFIRMmicrosoft -- server
 The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0258.2017-05-12not yet calculatedCVE-2017-0259
CONFIRMmicrosoft -- server
 The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259.2017-05-12not yet calculatedCVE-2017-0258
CONFIRMmicrosoft -- server
 The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability."2017-05-12not yet calculatedCVE-2017-0246
CONFIRMmicrosoft -- sharepoint_foundation
 Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".2017-05-12not yet calculatedCVE-2017-0255
CONFIRMmicrosoft -- windows_com_aggregate_marshaler
 Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214.2017-05-12not yet calculatedCVE-2017-0213
CONFIRMmicrosoft -- windows_hyper_v
 Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability".2017-05-12not yet calculatedCVE-2017-0212
CONFIRMmicrosoft -- windows_server
 The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."2017-05-12not yet calculatedCVE-2017-0263
CONFIRMmicrosoft -- windows_server
 Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability".2017-05-12not yet calculatedCVE-2017-0171
CONFIRMmicrosoft -- windows_server
 The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259.2017-05-12not yet calculatedCVE-2017-0175
CONFIRMmicrosoft -- windows_server
 The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."2017-05-12not yet calculatedCVE-2017-0190
CONFIRMmicrosoft -- windows_server
 Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0213.2017-05-12not yet calculatedCVE-2017-0214
CONFIRMmicrosoft -- windows_server
 The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.2017-05-12not yet calculatedCVE-2017-0220
CONFIRMmicrosoft -- windows_server
 The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka "Win32k Information Disclosure Vulnerability."2017-05-12not yet calculatedCVE-2017-0077
CONFIRMmicrosoft -- windows_vista
 Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)", The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier that were available until April 27, 2017 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-05-12not yet calculatedCVE-2017-2157
JVN
MISCmicrosoft -- word
 Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.2017-05-12not yet calculatedCVE-2017-0254
CONFIRMminiupnp -- miniupnpc
 Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.2017-05-10not yet calculatedCVE-2017-8798
MISC
MISCmotorola -- bootloader
 An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.2017-05-12not yet calculatedCVE-2016-10277
CONFIRMmozilla -- network_security_seervices
 Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.2017-05-10not yet calculatedCVE-2017-5461
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMmulticoreware -- planeclipandmax()
 An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.2017-05-11not yet calculatedCVE-2017-8906
MISCnessus -- nessus
 Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2017-2122
JVN
CONFIRMnetcloud -- serverNextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.2017-05-08not yet calculatedCVE-2017-0891
MISC
CONFIRMnetcloud -- serverNextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.2017-05-08not yet calculatedCVE-2017-0893
MISC
CONFIRMnetcloud -- serverNextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.2017-05-08not yet calculatedCVE-2017-0895
MISC
CONFIRMnetcloud -- serverNextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.2017-05-08not yet calculatedCVE-2017-0892
MISC
CONFIRMnetcloud -- serverNextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.2017-05-08not yet calculatedCVE-2017-0894
MISC
CONFIRMnetcloud -- server
 Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.2017-05-08not yet calculatedCVE-2017-0890
MISC
CONFIRMoneplus -- one_xAn issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA.2017-05-11not yet calculatedCVE-2017-8851
MISConeplus -- one_x
 An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off).2017-05-11not yet calculatedCVE-2017-8850
MISConeplus -- one_x
 An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off).2017-05-11not yet calculatedCVE-2017-5948
MISConeplus -- ota_updater
 An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851.2017-05-11not yet calculatedCVE-2016-10370
MISC
MISCopentexttempobox -- opentext_tempo_box
 Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.2017-05-10not yet calculatedCVE-2017-8892
MISCpanda -- mobile_security
 Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.2017-05-05not yet calculatedCVE-2017-8060
BID
MISCpostgresql -- pgrequiresslIn PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.2017-05-12not yet calculatedCVE-2017-7485
CONFIRMpostgresql -- postgresqlPostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.2017-05-12not yet calculatedCVE-2017-7486
CONFIRMpostgresql -- postgresql
 It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.2017-05-12not yet calculatedCVE-2017-7484
CONFIRMqualcomm -- sound_driverAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34088848. References: QC-CR#1116015.2017-05-12not yet calculatedCVE-2017-0606
CONFIRMqualcomm  -- wi_fi_driver
 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052.2017-05-12not yet calculatedCVE-2016-10283
CONFIRMqualcomm -- adsprpc_driver
 An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC-CR#1110747.2017-05-12not yet calculatedCVE-2017-0465
CONFIRMqualcomm -- bootloader
 An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-34514954. References: QC-CR#1009111.2017-05-12not yet calculatedCVE-2016-10275
CONFIRMqualcomm -- bootloader
 An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105.2017-05-12not yet calculatedCVE-2016-10276
CONFIRMqualcomm -- crypto_driver
 An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295.2017-05-12not yet calculatedCVE-2016-10289
CONFIRMqualcomm -- led_driver
 An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763.2017-05-12not yet calculatedCVE-2016-10288
CONFIRMqualcomm -- led_driver
 An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326.2017-05-12not yet calculatedCVE-2016-10295
CONFIRMqualcomm -- power_driver
 An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481.2017-05-12not yet calculatedCVE-2016-10294
CONFIRMqualcomm -- secure_channel_manager
 An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711.2017-05-12not yet calculatedCVE-2017-0620
CONFIRMqualcomm -- secure_executionAn elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140.2017-05-12not yet calculatedCVE-2017-0613
CONFIRMqualcomm -- secure_executionAn elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399405. References: QC-CR#1080290.2017-05-12not yet calculatedCVE-2017-0614
CONFIRMqualcomm -- secure_executionAn elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845.2017-05-12not yet calculatedCVE-2017-0612
CONFIRMqualcomm -- shared_memory_driver
 An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782.2017-05-12not yet calculatedCVE-2016-10296
CONFIRMqualcomm -- shared_memory_driver
 An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33898330. References: QC-CR#1109782.2017-05-12not yet calculatedCVE-2016-10290
CONFIRMqualcomm -- slimbus_driver
 An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837.2017-05-12not yet calculatedCVE-2016-10291
CONFIRMqualcomm -- sound-driverAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399801. References: QC-CR#1090482.2017-05-12not yet calculatedCVE-2017-0609
CONFIRMqualcomm -- sound-driverAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852.2017-05-12not yet calculatedCVE-2017-0610
CONFIRMqualcomm -- sound-driverAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393841. References: QC-CR#1084210.2017-05-12not yet calculatedCVE-2017-0611
CONFIRMqualcomm -- sound-driver
 An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR#1098363.2017-05-12not yet calculatedCVE-2017-0608
CONFIRMqualcomm -- sound_codec_driver
 An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915.2017-05-12not yet calculatedCVE-2017-0632
CONFIRMqualcomm -- sound_driver
