CERT

Subscribe to CERT feed
Updated: 45 min 3 sec ago

Oracle Patches Apache Vulnerabilities

8 hours 7 min ago
Original release date: September 25, 2017

Oracle has released security updates to address Apache Struts 2 vulnerabilities found across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. 

US-CERT encourages users and administrators to review the Oracle Security Alert and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-268: Vulnerability Summary for the Week of September 18, 2017

9 hours 52 min ago
Original release date: September 25, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocorega -- wlr_300_nm_firmwareCG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.2017-09-157.7CVE-2017-10813
MISC
JVNcorega -- wlr_300_nm_firmwareBuffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors.2017-09-157.7CVE-2017-10814
MISC
JVNdaj -- i-filter_installerUntrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-09-159.3CVE-2017-10858
MISC
JVNdaj -- i-filter_installerUntrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-09-159.3CVE-2017-10859
MISC
JVNdaj -- i-filter_installerUntrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-09-159.3CVE-2017-10860
MISC
BID
JVNfujitsu -- fence-explorerUntrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-09-159.3CVE-2017-10855
MISC
JVNhelpdesk_pro_project -- helpdesk_proMultiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.2017-09-207.5CVE-2015-4073
MISC
FULLDISC
BID
EXPLOIT-DBimagemagick -- imagemagickImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.2017-09-177.1CVE-2017-14531
BID
CONFIRMimagemagick -- imagemagickImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.2017-09-177.5CVE-2017-14532
BID
CONFIRMimagemagick -- imagemagickImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.2017-09-217.5CVE-2017-14624
BID
CONFIRMimagemagick -- imagemagickImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.2017-09-217.5CVE-2017-14625
BID
CONFIRMimagemagick -- imagemagickImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.2017-09-217.5CVE-2017-14626
BID
CONFIRM
CONFIRMlinux -- linux_kernelThe tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.2017-09-157.2CVE-2017-14497
CONFIRM
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMnexusphp_project -- nexusphpNexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.2017-09-177.5CVE-2017-14512
MISCnttdocomo -- wi-fi_station_l-02f_firmwareWi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.2017-09-1510.0CVE-2017-10845
JVN
MISCpolycom -- realpresence_resource_managerPolycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.2017-09-197.2CVE-2015-4681
FULLDISC
BUGTRAQ
BID
MISC
CONFIRM
EXPLOIT-DBpolycom -- realpresence_resource_managerPolycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.2017-09-197.5CVE-2015-4683
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
EXPLOIT-DBBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocisco -- cloud_web_securityCisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.2017-09-195.0CVE-2015-0689
CISCOfreedesktop -- popplerIn Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.2017-09-174.3CVE-2017-14517
CONFIRMfreedesktop -- popplerIn Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.2017-09-176.8CVE-2017-14518
CONFIRMfreedesktop -- popplerIn Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).2017-09-175.0CVE-2017-14519
CONFIRMfreedesktop -- popplerIn Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.2017-09-176.8CVE-2017-14520
CONFIRMgnu -- binutilsThe pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function.2017-09-174.3CVE-2017-14529
CONFIRM
CONFIRM
CONFIRMgoogle -- androidInteger overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727.2017-09-154.6CVE-2015-1527
BID
CONFIRM
MISCgraphicsmagick -- graphicsmagickReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.2017-09-174.3CVE-2017-14504
CONFIRM
BID
CONFIRM
CONFIRMhelpdesk_pro_project -- helpdesk_proDirectory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.2017-09-205.0CVE-2015-4074
MISC
FULLDISC
BID
EXPLOIT-DBhelpdesk_pro_project -- helpdesk_proThe Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.2017-09-206.8CVE-2015-4075
MISC
FULLDISC
BID
EXPLOIT-DBhuawei -- p8_firmwareHuawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths.2017-09-204.3CVE-2015-8224
CONFIRMibm -- security_identity_managerCross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors.2017-09-186.8CVE-2014-6106
BID
XF
CONFIRMimagemagick -- imagemagickDrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.2017-09-174.3CVE-2017-14505
BID
CONFIRMimagemagick -- imagemagickThe TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.2017-09-174.3CVE-2017-14528
MISC
BID
MISCimagemagick -- imagemagickImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.2017-09-174.3CVE-2017-14533
BID
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.2017-09-205.8CVE-2017-14607
BID
CONFIRMirfanview -- irfanviewIrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x000000000011d767."2017-09-184.6CVE-2017-14539
MISCirfanview -- irfanviewIrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e."2017-09-184.6CVE-2017-14540
MISCirfanview -- irfanviewIrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4."2017-09-184.6CVE-2017-14578
MISCjoomla -- joomla!Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.2017-09-205.8CVE-2015-5608
BID
CONFIRMlibarchive -- libarchiveAn out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.2017-09-174.3CVE-2017-14501
MISC
MISClibarchive -- libarchiveread_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.2017-09-175.0CVE-2017-14502
MISC
MISC
MISClibarchive -- libarchivelibarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.2017-09-174.3CVE-2017-14503
MISC
MISClinux -- linux_kernelThe access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).2017-09-204.9CVE-2017-12168
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernelThe iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.2017-09-154.9CVE-2017-14489
CONFIRM
CONFIRMmagento -- e-commerceCross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.2017-09-204.3CVE-2014-9758
MISC
MLISTmetinfo -- metinfoDirectory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.2017-09-175.0CVE-2017-14513
MISCmoodle -- moodleMoodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.2017-09-184.3CVE-2017-12156
BID
CONFIRMnexusphp_project -- nexusphpCross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.2017-09-184.3CVE-2017-14534
MISCnttdocomo -- wi-fi_station_l-02f_firmwareWi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.2017-09-155.0CVE-2017-10846
JVN
MISCopenwebif_project -- openwebifOpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access.2017-09-176.8CVE-2017-9333
MISC
MISCpolycom -- realpresence_resource_managerPolycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.2017-09-194.0CVE-2015-4682
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
EXPLOIT-DBpolycom -- realpresence_resource_managerMultiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.2017-09-195.5CVE-2015-4684
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
EXPLOIT-DBpolycom -- realpresence_resource_managerPolycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.2017-09-194.4CVE-2015-4685
MISC
FULLDISC
BUGTRAQ
BID
CONFIRM
EXPLOIT-DBpragyan_cms_project -- pragyan_cmsPragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.2017-09-194.0CVE-2017-14600
MISCpragyan_cms_project -- pragyan_cmsPragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.2017-09-194.0CVE-2017-14601
MISCpydio -- pydioMultiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities."2017-09-194.3CVE-2015-3432
BID
CONFIRMsilverstripe -- silverstripeSilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.2017-09-154.3CVE-2017-14498
MISC
MISC
MISC
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .epub file, related to a "Read Access Violation on Block Data Move starting at STDUEPubFile!DllUnregisterServer+0x0000000000010262."2017-09-184.6CVE-2017-14542
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335."2017-09-184.6CVE-2017-14543
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUEPubFile!DllUnregisterServer+0x000000000003fff1."2017-09-184.6CVE-2017-14544
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332."2017-09-184.6CVE-2017-14545
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."2017-09-184.6CVE-2017-14546
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a "Read Access Violation starting at STDUMOBIFile!DllUnregisterServer+0x000000000002efc0."2017-09-184.6CVE-2017-14547
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000854d."2017-09-184.6CVE-2017-14548
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d."2017-09-184.6CVE-2017-14549
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000e8b8."2017-09-184.6CVE-2017-14550
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2."2017-09-184.6CVE-2017-14551
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9."2017-09-184.6CVE-2017-14552
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x00000000000085f5."2017-09-184.6CVE-2017-14553
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d908."2017-09-184.6CVE-2017-14554
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000ec6e."2017-09-184.6CVE-2017-14555
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000da27."2017-09-184.6CVE-2017-14556
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000dd3f."2017-09-184.6CVE-2017-14557
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2."2017-09-184.6CVE-2017-14558
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005af2."2017-09-184.6CVE-2017-14559
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2."2017-09-184.6CVE-2017-14560
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638."2017-09-184.6CVE-2017-14561
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."2017-09-184.6CVE-2017-14562
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005311."2017-09-184.6CVE-2017-14563
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000028657."2017-09-184.6CVE-2017-14564
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000038f2fbf called from image00000000_00400000+0x0000000000240065."2017-09-184.6CVE-2017-14565
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x00000000039d76c4 called from Unknown Symbol @ 0x0000000000049d2c."2017-09-184.6CVE-2017-14566
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b."2017-09-184.6CVE-2017-14567
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x000000000297024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025630."2017-09-184.6CVE-2017-14568
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Read Access Violation starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd5."2017-09-184.6CVE-2017-14569
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1."2017-09-184.6CVE-2017-14570
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706."2017-09-184.6CVE-2017-14571
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b."2017-09-184.6CVE-2017-14572
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566a."2017-09-184.6CVE-2017-14573
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x0000000004940490."2017-09-184.6CVE-2017-14574
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566c."2017-09-184.6CVE-2017-14575
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281."2017-09-184.6CVE-2017-14576
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d."2017-09-184.6CVE-2017-14577
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000005b70."2017-09-184.6CVE-2017-14579
MISCsugarcrm -- sugarcrmAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.2017-09-176.5CVE-2017-14508
MISC
MISCsugarcrm -- sugarcrmAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.2017-09-176.5CVE-2017-14509
MISC
MISCsugarcrm -- sugarcrmAn issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along.2017-09-174.3CVE-2017-14510
MISC
MISCtenda -- w15e_firmwareDirectory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.2017-09-175.0CVE-2017-14514
CONFIRMtenda -- w15e_firmwareHeap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors.2017-09-175.0CVE-2017-14515
CONFIRMxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823."2017-09-184.6CVE-2017-14538
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e."2017-09-184.6CVE-2017-14541
MISCxnview -- xnviewXnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f."2017-09-184.6CVE-2017-14580
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoafterlogic -- auroraAdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.2017-09-193.5CVE-2017-14597
CONFIRMhelpdesk_pro_project -- helpdesk_proMultiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.2017-09-203.5CVE-2015-4072
MISC
FULLDISC
BID
EXPLOIT-DBibm -- curam_social_program_managementCross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568.2017-09-193.5CVE-2014-6191
CONFIRM
BIDvmware -- vcenter_serverVMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.2017-09-153.5CVE-2017-4926
BID
SECTRACK
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info389_directory_server -- 389_directory_server
 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.2017-09-19not yet calculatedCVE-2015-1854
FEDORA
BID
REDHAT
CONFIRMabstrium -- pydio
 Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."2017-09-19not yet calculatedCVE-2015-3431
BID
CONFIRMapache -- http_server
 Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.2017-09-18not yet calculatedCVE-2017-9798
MISC
BID
SECTRACK
MISC
MISC
MISC
MISC
MISC
MISC
EXPLOIT-DBapache -- solr
 Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Solr 6.6.1 onwards.2017-09-18not yet calculatedCVE-2017-9803
MLIST
BIDapache -- struts2
 In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.2017-09-20not yet calculatedCVE-2017-9804
CONFIRM
BID
SECTRACK
CONFIRM
CISCOapache -- struts2
 The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.2017-09-15not yet calculatedCVE-2017-9805
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
EXPLOIT-DBapache -- struts2
 In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.2017-09-20not yet calculatedCVE-2016-6795
BID
CONFIRMapache -- struts2
 In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.2017-09-20not yet calculatedCVE-2017-12611
CONFIRM
BID
CONFIRM
CONFIRMapache -- struts2
 The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.2017-09-20not yet calculatedCVE-2017-9793
CONFIRM
BID
SECTRACK
CONFIRM
CISCOapache -- struts2
 In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.2017-09-20not yet calculatedCVE-2016-8738
BID
CONFIRMapache -- tomcat
 When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.2017-09-19not yet calculatedCVE-2017-12615
BID
SECTRACK
MLISTapache -- tomcat
 When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.2017-09-19not yet calculatedCVE-2017-12616
BID
SECTRACK
MLISTarm -- trusted_firmware
 The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.2017-09-20not yet calculatedCVE-2017-9607
CONFIRM
CONFIRMartifex -- mupdf
 Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.2017-09-22not yet calculatedCVE-2017-14685
MISC
MISC
MISCartifex -- mupdf
 Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.2017-09-22not yet calculatedCVE-2017-14686
MISC
MISC
MISCartifex -- mupdf
 Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.2017-09-22not yet calculatedCVE-2017-14687
MISC
MISC
MISCasp4cms -- aspcms
 member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter.2017-09-22not yet calculatedCVE-2017-14653
MISCastaro -- security_gateway
 Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.2017-09-19not yet calculatedCVE-2017-6315
EXPLOIT-DBbareos -- bareos
 bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.2017-09-20not yet calculatedCVE-2017-14610
MISCbe126 -- wifi_repeater
 On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the telnet and will infect the device with malicious code.2017-09-20not yet calculatedCVE-2017-8771
MISCbe126 -- wifi_repeater
 On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires (malicious or not).2017-09-20not yet calculatedCVE-2017-8772
MISCbe126 -- wifi_repeater
 There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.2017-09-20not yet calculatedCVE-2017-8770
MISC
EXPLOIT-DBbento4 -- bento4A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.2017-09-21not yet calculatedCVE-2017-14644
MISCbento4 -- bento4The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h.2017-09-21not yet calculatedCVE-2017-14643
MISC
MISC
MISCbento4 -- bento4A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service.2017-09-21not yet calculatedCVE-2017-14645
MISCbento4 -- bento4A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPartial in System/StdC/Ap4StdCFileByteStream.cpp, which leads to remote denial of service.2017-09-21not yet calculatedCVE-2017-14642
MISC
MISC
MISCbento4 -- bento4
 A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.2017-09-21not yet calculatedCVE-2017-14647
MISCbento4 -- bento4
 The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.2017-09-21not yet calculatedCVE-2017-14646
MISC
MISC
MISCbento4 -- bento4
 A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.2017-09-21not yet calculatedCVE-2017-14640
MISC
MISC
MISCbento4 -- bento4
 AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h.2017-09-21not yet calculatedCVE-2017-14638
MISC
MISC
MISCbento4 -- bento4
 A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.2017-09-21not yet calculatedCVE-2017-14641
MISC
MISC
MISCbento4 -- bento4
 AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact.2017-09-21not yet calculatedCVE-2017-14639
MISC
MISC
MISCbladeenc -- bladeenc
 A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.2017-09-21not yet calculatedCVE-2017-14648
MISCca -- identity_manager
 CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.2017-09-22not yet calculatedCVE-2017-9393
BID
CONFIRMchef_software -- chef
 The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages.2017-09-21not yet calculatedCVE-2015-8559
MLIST
CONFIRMcisco -- email_securit_appliance
 A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354.2017-09-21not yet calculatedCVE-2017-12215
BID
SECTRACK
CONFIRMcisco -- findit_network_discovery_utility
 A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCve89785.2017-09-21not yet calculatedCVE-2017-12252
BID
CONFIRMcisco -- small_business_managed_switches
 A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377.2017-09-21not yet calculatedCVE-2017-6720
BID
CONFIRMcisco -- small_business_spa_series_phones
 A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.2017-09-21not yet calculatedCVE-2017-12219
BID
SECTRACK
CONFIRMcisco -- ucs_central_software
 A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerability by entering a specific command with crafted arguments. An exploit could allow the attacker to gain shell access to the underlying system. Cisco Bug IDs: CSCve70762.2017-09-21not yet calculatedCVE-2017-12255
BID
SECTRACK
CONFIRMcisco -- unified_customer_voice_portal
 A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752.2017-09-21not yet calculatedCVE-2017-12214
BID
SECTRACK
CONFIRMcisco -- unified_intelligence_center_software