 An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33784446. References: QC-CR#1112751.2017-05-12not yet calculatedCVE-2016-10287
CONFIRMqualcomm -- video_driver
 An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237.2017-05-12not yet calculatedCVE-2016-10286
CONFIRMqualcomm -- video_driver
 An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33752702. References: QC-CR#1104899.2017-05-12not yet calculatedCVE-2016-10285
CONFIRMqualcomm -- video_driver
 An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664.2017-05-12not yet calculatedCVE-2016-10284
CONFIRMqualcomm -- video_driver
 An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943.2017-05-12not yet calculatedCVE-2016-10293
CONFIRMqualcomm -- wifi_driverAn information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050.2017-05-12not yet calculatedCVE-2017-0626
CONFIRMqualcomm -- wifi_driver
 An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832.2017-05-12not yet calculatedCVE-2017-0624
CONFIRMqualcomm -- wifi_driver
 A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466.2017-05-12not yet calculatedCVE-2016-10292
CONFIRMrockwell -- automation_controllogix
 A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.2017-05-05not yet calculatedCVE-2017-6024
BID
MISCsaa7164usc -- ssa7164_bus_get function
 The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.10.14 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability.2017-05-08not yet calculatedCVE-2017-8831
MISCsap -- sapcar
 SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.2017-05-10not yet calculatedCVE-2017-8852
MISCschneiderelectric -- vampset
 All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system remains operational and VAMPSET responds, it is able to be shut down through its normal closing protocol.2017-05-09not yet calculatedCVE-2017-7967
CONFIRMsiemens -- simatic_cp
 Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X200 (All versions), SCALANCE X200 IRT (All versions), SCALANCE X300, X408, X414 (All versions), SCALANCE XM400, XR500 (All versions), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 / UPS1600 PROFINET (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), PN/PN Coupler (All versions), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 incl. F and H (All versions), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.8 HF4), SINAMICS S110 w. PN (All versions), SINAMICS S120 (All versions before V4.8 HF4), SINAMICS S150 (All versions before V4.8 HF4), SINAMICS V90 w. PN (All versions), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (V4.7 before SP6 HF8 and before V4.5), SINUMERIK 840D sl (V4.7 before SP6 HF8 and before V4.5), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.2017-05-10not yet calculatedCVE-2017-2680
BID
CONFIRMsiemens -- simatic_s7Siemens SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 incl. F and H (All versions), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP (Layer 2 - Ethernet) packet sent to an affected product.2017-05-11not yet calculatedCVE-2017-2681
BID
CONFIRMsiemens -- simaticA vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.2017-05-11not yet calculatedCVE-2017-6867
BID
CONFIRMsiemens -- simatic
 Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and V14 before SP1), SIMATIC STEP 7 (TIA Portal) (V13 all versions before SP2 and V14 before SP1), SIMATIC STEP 7 V5.X (All versions), STEP 7 - Micro/WIN SMART (All versions), SMART PC Access V2.0, SIMATIC Automation Tool (All versions), SIMATIC WinCC (All versions), SIMATIC PCS 7 (All versions), SIMATIC NET PC-Software (All versions), Primary Setup Tool (PST) (All versions), Security Configuration Tool (SCT) (All versions), SINEMA Server (All versions), SINAUT ST7CC (All versions), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SINUMERIK 808D Programming Tool (All versions), SIMATIC WinCC flexible 2008 (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet.2017-05-11not yet calculatedCVE-2017-6865
BID
CONFIRMsoy -- cmsCross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2017-2164
JVNsoy -- cms
 Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.2017-05-12not yet calculatedCVE-2017-2163
JVNsplunk -- enterprise_lightOpen redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4857
JVN
CONFIRMsplunk -- enterprise_lightOpen redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4859
JVN
CONFIRMsplunk -- enterprise_lightCross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4858
JVN
CONFIRMsplunk -- enterprise_light
 Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4856
JVN
CONFIRMswftools -- pdf2swfA Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf 3.02.2017-05-10not yet calculatedCVE-2017-7698
CONFIRMsymphony -- meta_parameter
 Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.2017-05-10not yet calculatedCVE-2017-8876
MISCsynology -- dsm_user
 Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.2017-05-12not yet calculatedCVE-2016-10330
MLIST
MISC
MISC
CONFIRMsynology -- photo_station
 Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.2017-05-12not yet calculatedCVE-2016-10329
MLIST
MISC
MISC
CONFIRMsynology -- photo_station
 Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.2017-05-12not yet calculatedCVE-2016-10331
MISC
CONFIRMtibco -- spotfire_server
 TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.2017-05-09not yet calculatedCVE-2017-5527
CONFIRMtrafficmanagementmicrokernel -- traffic_anagement_microkernel
 The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet.2017-05-11not yet calculatedCVE-2016-7476
BID
CONFIRMubuntu -- lightdm
 LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.2017-05-12not yet calculatedCVE-2017-8900
CONFIRM
CONFIRM
CONFIRMunicodetoutf8() -- unicode_to_utf8()_function
 An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.2017-05-12not yet calculatedCVE-2017-8911
MISCunixsocket.c -- lxterminal
 unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).2017-05-08not yet calculatedCVE-2016-10369
MISC
MISC
MISCveritasbackupexec -- veritas_backup_exec
 In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An authenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.2017-05-10not yet calculatedCVE-2017-8895
CONFIRMveritas -- netbackupIn Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.2017-05-09not yet calculatedCVE-2017-8857
BID
CONFIRMveritas -- netbackupIn Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.2017-05-09not yet calculatedCVE-2017-8859
BID
CONFIRMveritas -- netbackupIn Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.2017-05-09not yet calculatedCVE-2017-8858
BID
CONFIRMveritas -- netbackup
 In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.2017-05-09not yet calculatedCVE-2017-8856
BID
CONFIRMwolfssl -- out_of_bounds_memory_access
 wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.2017-05-09not yet calculatedCVE-2017-8854
CONFIRMwolfssl -- wc_dhagreewolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.2017-05-09not yet calculatedCVE-2017-8855
CONFIRMwordpress -- clean_login_plugin
 CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.2017-05-10not yet calculatedCVE-2017-8875
MISC
MISCxen -- failsafeXen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.2017-05-11not yet calculatedCVE-2017-8905
CONFIRM
CONFIRMxen -- gnttabop_transferXen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.2017-05-11not yet calculatedCVE-2017-8904
CONFIRM
CONFIRMxen -- iret_hypercall
 Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.2017-05-11not yet calculatedCVE-2017-8903
CONFIRM
CONFIRMzencart -- main_page_parameter
 Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."2017-05-08not yet calculatedCVE-2017-8833
CONFIRMzendstringextend -- zend/zend_string_h
 The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.2017-05-12not yet calculatedCVE-2017-8923
MISCliblrzipso -- read_stream_functionThe read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.2017-05-08not yet calculatedCVE-2017-8846
MISC
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


TA17-132A: Indicators Associated With WannaCry Ransomware

Fri, 05/12/2017 - 21:36
Original release date: May 12, 2017 | Last revised: May 13, 2017
Systems Affected

Microsoft Windows operating systems

Overview

According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages.

The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S.

This Alert is the result of efforts between the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) to highlight known cyber threats. DHS and the FBI continue to pursue related information of threats to federal, state, and local government systems and as such, further releases of technical information may be forthcoming.

Description

Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 vulnerability on March 14, 2017. According to open sources, one possible infection vector is via phishing emails.

Technical DetailsIndicators of Compromise (IOC)

IOCs are provided within the accompanying .xls file of this report.

Yara Signatures

rule Wanna_Cry_Ransomware_Generic {

       meta:

              description = "Detects WannaCry Ransomware on disk and in virtual page"

              author = "US-CERT Code Analysis Team"

              reference = "not set"                                        

              date = "2017/05/12"

       hash0 = "4DA1F312A214C07143ABEEAFB695D904"

      

       strings:

              $s0 = {410044004D0049004E0024}

              $s1 = "WannaDecryptor"

              $s2 = "WANNACRY"

              $s3 = "Microsoft Enhanced RSA and AES Cryptographic"

              $s4 = "PKS"

              $s5 = "StartTask"

              $s6 = "wcry@123"

              $s7 = {2F6600002F72}

              $s8 = "unzip 0.15 Copyrigh"

       condition:

              $s0 and $s1 and $s2 and $s3 or $s4 or $s5 or $s6 or $s7 or $s8

}

/*The following Yara ruleset is under the GNU-GPLv2 license (http://www.gnu.org/licenses/gpl-2.0.html) and open to any user or organization, as long as you use it under this license.

rule MS17_010_WanaCry_worm {

       meta:

              description = "Worm exploiting MS17-010 and dropping WannaCry Ransomware"

              author = "Felipe Molina (@felmoltor)"

                     reference = "https://www.exploit-db.com/exploits/41987/"

                           date = "2017/05/12"

       strings:

              $ms17010_str1="PC NETWORK PROGRAM 1.0"

              $ms17010_str2="LANMAN1.0"

              $ms17010_str3="Windows for Workgroups 3.1a"

              $ms17010_str4="__TREEID__PLACEHOLDER__"

              $ms17010_str5="__USERID__PLACEHOLDER__"

              $wannacry_payload_substr1 = "h6agLCqPqVyXi2VSQ8O6Yb9ijBX54j"

              $wannacry_payload_substr2 = "h54WfF9cGigWFEx92bzmOd0UOaZlM"

              $wannacry_payload_substr3 = "tpGFEoLOU6+5I78Toh/nHs/RAP"

       condition:

              all of them

}



Initial Analysis

The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named “t.wry”. The malware then uses an embedded 128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user’s files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans.

The newly loaded DLL immediately begins encrypting files on the victim’s system and encrypts the user’s files with 128-bit AES. A random key is generated for the encryption of each file.

The malware also attempts to access the IPC$ shares and SMB resources the victim system has access to. This access permits the malware to spread itself laterally on a compromised network. However, the malware never attempts to attain a password from the victim’s account in order to access the IPC$ share.

This malware is designed  to spread laterally on a network by gaining unauthorized access to the IPC$ share on network resources on the network on which it is operating.

Impact

Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.

Solution

Recommended Steps for Prevention

  • Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
  • Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing. 
  • Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
  • Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
  • Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary. 
  • Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. 
  • Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.
  • Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
  • Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
  • Test your backups to ensure they work correctly upon use.

Recommended Steps for Remediation

  • Contact law enforcement. We strongly encourage you to contact a local FBI field office upon discovery to report an intrusion and request assistance. Maintain and provide relevant logs.
  • Implement your security incident response and business continuity plan. Ideally, organizations should ensure they have appropriate backups so their response is simply to restore the data from a known clean backup. 