 A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856.2017-09-21not yet calculatedCVE-2017-12254
BID
SECTRACK
CONFIRMcisco -- unified_intelligence_center_software
 A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872.2017-09-21not yet calculatedCVE-2017-12253
BID
SECTRACK
CONFIRMcisco -- unified_intelligence_center_software
 A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835.2017-09-21not yet calculatedCVE-2017-12248
BID
SECTRACK
CONFIRMcisco -- wide_area_application_services
 A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048.2017-09-21not yet calculatedCVE-2017-12250
BID
SECTRACK
CONFIRMcodeigniter -- codeigniter
 CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.2017-09-19not yet calculatedCVE-2014-8686
MISC
MISC
CONFIRM
MISCcodeigniter_and_kohana -- codeigniter_and_kohana
 CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes.2017-09-19not yet calculatedCVE-2014-8684
MISC
FULLDISC
CONFIRM
MISCcoreutils -- coreutils
 fts.c in coreutils 8.4 allows local users to delete arbitrary files.2017-09-20not yet calculatedCVE-2015-1865
BID
CONFIRMcyberlink -- cyberlink_labelprint
 Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.2017-09-23not yet calculatedCVE-2017-14627
MISCd-link_and_trendnet -- d-link_and_trendnet
 The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.2017-09-21not yet calculatedCVE-2015-1187
MISC
MISC
FULLDISC
CONFIRM
BID
MISCdenyall -- waf
 DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.2017-09-22not yet calculatedCVE-2017-14706
MISC
MISC
MISCdenyall -- waf
 DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.2017-09-22not yet calculatedCVE-2017-14705
MISC
MISC
MISCdovecot -- dovecot
 The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.2017-09-19not yet calculatedCVE-2015-3420
FEDORA
FEDORA
FEDORA
MLIST
MLIST
BID
CONFIRM
MLIST
MLISTedeploy -- edeploy
 eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files.2017-09-19not yet calculatedCVE-2014-8174
CONFIRM
MISCember.js -- ember.js
 Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.2017-09-20not yet calculatedCVE-2015-1866
MLIST
BID
CONFIRMemc -- vipr_srm
 In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.2017-09-21not yet calculatedCVE-2017-8007
CONFIRM
BID
SECTRACK
SECTRACKemc -- vipr_srm
 In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities.2017-09-21not yet calculatedCVE-2017-8012
CONFIRM
SECTRACK
SECTRACKepesi -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.2017-09-22not yet calculatedCVE-2017-14713
MISCepesi -- epesi
 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.2017-09-22not yet calculatedCVE-2017-14712
MISCepesi -- epesi
 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.2017-09-22not yet calculatedCVE-2017-14714
MISCepesi -- epesi
 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.2017-09-22not yet calculatedCVE-2017-14716
MISCepesi -- epesi
 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.2017-09-22not yet calculatedCVE-2017-14717
MISCepesi -- epesi
 In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.2017-09-22not yet calculatedCVE-2017-14715
MISCf5 -- multiple_products
 In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server.2017-09-18not yet calculatedCVE-2017-6147
CONFIRMfoxit -- foxit_reader
 Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f."2017-09-22not yet calculatedCVE-2017-14694
MISCfreeipa -- freeipa
 FreeIPA might display user data improperly via vectors involving non-printable characters.2017-09-20not yet calculatedCVE-2015-5179
CONFIRM
MISCfreeipa -- freeipa
 ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.2017-09-21not yet calculatedCVE-2015-5284
CONFIRM
CONFIRM
CONFIRM
MLISTgnome -- nautilus
 GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.2017-09-20not yet calculatedCVE-2017-14604
MISC
MISC
MISC
MISC
MISC
MISCgo-ldap -- go-ldap
 In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.2017-09-20not yet calculatedCVE-2017-14623
CONFIRM
CONFIRMgood_technology -- good_fore_enterprise_application
 The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application.2017-09-20not yet calculatedCVE-2015-9232
MISC
MISC
MISCgraphicsmagick -- graphicsmagick
 ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).2017-09-21not yet calculatedCVE-2017-14649
MISC
BID
MISC
MISCiball -- baton_adsl2+_router
 An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.2017-09-17not yet calculatedCVE-2017-14244
EXPLOIT-DB
MISCibm -- security_siteprotector_system
 IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.2017-09-20not yet calculatedCVE-2015-0162
BID
XF
CONFIRMimagemagick -- imagemagick
 A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line.2017-09-21not yet calculatedCVE-2017-14650
MISC
MISC
MISCimagemagick -- imagemagick
 In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.2017-09-21not yet calculatedCVE-2017-14684
CONFIRMimagemagick -- imagemagick
 GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.2017-09-21not yet calculatedCVE-2017-14682
CONFIRMinstack-undercloud -- instack-undercloud
 A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.2017-09-21not yet calculatedCVE-2017-7549
BID
CONFIRMipython -- ipython
 Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.2017-09-21not yet calculatedCVE-2015-4706
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRMipython -- ipython
 Cross-site request forgery in the REST API in IPython 2 and 3.2017-09-20not yet calculatedCVE-2015-5607
FEDORA
FEDORA
MLIST
CONFIRM
CONFIRM
CONFIRMipython -- ipython
 Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.2017-09-20not yet calculatedCVE-2015-4707
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRMirfanview -- irfanview
 IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613."2017-09-22not yet calculatedCVE-2017-14693
MISCiterm2 -- iterm2
 iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware.2017-09-20not yet calculatedCVE-2015-9231
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCjoomla! -- joomla!
 In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.2017-09-20not yet calculatedCVE-2017-14595
BID
SECTRACK
CONFIRMjoomla! -- joomla!
 In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.2017-09-20not yet calculatedCVE-2017-14596
BID
SECTRACK
CONFIRMkallithea -- kallithea
 Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.2017-09-21not yet calculatedCVE-2015-0276
MLIST
BID
CONFIRMkallithea -- kallithea
 Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.2017-09-19not yet calculatedCVE-2015-1864
MLIST
BID
CONFIRM
CONFIRMkaltura -- kaltura
 Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php.2017-09-19not yet calculatedCVE-2017-14142
CONFIRM
CONFIRM
MISCkaltura -- kaltura
 The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.2017-09-19not yet calculatedCVE-2017-14143
CONFIRM
MISCkaltura -- kaltura
 The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.2017-09-19not yet calculatedCVE-2017-14141
CONFIRM
MISCkannel -- kannel
 The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox.2017-09-20not yet calculatedCVE-2017-14609
MISClandesk -- landesk_management_suite
 The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx.2017-09-19not yet calculatedCVE-2014-5362
MISC
BUGTRAQ
BID
SECTRACKlenovo -- lxcaPrivilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.2017-09-22not yet calculatedCVE-2017-3770
CONFIRMlenovo -- lxca
 An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.2017-09-22not yet calculatedCVE-2017-3763
CONFIRMlibexif -- libexif
 libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.2017-09-21not yet calculatedCVE-2017-7544
MISClibpgf -- libpgf
 Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32.2017-09-20not yet calculatedCVE-2015-6673
MLIST
MISC
MISC
MISC
MISC
MISClibraw -- libraw
 In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.2017-09-20not yet calculatedCVE-2017-14608
CONFIRM
CONFIRMlibsndfile -- libsndfile
 In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file.2017-09-21not yet calculatedCVE-2017-14634
MISClibsndfile -- libsndfile
 An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.2017-09-21not yet calculatedCVE-2017-14246
MISClibsndfile -- libsndfile
 An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values.2017-09-21not yet calculatedCVE-2017-14245
MISClinux -- linux_kernel
 The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.2017-09-19not yet calculatedCVE-2015-7837
REDHAT
REDHAT
MLIST
BID
CONFIRM
CONFIRMlinux -- linux_kernel
 node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).2017-09-20not yet calculatedCVE-2015-2927
MLIST
MISC
CONFIRMlinux -- linux_kernel
 The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.2017-09-15not yet calculatedCVE-2017-14340
CONFIRM
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRMlinux -- linux_kernel
 A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.2017-09-21not yet calculatedCVE-2017-12153
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMmicro_focus -- visibroker
 An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.2017-09-21not yet calculatedCVE-2017-9283
MISCmicro_focus -- visibroker
 An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.2017-09-21not yet calculatedCVE-2017-9282
MISCmicro_focus -- visibroker
 An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service.2017-09-21not yet calculatedCVE-2017-9281
MISCmirasvit -- helpdesk_mx
 Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.2017-09-21not yet calculatedCVE-2017-14320
MISCmirasvit -- helpdesk_mx
 Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket.2017-09-21not yet calculatedCVE-2017-14321
MISCmirion_technologies -- telemetry_enabled_device
 An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level.2017-09-20not yet calculatedCVE-2017-9645
BID
MISCmirion_technologies -- telemetry_enabled_device
 A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware.2017-09-20not yet calculatedCVE-2017-9649
BID
MISCmoodle -- moodle
 In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.2017-09-18not yet calculatedCVE-2017-12157
BID
CONFIRMmy_bb -- tapatalk_plugin
 SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process.2017-09-21not yet calculatedCVE-2017-14652
MISC
MISCnetmechanica -- netdecision
 The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call.2017-09-19not yet calculatedCVE-2017-14311
EXPLOIT-DBnetsweeper -- netsweeper
 The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.2017-09-19not yet calculatedCVE-2014-9618
MISC
EXPLOIT-DBnetsweeper -- netsweeper
 Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.2017-09-19not yet calculatedCVE-2014-9619
MISC
EXPLOIT-DBnetsweeper -- netsweeper
 Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page.2017-09-19not yet calculatedCVE-2014-9616
MISCnetsweeper -- netsweeper
 Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.2017-09-19not yet calculatedCVE-2014-9610
MISC
EXPLOIT-DBnetsweeper -- netsweeper
 Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.2017-09-19not yet calculatedCVE-2014-9611
MISC
EXPLOIT-DBnewsbeuter -- newsbeuter
 Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.2017-09-17not yet calculatedCVE-2017-14500
MISC
MISC
MISC
MISCnodebb -- nodebb
 Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.2017-09-21not yet calculatedCVE-2015-3296
MLIST
BID
CONFIRMnvidia -- display_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.2017-09-22not yet calculatedCVE-2017-6269
CONFIRMnvidia -- display_driver
 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.2017-09-22not yet calculatedCVE-2017-6266
CONFIRMnvidia -- display_driver
 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.2017-09-22not yet calculatedCVE-2017-6267
CONFIRMnvidia -- display_driver
 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service.2017-09-22not yet calculatedCVE-2017-6270
CONFIRMnvidia -- display_driver
 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.2017-09-22not yet calculatedCVE-2017-6272
CONFIRMnvidia -- display_driver
 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.2017-09-22not yet calculatedCVE-2017-6268
CONFIRMnvidia -- display_driver
 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service.2017-09-22not yet calculatedCVE-2017-6271
CONFIRMnvidia -- display_driver
 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.2017-09-22not yet calculatedCVE-2017-6277
CONFIRMopenlitespeed -- openlitespeed
 Use-after-free vulnerability in Open Litespeed before 1.3.10.2017-09-20not yet calculatedCVE-2015-3890
MISCotrs -- open_ticket_request_system
 In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.2017-09-21not yet calculatedCVE-2017-14635
CONFIRMp3scan -- p3scan
 The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.2017-09-21not yet calculatedCVE-2017-14681
MISCperl -- perl