Defending Against Ransomware Generally

Precautionary measures to mitigate ransomware threats include:

  • Ensure anti-virus software is up-to-date.
  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
  • Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust.
  • Enable automated patches for your operating system and Web browser.

Report Notice

DHS and FBI encourages recipients who identify the use of tool(s) or techniques discussed in this document to report information to DHS or law enforcement immediately. We encourage you to contact DHS’s National Cybersecurity and Communications Integration Center (NCCIC) (NCCICcustomerservice@hq.dhs.gov or 888-282-0870), or the FBI through a local field office or the FBI’s Cyber Division (CyWatch@ic.fbi.gov or 855-292-3937) to report an intrusion and to request incident response resources or technical assistance.

References Revision History
  • May 12, 2017: Initial post

This product is provided subject to this Notification and this Privacy & Use policy.


Multiple Ransomware Infections Reported

Fri, 05/12/2017 - 15:05
Original release date: May 12, 2017

US-CERT has received multiple reports of ransomware infections in several countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.

Users and administrators are encouraged to review the US-CERT Alert TA16-091A to learn how to best protect against ransomware. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Update

Wed, 05/10/2017 - 13:33
Original release date: May 10, 2017

Cisco has released a security update to address a vulnerability in its WebEx Meetings Server which could allow a remote attacker to obtain sensitive information.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Announces Resources for Small Businesses

Tue, 05/09/2017 - 21:14
Original release date: May 09, 2017

The Federal Trade Commission (FTC) has released an announcement about its new website devoted to protecting small businesses. This resource aims to help business owners avoid scams, protect their computers and networks, and keep their customers' and employees' data safe.

Business owners and other interested parties are encouraged to explore the new FTC website and review US-CERT resources for small and midsize businesses.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases May 2017 Security Updates

Tue, 05/09/2017 - 16:50
Original release date: May 09, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's May 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Tue, 05/09/2017 - 15:34
Original release date: May 09, 2017

Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 05/09/2017 - 12:49
Original release date: May 09, 2017

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Experience Manager Forms. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB17-15 and APSB17-16 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Promotes Privacy Awareness Week

Mon, 05/08/2017 - 22:39
Original release date: May 08, 2017

The Federal Trade Commission (FTC) has released an announcement on Privacy Awareness Week, celebrated this week in the U.S. The theme of this year’s initiative is “Share with Care,” and the FTC is offering privacy tips, including how to safeguard your information online, improve your computer security, and limit unwanted emails.

US-CERT encourages users and administrators to review FTC’s post on Privacy Awareness Week and these related resources from US-CERT:

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases Critical Security Update

Mon, 05/08/2017 - 22:34
Original release date: May 08, 2017

Microsoft has released a critical out-of-band security update addressing a vulnerability in the Microsoft Malware Protection Engine. A remote attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review Microsoft Security Advisory 4022344 for details and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-128: Vulnerability Summary for the Week of May 1, 2017