 Buffer overflow in the regular expression parser in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (crash) or leak data from memory via vectors involving use of RExC_parse in the vFAIL macro.2017-09-19not yet calculatedCVE-2017-12883
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMperl -- perl
 Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (crash) via a crafted regular expression with the case-insensitive modifier.2017-09-19not yet calculatedCVE-2017-12837
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMphpbb -- phpbb
 Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.2017-09-19not yet calculatedCVE-2015-3880
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMphpmyfaq -- phpmyfaq
 Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.2017-09-20not yet calculatedCVE-2017-14619
MISCphpmyfaq -- phpmyfaq
 Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.2017-09-20not yet calculatedCVE-2017-14618
MISC
EXPLOIT-DBpoppler -- poppler
 In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.2017-09-20not yet calculatedCVE-2017-14617
CONFIRMportus -- portus
 Portus 2.2.0 has XSS via the Team field, related to typeahead.2017-09-20not yet calculatedCVE-2017-14621
CONFIRMproxychains_ng -- proxychains_ng
 Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.2017-09-21not yet calculatedCVE-2015-3887
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMpuppetlabs -- apache
 Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.2017-09-15not yet calculatedCVE-2017-2299
BID
CONFIRMpure-ftpd -- pure-ftpd
 Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd.2017-09-21not yet calculatedCVE-2017-12170
CONFIRMqnap_systems -- nas
 In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.2017-09-19not yet calculatedCVE-2017-10700
CONFIRMqualcomm -- android_releasesIn all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read.2017-09-21not yet calculatedCVE-2017-11001
BID
CONFIRMqualcomm -- android_releasesIn all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write.2017-09-21not yet calculatedCVE-2017-11000
BID
CONFIRMqualcomm -- android_releasesIn all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks.2017-09-21not yet calculatedCVE-2017-10999
BID
CONFIRMqualcomm -- android_releasesIn all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur.2017-09-21not yet calculatedCVE-2017-11002
BID
CONFIRMqualcomm -- android_releasesIn all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to.2017-09-21not yet calculatedCVE-2017-11040
BID
CONFIRMqualcomm -- android_releasesIn all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur.2017-09-21not yet calculatedCVE-2017-9677
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch.2017-09-21not yet calculatedCVE-2017-8280
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being called more than once, however put_pid being called only once in function "msm_close".2017-09-21not yet calculatedCVE-2017-8247
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur.2017-09-21not yet calculatedCVE-2017-8278
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time.2017-09-21not yet calculatedCVE-2017-8277
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negative.2017-09-21not yet calculatedCVE-2017-8250
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.2017-09-21not yet calculatedCVE-2017-8281
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur.2017-09-21not yet calculatedCVE-2017-9720
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another.2017-09-21not yet calculatedCVE-2017-11041
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle.2017-09-21not yet calculatedCVE-2017-8251
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. If the buffer length is large enough then the address + length operation could overflow and produce a result far below the valid region.2017-09-21not yet calculatedCVE-2017-10998
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory.2017-09-21not yet calculatedCVE-2017-10997
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.2017-09-21not yet calculatedCVE-2017-9725
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. This error is not fatal, however the device might crash/reboot with memory violation/out of bounds access.2017-09-21not yet calculatedCVE-2017-10996
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock.2017-09-21not yet calculatedCVE-2017-9676
BID
CONFIRMqualcomm -- android_releases
 In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.2017-09-21not yet calculatedCVE-2017-9724
BID
CONFIRMred_hat -- feedhenry_enterprise_mobile_application_platform
 Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.2017-09-20not yet calculatedCVE-2015-5248
CONFIRM
MISCred_hat -- jboss_enterprise_application_platform
 AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled.2017-09-19not yet calculatedCVE-2015-1849
CONFIRM
CONFIRM
CONFIRM
CONFIRMrockwell_automation -- micrologix_1100_controllers
 An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.2017-09-20not yet calculatedCVE-2017-7924
BID
MISCruby -- ruby
 Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.2017-09-15not yet calculatedCVE-2017-0898
BID
SECTRACK
MISC
MISC
MISCruby -- ruby
 The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.2017-09-19not yet calculatedCVE-2017-14033
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMruby -- ruby
 The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.2017-09-19not yet calculatedCVE-2017-10784
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMsam2p -- sam2p
 In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.2017-09-21not yet calculatedCVE-2017-14628
MISCsam2p -- sam2p
 Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element.2017-09-22not yet calculatedCVE-2017-14636
MISCsam2p -- sam2p
 In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element.2017-09-21not yet calculatedCVE-2017-14629
MISCsam2p -- sam2p
 In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow.2017-09-21not yet calculatedCVE-2017-14631
MISCsam2p -- sam2p
 In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation.2017-09-21not yet calculatedCVE-2017-14630
MISCsam2p -- sam2p
 In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address.2017-09-22not yet calculatedCVE-2017-14637
MISCsap -- e-recruiting
 An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798.2017-09-17not yet calculatedCVE-2017-14511
MISC
MISC
MISCsap -- netweaver_as_java
 The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.2017-09-19not yet calculatedCVE-2017-14581
MISCsogo -- sogo
 Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.2017-09-20not yet calculatedCVE-2015-5395
MLIST
CONFIRM
MISC
MISC
CONFIRMstdutility -- stdu_viewer
 STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."2017-09-22not yet calculatedCVE-2017-14688
MISCstdutility -- stdu_viewer
 STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a."2017-09-22not yet calculatedCVE-2017-14691
MISCstdutility -- stdu_viewer
 STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7."2017-09-22not yet calculatedCVE-2017-14690
MISCstdutility -- stdu_viewer
 STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e."2017-09-22not yet calculatedCVE-2017-14689
MISCstdutility -- stdu_viewer
 STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."2017-09-22not yet calculatedCVE-2017-14692
MISCtecnovision -- dlx_spot_player4Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.2017-09-21not yet calculatedCVE-2017-12929
MISCtecnovision -- dlx_spot_player4
 A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.2017-09-21not yet calculatedCVE-2017-12928
MISCtecnovision -- dlx_spot_player4
 SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.2017-09-21not yet calculatedCVE-2017-12930
MISCtor_project -- tor
 The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.2017-09-18not yet calculatedCVE-2017-0380
CONFIRM
CONFIRMtrend_micro -- mobile_securityProxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.2017-09-22not yet calculatedCVE-2017-14081
MISC
MISC
CONFIRMtrend_micro -- mobile_security
 SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.2017-09-22not yet calculatedCVE-2017-14078
MISC
CONFIRMtrend_micro -- mobile_security
 Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.2017-09-22not yet calculatedCVE-2017-14080
MISC
CONFIRMtrend_micro -- mobile_security
 Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.2017-09-22not yet calculatedCVE-2017-14079
MISC
MISC
MISC
MISC
CONFIRMtrend_micro -- smart_protection_server
 Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.2017-09-22not yet calculatedCVE-2017-11395
MISC
BID
CONFIRMtrend_micro -- web_security_virtual_appliance
 Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.2017-09-22not yet calculatedCVE-2017-11396
CONFIRMtwitter -- twitter_ios_client
 The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.2017-09-18not yet calculatedCVE-2016-10511
BID
MISCubuntu -- ubuntu
 Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.2017-09-20not yet calculatedCVE-2015-1329
CONFIRM
BID
UBUNTUutstarcom -- wa3002g4_adsl_ modem
 An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi.2017-09-17not yet calculatedCVE-2017-14243
EXPLOIT-DB
MISCvbulletin_solutions -- vbulletin
 vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure.2017-09-19not yet calculatedCVE-2015-3419
MLIST
CONFIRMwatchguard -- fireware
 An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted.2017-09-20not yet calculatedCVE-2017-14615
MISC
MISC
MISCwatchguard -- fireware
 An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible.2017-09-20not yet calculatedCVE-2017-14616
MISC
MISCweechat -- weechat
 logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.2017-09-23not yet calculatedCVE-2017-14727
CONFIRM
CONFIRM
CONFIRMwordpress -- wordpressBefore version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.2017-09-23not yet calculatedCVE-2017-14722
MISC
MISCwordpress -- wordpress
 Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.2017-09-23not yet calculatedCVE-2017-14718
MISC
MISCwordpress -- wordpress
 WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.2017-09-20not yet calculatedCVE-2015-2826
MISC
FULLDISC
MISC
BUGTRAQ
BID
EXPLOIT-DBwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order.2017-09-19not yet calculatedCVE-2015-3299
MLIST
BID
CONFIRMwordpress -- wordpress
 Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.2017-09-19not yet calculatedCVE-2015-4089
MLIST
CONFIRMwordpress -- wordpress
 Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.2017-09-23not yet calculatedCVE-2017-14719
MISC
MISCwordpress -- wordpress
 Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.2017-09-23not yet calculatedCVE-2017-14720
MISC
MISCwordpress -- wordpress
 Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.2017-09-23not yet calculatedCVE-2017-14725
MISC
MISCwordpress -- wordpress
 Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.2017-09-23not yet calculatedCVE-2017-14726
MISC
MISCwordpress -- wordpress
 Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.2017-09-23not yet calculatedCVE-2017-14724
MISC
MISCwordpress -- wordpress
 Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.2017-09-23not yet calculatedCVE-2017-14723
MISC
MISC
MISC
MISC
MISC
MISC
MISCwordpress -- wordpress
 Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.2017-09-23not yet calculatedCVE-2017-14721
MISC
MISCwordpress -- wordpress
 WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.2017-09-17not yet calculatedCVE-2017-14530
MISC
MISCws02 -- data_analytics_server
 WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.2017-09-21not yet calculatedCVE-2017-14651
MISC
MISCxiph.org -- vorbisIn Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().2017-09-21not yet calculatedCVE-2017-14633
MISCxiph.org -- vorbis
 The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file.2017-09-21not yet calculatedCVE-2017-14160
MISCxiph.org -- vorbis
 Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.2017-09-21not yet calculatedCVE-2017-14632
MISCyadifa -- yadifa
 The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.2017-09-20not yet calculatedCVE-2017-14339
CONFIRM
MISCzcms -- javaserver_pages_content_management_system
 Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.2017-09-20not yet calculatedCVE-2015-7347
MISC
EXPLOIT-DBzkteco -- zktime_webZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.2017-09-21not yet calculatedCVE-2017-14680
MISC
MISCzte -- zxr10_1800-2s_routers
 The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords.2017-09-19not yet calculatedCVE-2017-10930
MISCzte -- zxr10_1800-2s_routers
 The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration.2017-09-19not yet calculatedCVE-2017-10931
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Fri, 09/22/2017 - 10:05
Original release date: September 22, 2017

Google has released Chrome version 61.0.3163.100 for Windows, Mac, and Linux. This update addresses multiple vulnerabilities that an attacker may exploit to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Joomla! Releases Security Update

Thu, 09/21/2017 - 00:18
Original release date: September 21, 2017

Joomla! has released version 3.8.0 of its Content Management System (CMS) software to address a vulnerability. A remote attacker could exploit this vulnerability to obtain access to sensitive information.

US-CERT encourages users and administrators to review the Joomla! Security Release and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Samba Releases Security Updates

Wed, 09/20/2017 - 20:47
Original release date: September 20, 2017

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain access to potentially sensitive information.

US-CERT encourages users and administrators to review the following Samba Security Announcements for CVE-2017-12150, CVE-2017-12151, and CVE-2017-12163; and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 09/20/2017 - 20:07
Original release date: September 20, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Alert on Disaster-Related Fraud

Wed, 09/20/2017 - 18:53
Original release date: September 20, 2017

The Internet Crime Complaint Center (IC3) has released an announcement on fraudulent cyber activity related to natural disasters. IC3 reports that scammers have recently used email and social-networking sites to solicit money from disaster victims with scams on false temporary housing and job opportunities. In addition, IC3 warns the public to be cautious of solicitations for charitable donations.

US-CERT encourages consumers to review the IC3 Alert and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Releases Alerts on Protecting Against Identity Theft

Wed, 09/20/2017 - 16:58
Original release date: September 20, 2017

The Federal Trade Commission (FTC) has released two alerts to educate consumers on recommended protections against identity theft after the recent data breach at Equifax. Users should consider placing security freezes with the three major credit reporting agencies: Equifax, Transunion, and Experian. Alternative security recommendations include using fraud alerts and free credit monitoring from Equifax. 

US-CERT encourages users to refer to the FTC alerts on Equifax credit freezes and fraud alerts vs. credit freezes. See the US-CERT Tip on Preventing and Responding to Identity Theft for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


WordPress Releases Security Update

Wed, 09/20/2017 - 08:50
Original release date: September 20, 2017

WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2.

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Updates

Tue, 09/19/2017 - 16:56
Original release date: September 19, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Apple security pages and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Avast’s Piriform Releases Security Update for CCleaner

Tue, 09/19/2017 - 13:44
Original release date: September 19, 2017

Piriform, a subsidiary of Avast, has released CCleaner 5.34 and has pushed v1.07.3214 to CCleaner Cloud users. These versions do not contain the Floxif malware found in the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. Floxif malware collects information from the victim's system and can download additional malware to the system.

US-CERT encourages users and administrators to review the Piriform Security Notification and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Apache Releases Security Updates for Apache Tomcat

Tue, 09/19/2017 - 13:43
Original release date: September 19, 2017

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected server. 

US-CERT encourages users and administrators to review the Apache advisories for CVE-2017-12615 and CVE-2017-12616 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-261: Vulnerability Summary for the Week of September 11, 2017