Mon, 05/08/2017 - 06:50
Original release date: May 08, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoiodata -- wn-g300r3_firmwareWN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.2017-04-289.0CVE-2017-2141
JVN
MISCiodata -- wn-g300r3_firmwareBuffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-04-2810.0CVE-2017-2142
JVN
MISCipa -- appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.2017-04-287.5CVE-2017-2101
JVN
BIDBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infobooking_calendar_project -- booking_calendarDirectory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.2017-04-285.0CVE-2017-2150
JVN
MISCbooking_calendar_project -- booking_calendarCross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-284.3CVE-2017-2151
JVN
MISCbuffalo_inc -- wnc01wh_firmwareWNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.2017-04-285.2CVE-2017-2152
JVNcubecart -- cubecartDirectory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.2017-04-284.0CVE-2017-2090
JVN
BID
MISCcubecart -- cubecartDirectory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.2017-04-284.0CVE-2017-2098
JVN
BID
MISCcubecart -- cubecartDirectory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.2017-04-284.0CVE-2017-2117
JVN
BID
MISCcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.2017-04-284.0CVE-2017-2091
JVN
BID
MISCcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.2017-04-284.3CVE-2017-2093
JVN
BID
MISCcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.2017-04-284.0CVE-2017-2094
JVN
BID
MISCcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.2017-04-284.0CVE-2017-2095
JVN
BID
MISCcybozu -- officeCybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.2017-04-284.0CVE-2017-2115
JVN
BID
MISCcybozu -- officeCybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.2017-04-284.0CVE-2017-2116
JVN
BID
MISCgaku -- tablacus_explorerTablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.2017-04-286.8CVE-2017-2140
JVN
MISCi.con_corporation -- hoozin_viewerBuffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage.2017-04-286.8CVE-2017-2155
JVN
MISCibm -- websphere_application_serverIBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.2017-04-286.8CVE-2017-1194
CONFIRM
BIDimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8343
BID
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8344
BID
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8345
BID
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8346
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8347
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8348
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8349
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8350
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8351
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8352
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8353
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8354
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8355
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8356
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-04-304.3CVE-2017-8357
CONFIRMinformation-technology_promotion_agency -- introduction_to_safe_website_operationSecurity guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data.2017-04-286.8CVE-2017-2128
JVN
BIDipa -- appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors.2017-04-286.8CVE-2017-2099
JVN
BIDipa -- appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.2017-04-286.8CVE-2017-2100
JVN
BIDipa -- appgoatCross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-04-286.8CVE-2017-2102
JVN
BIDjustsystems -- hanakoCross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-286.8CVE-2017-2154
JVN
MISClibarchive -- libarchiveThe archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2017-04-304.3CVE-2016-10349
MISClibarchive -- libarchiveThe archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2017-04-304.3CVE-2016-10350
MISClibsndfile_project -- libsndfileThe flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-304.3CVE-2017-8361
MISClibsndfile_project -- libsndfileThe flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file.2017-04-304.3CVE-2017-8362
MISClibsndfile_project -- libsndfileThe flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.2017-04-304.3CVE-2017-8363
MISClibsndfile_project -- libsndfileThe i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.2017-04-304.3CVE-2017-8365
MISCnetgear -- prosafe_plus_configuration_utilityProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.2017-04-284.3CVE-2017-2137
JVN
MISColive_design -- olive_blogCross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter.2017-04-284.3CVE-2016-7839
JVN
BIDolive_design -- olive_blogCross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter.2017-04-284.3CVE-2016-7840
JVN
BIDolive_design -- olive_diary_dxCross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter.2017-04-284.3CVE-2016-7841
JVN
BIDonethird -- onethird_cmsCross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php.2017-04-284.3CVE-2017-2123
JVN
BID
MISConethird -- onethird_cmsCross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php.2017-04-284.3CVE-2017-2124
JVN
MISCsecurebrain -- phishwall_client_for_internet_explorerUntrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-04-286.8CVE-2017-2130
JVN
MISC
BIDuchida_yoko_co._ltd -- assetbaseCross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-284.3CVE-2017-2134
JVN
BIDwbce -- wbce_cmsCross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-284.3CVE-2017-2118
JVN
BID
MISCwbce -- wbce_cmsDirectory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.2017-04-285.0CVE-2017-2119
JVN
BID
MISCwbce -- wbce_cmsSQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.2017-04-286.0CVE-2017-2120
JVN
BID
MISCwp_statistics -- wp_statisticsCross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-284.3CVE-2017-2135
JVN
MISCwp_statistics -- wp_statisticsCross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.2017-04-284.3CVE-2017-2136
JVN
BID
MISCwp_statistics -- wp_statisticsCross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-284.3CVE-2017-2147
JVN
BID
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocybozu -- garoonCross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-283.5CVE-2017-2092
JVN
BID
MISCcybozu -- officeCross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-283.5CVE-2017-2114
JVN
BID
MISCiodata -- wn-ac1167gr_firmwareCross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-283.5CVE-2017-2148
JVN
MISC
BIDyourownprogrammer -- yop_pollCross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-283.5CVE-2017-2127
JVN
BIDBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info21st_century_insurance -- 21st_century_insurance_app
 The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5919
MISC360fly -- 4k_cameras360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program.2017-05-01not yet calculatedCVE-2017-8403
MISC7-zip32.dll -- 7-zip32.dll
 Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-04-28not yet calculatedCVE-2017-2107
MISC
JVN
BIDaccellioin -- accellion_fta
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding.2017-05-05not yet calculatedCVE-2017-8760
MISCaccellion -- fta_devices
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.2017-05-05not yet calculatedCVE-2017-8304
MISCaccellion -- fta_devices
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.2017-05-05not yet calculatedCVE-2017-8303
MISCaccellion -- fta
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.2017-05-05not yet calculatedCVE-2017-8791
MISCaccellion -- fta