Mon, 09/18/2017 - 06:51
Original release date: September 18, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infogoogle -- androidA elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.2017-09-089.3CVE-2017-0752
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744.2017-09-089.3CVE-2017-0753
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311.2017-09-089.3CVE-2017-0755
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.2017-09-089.3CVE-2017-0756
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815.2017-09-089.3CVE-2017-0757
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741.2017-09-089.3CVE-2017-0758
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268.2017-09-089.3CVE-2017-0759
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396.2017-09-089.3CVE-2017-0760
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381.2017-09-089.3CVE-2017-0761
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264.2017-09-089.3CVE-2017-0762
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693.2017-09-089.3CVE-2017-0763
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015.2017-09-089.3CVE-2017-0764
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863.2017-09-089.3CVE-2017-0765
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688.2017-09-089.3CVE-2017-0766
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407.2017-09-089.3CVE-2017-0767
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992.2017-09-089.3CVE-2017-0768
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122.2017-09-089.3CVE-2017-0769
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812.2017-09-089.3CVE-2017-0770
BID
CONFIRMgoogle -- androidA denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.2017-09-087.1CVE-2017-0771
BID
CONFIRMgoogle -- androidA denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076.2017-09-087.1CVE-2017-0772
BID
CONFIRMgoogle -- androidA denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911.2017-09-087.1CVE-2017-0773
BID
CONFIRMgoogle -- androidA denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844.2017-09-087.1CVE-2017-0774
BID
CONFIRMgoogle -- androidA denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179.2017-09-087.1CVE-2017-0775
BID
CONFIRMgoogle -- androidA information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227.2017-09-087.8CVE-2017-0778
BID
CONFIRMgoogle -- androidA denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976.2017-09-087.1CVE-2017-0780
BID
CONFIRMgoogle -- androidA information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946.2017-09-087.1CVE-2017-0793
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480.2017-09-089.3CVE-2017-0795
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887.2017-09-089.3CVE-2017-0796
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854.2017-09-089.3CVE-2017-0797
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532.2017-09-089.3CVE-2017-0798
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072.2017-09-089.3CVE-2017-0799
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988.2017-09-089.3CVE-2017-0800
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980.2017-09-089.3CVE-2017-0801
BID
CONFIRMibm -- db2_connectIBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.2017-09-127.2CVE-2017-1451
CONFIRM
BID
SECTRACK
MISCibm -- db2_connectIBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.2017-09-127.2CVE-2017-1452
CONFIRM
BID
SECTRACK
MISCimagemagick -- imagemagickIn ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.2017-09-127.1CVE-2017-14325
CONFIRMimagemagick -- imagemagickImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.2017-09-127.1CVE-2017-14341
CONFIRM
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766.2017-09-127.6CVE-2017-8751
SECTRACK
CONFIRMsynology -- photo_stationMultiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.2017-09-087.5CVE-2017-11161
CONFIRMtcpdump -- tcpdumpThe SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len().2017-09-147.5CVE-2017-12893
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpSeveral protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring().2017-09-147.5CVE-2017-12894
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().2017-09-147.5CVE-2017-12895
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().2017-09-147.5CVE-2017-12896
SECTRACK
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print().2017-09-147.5CVE-2017-12897
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply().2017-09-147.5CVE-2017-12898
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().2017-09-147.5CVE-2017-12899
SECTRACK
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdumpSeveral protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().2017-09-147.5CVE-2017-12900
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print().2017-09-147.5CVE-2017-12901
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.2017-09-147.5CVE-2017-12902
SECTRACK
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print().2017-09-147.5CVE-2017-12985
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().2017-09-147.5CVE-2017-12986
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().2017-09-147.5CVE-2017-12987
SECTRACK
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdumpThe telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().2017-09-147.5CVE-2017-12988
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().2017-09-147.5CVE-2017-12991
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print().2017-09-147.5CVE-2017-12992
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions.2017-09-147.5CVE-2017-12993
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().2017-09-147.5CVE-2017-12994
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print().2017-09-147.5CVE-2017-12996
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach().2017-09-147.5CVE-2017-12998
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().2017-09-147.5CVE-2017-12999
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print().2017-09-147.5CVE-2017-13000
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdumpThe NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh().2017-09-147.5CVE-2017-13001
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension().2017-09-147.5CVE-2017-13002
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print().2017-09-147.5CVE-2017-13003
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header().2017-09-147.5CVE-2017-13004
SECTRACK
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdumpThe NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().2017-09-147.5CVE-2017-13005
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions.2017-09-147.5CVE-2017-13006
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print().2017-09-147.5CVE-2017-13007
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().2017-09-147.5CVE-2017-13008
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print().2017-09-147.5CVE-2017-13009
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart().2017-09-147.5CVE-2017-13010
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpSeveral protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal().2017-09-147.5CVE-2017-13011
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print().2017-09-147.5CVE-2017-13012
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions.2017-09-147.5CVE-2017-13013
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions.2017-09-147.5CVE-2017-13014
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print().2017-09-147.5CVE-2017-13015
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().2017-09-147.5CVE-2017-13016
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print().2017-09-147.5CVE-2017-13017
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().2017-09-147.5CVE-2017-13018
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().2017-09-147.5CVE-2017-13019
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().2017-09-147.5CVE-2017-13020
SECTRACK
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print().2017-09-147.5CVE-2017-13021
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().2017-09-147.5CVE-2017-13022
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().2017-09-147.5CVE-2017-13023
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().2017-09-147.5CVE-2017-13024
SECTRACK
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().2017-09-147.5CVE-2017-13025
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions.2017-09-147.5CVE-2017-13026
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print().2017-09-147.5CVE-2017-13027
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print().2017-09-147.5CVE-2017-13028
SECTRACK
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdumpThe PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().2017-09-147.5CVE-2017-13029
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.2017-09-147.5CVE-2017-13030
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().2017-09-147.5CVE-2017-13031
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().2017-09-147.5CVE-2017-13032
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().2017-09-147.5CVE-2017-13033
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().2017-09-147.5CVE-2017-13034
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().2017-09-147.5CVE-2017-13035
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().2017-09-147.5CVE-2017-13036
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().2017-09-147.5CVE-2017-13037
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().2017-09-147.5CVE-2017-13038
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.2017-09-147.5CVE-2017-13039
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.2017-09-147.5CVE-2017-13040
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().2017-09-147.5CVE-2017-13041
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().2017-09-147.5CVE-2017-13042
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().2017-09-147.5CVE-2017-13043
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().2017-09-147.5CVE-2017-13044
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().2017-09-147.5CVE-2017-13045
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().2017-09-147.5CVE-2017-13046
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().2017-09-147.5CVE-2017-13047
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().2017-09-147.5CVE-2017-13048
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().2017-09-147.5CVE-2017-13049
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().2017-09-147.5CVE-2017-13050
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().2017-09-147.5CVE-2017-13051
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().2017-09-147.5CVE-2017-13052
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().2017-09-147.5CVE-2017-13053
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().2017-09-147.5CVE-2017-13054
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().2017-09-147.5CVE-2017-13055
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().2017-09-147.5CVE-2017-13687
SECTRACK
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdumpThe OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().2017-09-147.5CVE-2017-13688
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().2017-09-147.5CVE-2017-13689
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.2017-09-147.5CVE-2017-13690
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().2017-09-147.5CVE-2017-13725
SECTRACK
CONFIRM
CONFIRM
CONFIRMBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoazeotech -- daqfactoryAn Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.2017-09-084.6CVE-2017-5147
BID
MISCdivinglog -- diving_logXXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.2017-09-084.3CVE-2017-9095
MISCee -- 4gee_wifi_mbb_firmwareEE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.2017-09-116.8CVE-2017-14267
MISC
MISC
MISC
MISC
MISC
MISC
MISCee -- 4gee_wifi_mbb_firmwareEE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request.2017-09-114.3CVE-2017-14268
MISC
MISCee -- 4gee_wifi_mbb_firmwareEE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content.2017-09-115.0CVE-2017-14269
MISC
MISCellucian -- banner_studentCross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-09-114.3CVE-2015-4687
MISC
BUGTRAQffmpeg -- ffmpegThe av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)2017-09-096.8CVE-2017-14225
BID
MISC
MISCfortinet -- fortiosA Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.2017-09-114.3CVE-2017-3132
BID
SECTRACK
CONFIRM
EXPLOIT-DBfortinet -- fortiosA Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.2017-09-114.3CVE-2017-3133
BID
SECTRACK
CONFIRM
EXPLOIT-DBgoogle -- androidA information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660.2017-09-084.3CVE-2017-0776
BID
CONFIRMgoogle -- androidA information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499.2017-09-084.3CVE-2017-0777
BID
CONFIRMgoogle -- androidA information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117.2017-09-084.3CVE-2017-0779
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.2017-09-085.8CVE-2017-0784
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.2017-09-085.8CVE-2017-0786
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104.2017-09-085.8CVE-2017-0787
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103.2017-09-085.8CVE-2017-0788
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102.2017-09-085.8CVE-2017-0789
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101.2017-09-085.8CVE-2017-0790
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302.2017-09-085.8CVE-2017-0791
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.2017-09-086.8CVE-2017-0794
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818.2017-09-086.8CVE-2017-0802
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477.2017-09-086.8CVE-2017-0803
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.2017-09-086.8CVE-2017-0804
BID
CONFIRMgraphicsmagick -- graphicsmagickOff-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.2017-09-114.3CVE-2017-14314
CONFIRM
CONFIRMibm -- db2_connectIBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.2017-09-124.3CVE-2017-1519
CONFIRM
BID
SECTRACK
MISCibm -- db2_connectIBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.2017-09-124.3CVE-2017-1520
CONFIRM
BID
SECTRACK
MISCibm -- qradar_security_information_and_event_managerIBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957.2017-09-125.0CVE-2017-1162
CONFIRM
BID
MISCimagemagick -- imagemagickA heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file.2017-09-114.3CVE-2017-14248
CONFIRMimagemagick -- imagemagickImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.2017-09-114.3CVE-2017-14249
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.2017-09-124.3CVE-2017-14324
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.2017-09-124.3CVE-2017-14326
CONFIRMimagemagick -- imagemagickImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.2017-09-124.3CVE-2017-14342
CONFIRMimagemagick -- imagemagickImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.2017-09-124.3CVE-2017-14343
CONFIRMjasper_project -- jasperThere is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.2017-09-095.0CVE-2017-14229
MISCnasm -- netwide_assemblerIn Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.2017-09-095.0CVE-2017-14228
MISCnexusphp_project -- nexusphpNexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.2017-09-124.3CVE-2017-14347
MISCnovell -- leapThe mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.2017-09-086.9CVE-2016-5759
SUSE
MLISTstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000cb8c."2017-09-114.6CVE-2017-14286
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb."2017-09-114.6CVE-2017-14287
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x0000000000002ff7."2017-09-114.6CVE-2017-14288
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000303e."2017-09-114.6CVE-2017-14289
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d."2017-09-114.6CVE-2017-14290
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d8."2017-09-114.6CVE-2017-14291
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000570e."2017-09-114.6CVE-2017-14292
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1."2017-09-114.6CVE-2017-14293
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e."2017-09-114.6CVE-2017-14294
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e6."2017-09-114.6CVE-2017-14296
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35."2017-09-114.6CVE-2017-14297
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8."2017-09-114.6CVE-2017-14298
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x000000000000384b."2017-09-114.6CVE-2017-14299
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x0000000000004479."2017-09-114.6CVE-2017-14300
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3."2017-09-114.6CVE-2017-14301
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7."2017-09-114.6CVE-2017-14302
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047."2017-09-114.6CVE-2017-14303
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0."2017-09-114.6CVE-2017-14304
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578."2017-09-114.6CVE-2017-14305
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10."2017-09-114.6CVE-2017-14306
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402."2017-09-114.6CVE-2017-14307
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd."2017-09-114.6CVE-2017-14308
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8."2017-09-114.6CVE-2017-14309
MISCsynology -- photo_stationDirectory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.2017-09-084.0CVE-2017-11162
CONFIRMsynology -- photo_stationServer-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.2017-09-084.0CVE-2017-12071
CONFIRMtcpdump -- tcpdumpThe RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length().2017-09-145.0CVE-2017-12989
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.2017-09-145.0CVE-2017-12990
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print().2017-09-145.0CVE-2017-12995
SECTRACK
CONFIRM
CONFIRMtcpdump -- tcpdumpThe LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print().2017-09-145.0CVE-2017-12997
SECTRACK
CONFIRM
CONFIRMtcpreplay -- tcpreplaytcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file.2017-09-126.8CVE-2017-14266
EXPLOIT-DBtypo3 -- typo3Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.2017-09-116.5CVE-2017-14251
BID
SECTRACK
CONFIRMxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."2017-09-114.6CVE-2017-14275
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe."2017-09-114.6CVE-2017-14276
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005956."2017-09-114.6CVE-2017-14277
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005940."2017-09-114.6CVE-2017-14278
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005643."2017-09-114.6CVE-2017-14279
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d."2017-09-114.6CVE-2017-14280
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1."2017-09-114.6CVE-2017-14281
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005862."2017-09-114.6CVE-2017-14282
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000008fe4."2017-09-114.6CVE-2017-14283
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c."2017-09-114.6CVE-2017-14284
MISCxnview -- xnviewXnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b."2017-09-114.6CVE-2017-14285
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofortinet -- fortiosA Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.2017-09-113.5CVE-2017-3131
BID
SECTRACK
CONFIRM
EXPLOIT-DBfortinet -- fortiosA Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions.2017-09-113.5CVE-2017-7734
BID
SECTRACK
CONFIRMfortinet -- fortiosA Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.2017-09-113.5CVE-2017-7735
BID
SECTRACK
CONFIRMgoogle -- androidA information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.2017-09-083.3CVE-2017-0792
BID
CONFIRMwolfcms -- wolf_cmsWolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI).2017-09-083.5CVE-2017-11611
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoalegrocart -- alegrocart
 PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.2017-09-11not yet calculatedCVE-2015-9227
MISC
FULLDISC
MISC
EXPLOIT-DBalegrocart -- alegrocart
 Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php.2017-09-11not yet calculatedCVE-2015-9226
MISC
FULLDISC
MISC
EXPLOIT-DBansible -- vault
 An exploitable vulnerability exists in the yaml loading functionality of Ansible Vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.2017-09-14not yet calculatedCVE-2017-2809
BID
CONFIRM
CONFIRM
CONFIRM
MISCanydesk -- anydesk
 AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.2017-09-12not yet calculatedCVE-2017-14397
CONFIRMapache -- brooklyn
 Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability.2017-09-13not yet calculatedCVE-2016-8744
CONFIRM
MLISTapache -- brooklyn
 In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability.2017-09-13not yet calculatedCVE-2016-8737
BID
CONFIRM
MLISTapache -- brooklyn
 In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability.2017-09-13not yet calculatedCVE-2017-3165
BID
CONFIRM
MLISTapache -- spark
 In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later.2017-09-13not yet calculatedCVE-2017-12612
BID
MISCapache -- struts
 The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.2017-09-15not yet calculatedCVE-2017-9805
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBapache -- traffic_server
 Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.2017-09-13not yet calculatedCVE-2015-5206
MLISTapache -- traffic_server
 Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.2017-09-13not yet calculatedCVE-2015-5168
MLISTapache -- wicketApache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.2017-09-15not yet calculatedCVE-2014-7808
MLIST
MISCapple -- iosIn Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.2017-09-12not yet calculatedCVE-2017-14315
BID
MISCaxesstel -- mu553s_modem _router _firmware
 On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page.2017-09-13not yet calculatedCVE-2017-13724
MISCaxesstel -- mu553s_modem _router _firmware
 Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.2017-09-13not yet calculatedCVE-2017-11351
MISCaxesstel -- mu553s_modem _router _firmware
 Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices.2017-09-13not yet calculatedCVE-2017-11350
MISCbeijing_hanbang – hanbanggaoke_devices
 On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.2017-09-12not yet calculatedCVE-2017-14335
MISCbento4 -- bento4
 In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.2017-09-11not yet calculatedCVE-2017-14258
CONFIRMbento4 -- bento4
 In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.2017-09-11not yet calculatedCVE-2017-14260
CONFIRMbento4 -- bento4
 In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.2017-09-11not yet calculatedCVE-2017-14259
CONFIRMbento4 -- bento4
 In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file.2017-09-11not yet calculatedCVE-2017-14261
CONFIRMbento4 -- bento4
 In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file.2017-09-11not yet calculatedCVE-2017-14257
CONFIRM