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.2017-05-05not yet calculatedCVE-2017-8795
MISCaccellion -- fta
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.2017-05-05not yet calculatedCVE-2017-8792
MISCaccellion -- fta
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.2017-05-05not yet calculatedCVE-2017-8789
MISCaccellion -- fta
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.2017-05-05not yet calculatedCVE-2017-8788
MISCaccellion -- fta
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.2017-05-05not yet calculatedCVE-2017-8796
MISCaccellion -- fta
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.2017-05-05not yet calculatedCVE-2017-8790
MISCaccellion -- fta
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.2017-05-05not yet calculatedCVE-2017-8794
MISCaccellion -- fta
 An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy.2017-05-05not yet calculatedCVE-2017-8793
MISCaccess_cx_app -- access_cx_app
 The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-28not yet calculatedCVE-2017-2110
JVN
BIDadvantech -- b+b_smartworx_mesr901_firmware
 A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.2017-05-05not yet calculatedCVE-2017-7909
MISCadvantech -- webaccess
 upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.2017-05-02not yet calculatedCVE-2016-5810
MISC
MISCadvantech -- webaccess
 An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.2017-05-05not yet calculatedCVE-2017-7929
MISCallied_telesis -- centrecom_ar260s_v2
 Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.2017-04-28not yet calculatedCVE-2017-2125
JVN
MISC
BIDamerica's_first_federal_credit_union -- mobile_banking_app
 The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5916
MISCapache -- qpid_proton
 The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.2017-05-02not yet calculatedCVE-2016-4467
MLIST
BID
SECTRACKatlassian -- hipchat
 Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads.2017-05-05not yet calculatedCVE-2017-8080
BID
CONFIRM
CONFIRMatlassian -- hipchat
 Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.2017-05-05not yet calculatedCVE-2017-8058
MISCatlassian -- sourcetree
 Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632.2017-05-04not yet calculatedCVE-2017-8768
MISC
MISC
MISCavahi -- avahi
 avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.2017-04-30not yet calculatedCVE-2017-6519
MISC
MISCaxis_communications -- network_cameras
 The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.2017-05-02not yet calculatedCVE-2015-8257
MISC
BID
EXPLOIT-DBbanco_de_costa_rica -- bcr_movil_app
 The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5918
MISCbanco_santander_mexico -- sa_puermovil_app
 The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5911
MISCbmc -- server_automation
 The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors.2017-05-02not yet calculatedCVE-2016-5063
BID
CONFIRMbose -- soundtouch_30
 The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.2017-04-30not yet calculatedCVE-2017-6520
MISCbrave -- brave
 Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site.2017-05-03not yet calculatedCVE-2017-8458
MISC
MISCca_technologies -- CA-client_automation
 The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.2017-05-05not yet calculatedCVE-2017-8391
CONFIRMcertec_edv -- atvise_scada
 A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution.2017-05-05not yet calculatedCVE-2017-6029
MISCcertec_edv -- atvise_scada
 A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.2017-05-05not yet calculatedCVE-2017-6031
MISCcisco -- cvr100w_wireless-n_VPN_router
 A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457.2017-05-03not yet calculatedCVE-2017-6620
BID
CONFIRMcisco -- firepower
 A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361.2017-05-03not yet calculatedCVE-2017-6625
BID
CONFIRMcisco -- ios
 A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939.2017-05-03not yet calculatedCVE-2017-6624
BID
CONFIRMcisco -- unified_contact_center_enterprise
 A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314.2017-05-03not yet calculatedCVE-2017-6626
BID
CONFIRMcisco -- unity_connection
 A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118.2017-05-03not yet calculatedCVE-2017-6629
BID
CONFIRMcisco -- wide_area_application_services
 A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133.2017-05-03not yet calculatedCVE-2017-6628
BID
CONFIRMcitrix -- xenmobile_server
 Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page.2017-05-05not yet calculatedCVE-2016-6877
MISCcloud_foundry -- cloud_controller
 The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.2017-05-02not yet calculatedCVE-2016-5006
CONFIRM
CONFIRMcraft_cms -- craft_cms
 Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.2017-05-01not yet calculatedCVE-2017-8385
CONFIRM
CONFIRMcraft_cms -- craft_cms
 Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.2017-05-01not yet calculatedCVE-2017-8383
CONFIRM
CONFIRMcraft_cms -- craft_cms
 Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.2017-05-01not yet calculatedCVE-2017-8384
CONFIRM
CONFIRMcybervision -- kaa_iot_platform
 A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution.2017-05-05not yet calculatedCVE-2017-7911
MISCcybozu -- kunai
 Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.2017-04-28not yet calculatedCVE-2017-2109
JVN
BID
MISCcybozu -- remote_service_manager
 Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.2017-04-28not yet calculatedCVE-2016-7815
JVN
BID
MISCdahua -- multiple_devices
 A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.2017-05-05not yet calculatedCVE-2017-7925
MISC
MISCdahua -- multiple_devices
 A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.2017-05-05not yet calculatedCVE-2017-7927
MISC
MISCdollar_bank -- dollar_bank_mobile_app
 The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5905
MISCdot_it -- banque_zitouna_app
 The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5914
MISCelectronic_funds_source -- mobile_driver_source_app
 The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5909
MISCemc -- data_dominion
 EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system.2017-05-04not yet calculatedCVE-2017-4983
CONFIRM
BIDemirates_nbd_bank -- pjsc_emirates_nbd_ksa_app
 The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5915
MISCether_software -- multiple_productsBuffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username.2017-04-30not yet calculatedCVE-2017-8367
MISC
EXPLOIT-DBettercap_project -- ettercap
 The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter.2017-04-30not yet calculatedCVE-2017-8366
MISCeveryday_health -- diabetes_in_check_app
 The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5906
MISCf5 -- multiple_products
 An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.2017-05-01not yet calculatedCVE-2017-6128
CONFIRMforex.com -- forextrader_app
 The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5912
MISCforex.com -- tradeking_forex_app
 The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5913
MISCfoxit_software -- foxit_reader_phantompdfFoxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.2017-05-03not yet calculatedCVE-2017-8454
MISC
MISCfoxit_software -- foxit_reader_phantompdf
 Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.2017-05-03not yet calculatedCVE-2017-8453
MISC
MISCfoxit_software -- foxit_reader_phantompdf
 Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.2017-05-03not yet calculatedCVE-2017-8455
MISC
MISCfoxit_software -- foxit_reader
 Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in.2017-05-05not yet calculatedCVE-2017-8059
MISCfranklin_fueling_systems -- ts-550_evo

 On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.2017-05-01not yet calculatedCVE-2017-6565
MISC
MISCfranklin_fueling_systems -- ts-550_evo
 On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.2017-05-01not yet calculatedCVE-2017-6564
MISC
MISCgenixcms -- genixcms
 GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.2017-05-03not yet calculatedCVE-2017-8762
MISCgenixcms -- genixcms
 GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.2017-05-01not yet calculatedCVE-2017-8377
MISCgenixcms -- genixcms
 GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator.2017-05-01not yet calculatedCVE-2017-8376
MISCgenixcms -- genixcms
 GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element.2017-05-04not yet calculatedCVE-2017-8780
MISCgenixcms -- genixcms
 GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.2017-05-01not yet calculatedCVE-2017-8388
MISCgetsimple -- getsimple_cms
 Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.2017-04-30not yet calculatedCVE-2017-8081
CONFIRMgitlab -- gitlab
 GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.2017-05-04not yet calculatedCVE-2017-8778
CONFIRM
CONFIRMgnu_binutils -- gnu_binutils
 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.2017-05-01not yet calculatedCVE-2017-8397
CONFIRMgnu_binutils -- gnu_binutils
 The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this.2017-05-02not yet calculatedCVE-2017-8421
CONFIRMgnu_binutils -- gnu_binutils
 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.2017-05-01not yet calculatedCVE-2017-8396
CONFIRMgnu_binutils -- gnu_binutils
 dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash.2017-05-01not yet calculatedCVE-2017-8398
CONFIRMgnu_binutils -- gnu_binutils
 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.2017-05-01not yet calculatedCVE-2017-8394
CONFIRMgnu_binutils -- gnu_binutils
 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash.2017-05-01not yet calculatedCVE-2017-8395
CONFIRMgnu_binutils -- gnu_binutils
 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash.2017-05-01not yet calculatedCVE-2017-8393
CONFIRMgnu_binutils -- gnu_binutils
 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.2017-05-01not yet calculatedCVE-2017-8392
CONFIRMgnulib -- gnulib
 Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.2017-05-02not yet calculatedCVE-2017-7476
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMgoogle -- grpc
 Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.2017-04-30not yet calculatedCVE-2017-8359
BID
MISC
MISCgreat_southern_bank -- great_southern_mobile_banking_app
 The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5907
MISChibara -- attachecase
 Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.2017-04-28not yet calculatedCVE-2016-7842
JVN
BID
MISChibara -- attachecase
 Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.2017-04-28not yet calculatedCVE-2016-7843
JVN
MISC
BIDhikvision -- ds-2cd2xx2f-i_ds-2cd2xx0f-i
 An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.2017-05-05not yet calculatedCVE-2017-7921
MISC
MISChikvision -- ds-2cd2xx2f-i_ds-2cd2xx0f-i
 A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.2017-05-05not yet calculatedCVE-2017-7923
MISC
MISCibm -- bigfix_remote_control
 IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512.2017-05-03not yet calculatedCVE-2016-2930
CONFIRM
BIDibm -- insights_foundation_for_energy
 IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907.2017-04-28not yet calculatedCVE-2017-1141
CONFIRM
BIDibm -- marketing_platform
 IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564.2017-05-05not yet calculatedCVE-2016-0255
CONFIRMibm -- maximo_asset_management
 IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252.2017-05-03not yet calculatedCVE-2016-9976
CONFIRM
BIDibm -- tealeaf_consumer_experience
 The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.2017-05-03not yet calculatedCVE-2016-0382
CONFIRM
BIDibm -- tivoli_storage_manager
 IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.2017-05-05not yet calculatedCVE-2016-8916
CONFIRMibm -- websphere_cast_iron_solutions
 IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.2017-05-05not yet calculatedCVE-2016-9691
CONFIRMibm -- websphere_cast_iron_solutions
 IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516.2017-05-05not yet calculatedCVE-2016-9692
CONFIRMibm -- websphere_portal
 IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 1225922017-05-05not yet calculatedCVE-2017-1156
CONFIRMimagemagick -- imagemagick
 The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.2017-05-04not yet calculatedCVE-2017-8765
CONFIRMintel -- intel_manageability_programs
 An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).2017-05-02not yet calculatedCVE-2017-5689
BID
CONFIRM
CONFIRM
MISC
MISC
MISCiodata -- webcam_firmware
 Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-04-28not yet calculatedCVE-2017-2113
JVN
MISC
BIDiodata -- webcam_firmware
 HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information.2017-04-28not yet calculatedCVE-2017-2111
JVN
MISC
BIDiodata -- webcam_firmware
 TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-04-28not yet calculatedCVE-2017-2112
JVN
MISC
BIDirfanview -- irfanview
 IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file.2017-04-30not yet calculatedCVE-2017-7721
CONFIRM
MISCirods -- irods
 Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved via igetwild. Because igetwild is a Bash script, the part of the pathname following the semicolon would be executed in the user's shell.2017-05-05not yet calculatedCVE-2017-8799
CONFIRMk-opticom -- business_lala_call_app
 The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-28not yet calculatedCVE-2017-2104
JVN
BIDk-opticom -- lala_call_app
 The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-28not yet calculatedCVE-2017-2103
JVN
BIDkerio -- connect
 Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.2017-05-02not yet calculatedCVE-2017-7440
MISCkmcis -- caseaware
 An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.2017-05-01not yet calculatedCVE-2017-5631
MISClame -- lame
 LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels.2017-05-02not yet calculatedCVE-2017-8419
MISClibreoffice -- libreoffice
 LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.2017-04-30not yet calculatedCVE-2017-8358
MISC
MISClibtirpc_ntirpc -- libtirpc_ntirpc
 rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.2017-05-04not yet calculatedCVE-2017-8779
MISC
MISC
MISC
MISClinux -- linux_kernel
 The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.2017-05-02not yet calculatedCVE-2014-9940
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.2017-05-02not yet calculatedCVE-2015-9004
CONFIRM
BID
CONFIRM
CONFIRMlinux -- linux_kernel
 The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.2017-04-28not yet calculatedCVE-2017-7895
BID
CONFIRM
CONFIRMlinuxcontainers -- lxc
 lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls.2017-05-01not yet calculatedCVE-2016-8649
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMnetiq -- imanager
 NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.2017-05-03not yet calculatedCVE-2017-7428
CONFIRM
CONFIRM
CONFIRMnovell -- imanager
 Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.2017-05-03not yet calculatedCVE-2017-7431
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMnovell -- imanager
 Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.2017-05-03not yet calculatedCVE-2017-7430
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMnovell -- imanager
 Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.2017-05-03not yet calculatedCVE-2017-7432
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMnvidia -- video_driver
 An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331.2017-05-02not yet calculatedCVE-2017-0331
CONFIRMopenssl -- openssl