blackcat-cms -- blackcat_cms


 In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.2017-09-12not yet calculatedCVE-2017-14399
MISCblackwave -- dive_assistant
 XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.2017-09-12not yet calculatedCVE-2017-8918
MISCblue_coat -- malware_analysis_appliance_and_malware_analyzer_g2
 Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.2017-09-11not yet calculatedCVE-2015-4523
CONFIRMbluez -- bluez
 All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.2017-09-12not yet calculatedCVE-2017-1000250
BID
CONFIRM
MISCcelery_flower -- celery_flower
 flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.2017-09-15not yet calculatedCVE-2017-14483
CONFIRMcisco -- meeting_server
 A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server of the affected system. This vulnerability affects Cisco Meeting Server (CMS) deployments that are running a CMS Software release prior to Release 2.0.16, 2.1.11, or 2.2.6. Cisco Bug IDs: CSCvf51127.2017-09-13not yet calculatedCVE-2017-12249
BID
SECTRACK
CONFIRMcorega -- cg-wlr300nm
 CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.2017-09-15not yet calculatedCVE-2017-10813
MISC
JVNcorega -- cg-wlr300nm
 Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors.2017-09-15not yet calculatedCVE-2017-10814
MISC
JVNcyrus -- cyrus_imap
 In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.2017-09-10not yet calculatedCVE-2017-14230
CONFIRM
CONFIRM
CONFIRM
CONFIRM

d-link -- d-link

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.2017-09-13not yet calculatedCVE-2017-14427
MISC

d-link -- d-link


 The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.2017-09-13not yet calculatedCVE-2017-14419
MISC

d-link -- d-link


 D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.2017-09-13not yet calculatedCVE-2017-14426
MISCd-link -- d-link
 D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.2017-09-13not yet calculatedCVE-2017-14415
MISCd-link -- d-link
 D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.2017-09-13not yet calculatedCVE-2017-14413
MISCd-link -- d-link
 D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.2017-09-13not yet calculatedCVE-2017-14424
MISCd-link -- d-link
 D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.2017-09-13not yet calculatedCVE-2017-14416
MISC

d-link -- d-link


 D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.2017-09-13not yet calculatedCVE-2017-14430
MISCd-link -- d-link
 D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.2017-09-13not yet calculatedCVE-2017-14421
MISCd-link -- d-link
 D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.2017-09-13not yet calculatedCVE-2017-14428
MISC

d-link -- d-link


 htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.2017-09-13not yet calculatedCVE-2017-14423
MISC

d-link -- d-link


 The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.2017-09-13not yet calculatedCVE-2017-14418
MISC

d-link -- d-link


 The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-09-13not yet calculatedCVE-2017-14420
MISCd-link -- d-link
 D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.2017-09-13not yet calculatedCVE-2017-14425
MISCd-link -- d-link
 D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.2017-09-13not yet calculatedCVE-2017-14422
MISC

d-link -- d-link


 D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.2017-09-13not yet calculatedCVE-2017-14414
MISC

d-link -- d-link


 register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.2017-09-13not yet calculatedCVE-2017-14417
MISC

d-link -- d-link


 The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.2017-09-13not yet calculatedCVE-2017-14429
MISCdolibarr -- erp_crm
 SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.2017-09-11not yet calculatedCVE-2017-14238
CONFIRMdolibarr -- erp_crm
 Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php.2017-09-11not yet calculatedCVE-2017-14241
CONFIRMdolibarr -- erp_crm
 SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.2017-09-11not yet calculatedCVE-2017-14242
CONFIRM

dolibarr -- erp_crm


 There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.2017-09-11not yet calculatedCVE-2017-14240
CONFIRMdolibarr -- erp_crm
 Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php.2017-09-11not yet calculatedCVE-2017-14239
CONFIRMdrupal -- drupal
 Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.2017-09-13not yet calculatedCVE-2015-2749
CONFIRM
DEBIAN
MLIST
BID
CONFIRM
CONFIRMdrupal -- drupal
 Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.2017-09-11not yet calculatedCVE-2015-7877
CONFIRM
MISCdrupal -- drupal
 Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.2017-09-13not yet calculatedCVE-2015-2750
CONFIRM
CONFIRM
DEBIAN
MLIST
BID
CONFIRMdrupal -- drupal
 The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.2017-09-13not yet calculatedCVE-2015-7880
MLIST
BID
MISC
CONFIRMdrupal -- drupal
 Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page.2017-09-11not yet calculatedCVE-2015-7879
MLIST
BID
CONFIRM
MISCeclipse -- kura
 The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.2017-09-11not yet calculatedCVE-2017-7649
CONFIRM
CONFIRMellucian -- banner_student
 Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."2017-09-11not yet calculatedCVE-2015-4689
MISC
BUGTRAQellucian -- banner_student
 Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.2017-09-11not yet calculatedCVE-2015-5054
MISC
BUGTRAQellucian -- banner_student
 Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests.2017-09-11not yet calculatedCVE-2015-4688
MISC
BUGTRAQelux_rp -- elux_rp
 In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions.2017-09-13not yet calculatedCVE-2017-14124
CONFIRM