 In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.2017-05-04not yet calculatedCVE-2016-7053
BID
CONFIRMopenssl -- openssl
 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.2017-05-04not yet calculatedCVE-2017-3732
BID
CONFIRMopenssl -- openssl
 There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected.2017-05-04not yet calculatedCVE-2016-7055
BID
CONFIRMopenssl -- openssl
 If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.2017-05-04not yet calculatedCVE-2017-3731
BID
CONFIRMopenssl -- openssl
 During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.2017-05-04not yet calculatedCVE-2017-3733
BID
CONFIRMopenssl -- openssl
 In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.2017-05-04not yet calculatedCVE-2017-3730
BID
CONFIRMopenssl -- openssl
 In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.2017-05-04not yet calculatedCVE-2016-7054
BID
CONFIRMopsview -- monitor_pro
 In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /.2017-05-03not yet calculatedCVE-2016-10367
MISCopsview -- monitor_pro
 Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI.2017-05-03not yet calculatedCVE-2016-10368
MISCpalo_alto_networks -- pan-os
 The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters.2017-05-02not yet calculatedCVE-2017-7216
BID
CONFIRMpanda_security -- panda_mobile_security_app
 Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.2017-05-05not yet calculatedCVE-2017-8060
MISCpayquicker -- payquicker_app
 The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5902
MISCpcre2 -- pcre2
 pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.2017-05-04not yet calculatedCVE-2017-8786
MISC
MISC
MISC
MISCpcre2 -- pcre2
 PCRE2 before 2017-03-10 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures."2017-05-01not yet calculatedCVE-2017-8399
MISC
MISCpexip -- infinity
 Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.2017-05-02not yet calculatedCVE-2017-6551
BID
CONFIRMpodofo -- podofo
 Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.2017-04-30not yet calculatedCVE-2017-8378
MISCpodofo -- podpfo
 The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.2017-05-05not yet calculatedCVE-2017-8787
MISCprimedrive -- desktop_application
 Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-04-28not yet calculatedCVE-2017-2108
JVN
BID
MISCproxmox -- mail_gateway
 Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.2017-05-03not yet calculatedCVE-2015-9058
MISCproxmox -- mail_gateway
 Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm.2017-05-03not yet calculatedCVE-2015-9057
MISCqemu -- qemu
 Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable.2017-05-02not yet calculatedCVE-2017-8086
CONFIRM
MLIST
BID
CONFIRM
MLISTqemu -- qemu
 hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.2017-05-02not yet calculatedCVE-2017-8112
MLIST
BID
CONFIRM
MLISTquick_heal -- multiple_productsQuick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.2017-05-04not yet calculatedCVE-2017-8774
MISCquick_heal -- multiple_products
 Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.2017-05-04not yet calculatedCVE-2017-8775
MISCquick_heal -- multiple_products
 Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation.2017-05-04not yet calculatedCVE-2017-8773
MISCquick_heal -- multiple_products
 Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product.2017-05-04not yet calculatedCVE-2017-8776
MISCradicale -- radicale
 Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method.2017-04-30not yet calculatedCVE-2017-8342
CONFIRM
CONFIRM
CONFIRM
CONFIRMrapid7 -- appspider_pro
 Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.2017-05-03not yet calculatedCVE-2017-5236
CONFIRMrapid7 -- appspider_pro
 Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash.2017-05-03not yet calculatedCVE-2017-5240
CONFIRMrockwell_automation -- controllogix_5580_controllers
 A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.2017-05-05not yet calculatedCVE-2017-6024
MISCrubocop -- rubocopRuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.2017-05-02not yet calculatedCVE-2017-8418
MISC
MISCruby -- ruby
 The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.2017-05-02not yet calculatedCVE-2016-4442
MLIST
CONFIRM
CONFIRMrxvt -- rxvt
 Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read.2017-05-02not yet calculatedCVE-2017-7483
MLIST
MLISTrzip -- rzip_2.1
 The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.2017-04-30not yet calculatedCVE-2017-8364
MISCsandisk -- sdhc/sdxc_memory_card
 Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-04-28not yet calculatedCVE-2017-2149
JVN
BID
MISCschneider_electric -- struxureware_data_center_expert
 Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.2017-04-30not yet calculatedCVE-2017-8371
MISC
MISCsmalruby-editor -- smalruby-editor
 smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-04-28not yet calculatedCVE-2017-2096
JVN
MISC
BIDsoftonic -- panda_free_antivirus
 PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.2017-04-30not yet calculatedCVE-2017-8339
MISCspace_coast_credit_union -- space_coast_credit_union_mobile_app
 The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-3212
MISC
BID
MISCstate_bank_of_india -- state_bank_anywhere_app
 The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-5901
MISCsupport-project -- knowledge
 Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-04-28not yet calculatedCVE-2017-2097
JVN
BIDswftools -- swftools
 In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.2017-05-01not yet calculatedCVE-2017-8401
CONFIRMswftools -- swftools
 In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution.2017-05-01not yet calculatedCVE-2017-8400
CONFIRMtelaxus -- epesi
 Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter.2017-05-04not yet calculatedCVE-2017-8763
MISCtelegram -- telegram_desktop
 Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations.2017-04-30not yet calculatedCVE-2016-10351
MISCtex_live -- tex_live
 TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.2017-05-02not yet calculatedCVE-2016-10243
DEBIAN
MLIST
BID
FEDORA
FEDORA
MISC
CONFIRMthink_mutual_bank -- think_mutual_bank_mobile_banking_app
 The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-05-05not yet calculatedCVE-2017-3213
MISC
BID
MISCtrend_micro -- officescan
 Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.2017-05-03not yet calculatedCVE-2017-5481
BID
CONFIRMtrend_micro -- officescan
 Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.2017-05-05not yet calculatedCVE-2017-8801
CONFIRM
CONFIRMtver -- tver_app
 The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-04-28not yet calculatedCVE-2017-2105
JVN
BIDunderbit -- mad
 The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.2017-04-30not yet calculatedCVE-2017-8372
MISCunderbit -- mad
 The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.2017-04-30not yet calculatedCVE-2017-8373
MISCunderbit -- mad
 The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.2017-04-30not yet calculatedCVE-2017-8374
MISCvaultive -- o365
 PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure).2017-05-03not yet calculatedCVE-2017-7229
MISCvivaldi_software -- vivaldi
 Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-04-28not yet calculatedCVE-2017-2156
BID
JVN
MISCwebmin -- webmin
 Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-04-28not yet calculatedCVE-2017-2106
JVN
BID
MISCwordpress -- wordpress
 WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.2017-05-04not yet calculatedCVE-2017-8295
BID
MISC
EXPLOIT-DBxen_project -- xen
 Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.2017-05-03not yet calculatedCVE-2017-7995
CONFIRM
CONFIRMxirrus -- arrayos
 SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.2017-05-05not yet calculatedCVE-2017-6557
CONFIRMBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Pages