emc -- appsync


 EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-09-12not yet calculatedCVE-2017-8015
CONFIRM
BIDeyesofnetwork -- eyesofnetwork
 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.2017-09-12not yet calculatedCVE-2017-14403
MISCeyesofnetwork -- eyesofnetwork
 The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring.2017-09-12not yet calculatedCVE-2017-14404
MISCeyesofnetwork -- eyesofnetwork
 The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.2017-09-12not yet calculatedCVE-2017-14405
MISCeyesofnetwork -- eyesofnetwork
 SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.2017-09-11not yet calculatedCVE-2017-14252
MISCeyesofnetwork -- eyesofnetwork
 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php.2017-09-12not yet calculatedCVE-2017-14402
MISCeyesofnetwork -- eyesofnetwork
 The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section.2017-09-12not yet calculatedCVE-2017-14401
MISCeyesofnetwork -- eyesofnetwork
 SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.2017-09-11not yet calculatedCVE-2017-14247
MISCffmpeg -- ffmpeg
 In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.2017-09-08not yet calculatedCVE-2017-14223
BID
CONFIRMffmpeg -- ffmpeg
 In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.2017-09-08not yet calculatedCVE-2017-14222
BID
CONFIRMfile() -- file()
 An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).2017-09-11not yet calculatedCVE-2017-1000249
CONFIRM
CONFIRMfujitsu -- fence-explorer
 Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-09-15not yet calculatedCVE-2017-10855
MISC
JVNgenixcms -- genixcms
 GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php.2017-09-10not yet calculatedCVE-2017-14231
CONFIRM
CONFIRMgentoo -- gentoo_security
 The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.2017-09-15not yet calculatedCVE-2017-14484
CONFIRMgnu -- binutils
 The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution.2017-09-12not yet calculatedCVE-2017-14333
CONFIRMgnu -- emacs
 GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).2017-09-14not yet calculatedCVE-2017-14482
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMgoogle -- android
 A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.2017-09-14not yet calculatedCVE-2017-0785
BID
CONFIRMgoogle -- android
 A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.2017-09-14not yet calculatedCVE-2017-0783
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.2017-09-14not yet calculatedCVE-2017-0782
BID
CONFIRMgoogle -- android
 Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727.2017-09-15not yet calculatedCVE-2015-1527
BID
CONFIRM
MISCgoogle -- android
 A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.2017-09-14not yet calculatedCVE-2017-0781
BID
CONFIRM

honeywell -- network_video_recorder


 Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device.2017-09-11not yet calculatedCVE-2017-14263
MISCi-filter -- install_program_and_installer
 Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-09-15not yet calculatedCVE-2017-10858
MISC
JVNi-filter -- install_program_and_installer
 Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-09-15not yet calculatedCVE-2017-10859
MISC
JVNi-filter -- install_program_and_installer
 Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-09-15not yet calculatedCVE-2017-10860
MISC
JVNibm -- api_connect
 IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546.2017-09-13not yet calculatedCVE-2017-1556
CONFIRM
BID
MISCibm -- business_process_manager_and_websphere_lombardi_edition
 IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.2017-09-15not yet calculatedCVE-2015-0110
BID
CONFIRMibm -- db2
 IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.2017-09-12not yet calculatedCVE-2017-1439
CONFIRM
BID
SECTRACK
MISCibm -- db2
 IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.2017-09-12not yet calculatedCVE-2017-1438
CONFIRM
BID
SECTRACK
MISC

ibm -- db2


 IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.2017-09-12not yet calculatedCVE-2017-1434
CONFIRM
BID
SECTRACK
MISCibm -- informix_dynamic_server
 IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.2017-09-13not yet calculatedCVE-2017-1508
CONFIRM
BID
MISCibm -- maximo_asset_management
 IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.2017-09-12not yet calculatedCVE-2017-1352
CONFIRM
BID
MISC

imagemagick -- imagemagick


 In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.2017-09-12not yet calculatedCVE-2017-14400
CONFIRM

imagemagick -- imagemagick


 A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.2017-09-08not yet calculatedCVE-2017-14224
BID
CONFIRMindia_goods_and_services_tax_network -- offline_utility_tool
 GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution.2017-09-14not yet calculatedCVE-2017-13779
MISCinternet_initiative_japan -- seil
 SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially crafted packet.2017-09-15not yet calculatedCVE-2017-10856
MISC
JVNjazz -- reporting_service
 An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information.2017-09-14not yet calculatedCVE-2017-1490
CONFIRM
BID
MISCjenkins -- jenkins
 Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.2017-09-12not yet calculatedCVE-2014-9634
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMjenkins -- jenkins
 Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.2017-09-12not yet calculatedCVE-2014-9635
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
MISC
CONFIRM

joomla -- joomla!


 The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.2017-09-14not yet calculatedCVE-2013-7429
FULLDISC
CONFIRM
MLIST
MLISTjungo -- windriver
 This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.2017-09-11not yet calculatedCVE-2017-14075
MISC
EXPLOIT-DBjungo -- windriver
 This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.2017-09-12not yet calculatedCVE-2017-14344
MISC
EXPLOIT-DBjungo -- windriver
 This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824b7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.2017-09-11not yet calculatedCVE-2017-14153
MISC
EXPLOIT-DBkind_editor -- kind_editor
 Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.2017-09-14not yet calculatedCVE-2017-1002024
MISC
MISC
MISCkubernetes -- azure_cloud_provider
 Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.2017-09-14not yet calculatedCVE-2017-1002100
MISC
MISClibofx -- libofx
 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.2017-09-13not yet calculatedCVE-2017-2816
BID
MISClibraw -- libraw
 LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.2017-09-12not yet calculatedCVE-2017-14348
CONFIRMlibraw -- libraw
 A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.2017-09-11not yet calculatedCVE-2017-14265
CONFIRMlinux -- linux_kernel
 The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.2017-09-15not yet calculatedCVE-2017-14340
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.2017-09-12not yet calculatedCVE-2017-1000251
BID
CONFIRM
MISClinux -- linux_kernel
 The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.2017-09-15not yet calculatedCVE-2017-14489
CONFIRM
CONFIRM

linux -- linux_kernel


 The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.2017-09-15not yet calculatedCVE-2017-14497
CONFIRM
CONFIRM
CONFIRM
CONFIRMmagneto2 -- magneto2
 The Fastly CDN module before 1.2.26 for Magneto2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.2017-09-14not yet calculatedCVE-2017-13761
CONFIRMmantisbt -- mantisbt
 CAPTCHA bypass vulnerability in MantisBT before 1.2.19.2017-09-12not yet calculatedCVE-2014-9624
MLIST
SECTRACK
CONFIRM
XF
CONFIRM
CONFIRMmicrosoft -- .net_framework
 Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."2017-09-12not yet calculatedCVE-2017-8759
BID
SECTRACK
CONFIRM
EXPLOIT-DBmicrosoft -- bluetooth_driver
 Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability".2017-09-12not yet calculatedCVE-2017-8628
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8738
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8756
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756.2017-09-12not yet calculatedCVE-2017-11764
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766.2017-09-12not yet calculatedCVE-2017-8734
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability".2017-09-12not yet calculatedCVE-2017-8757
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724.2017-09-12not yet calculatedCVE-2017-8735
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8752
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754.2017-09-12not yet calculatedCVE-2017-8723
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8649
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643.2017-09-12not yet calculatedCVE-2017-8648
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".2017-09-12not yet calculatedCVE-2017-8739
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735.2017-09-12not yet calculatedCVE-2017-8724
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8740
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766.2017-09-12not yet calculatedCVE-2017-8731
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8753
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723.2017-09-12not yet calculatedCVE-2017-8754
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648.2017-09-12not yet calculatedCVE-2017-8643
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8660
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8755
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751.2017-09-12not yet calculatedCVE-2017-11766
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648.2017-09-12not yet calculatedCVE-2017-8597
BID
SECTRACK
CONFIRM

microsoft -- edge


 Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8729
BID
SECTRACK
CONFIRMmicrosoft -- excel_for_mac_2011
 A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution".2017-09-12not yet calculatedCVE-2017-8567
BID
SECTRACK
CONFIRMmicrosoft -- excel
 A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.2017-09-12not yet calculatedCVE-2017-8631
BID
SECTRACK
CONFIRMmicrosoft -- excel
 A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731.2017-09-12not yet calculatedCVE-2017-8744
BID
SECTRACK
CONFIRMmicrosoft -- exchange_server
 Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"2017-09-12not yet calculatedCVE-2017-11761
BID
SECTRACK
CONFIRMmicrosoft -- exchange_server
 Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."2017-09-12not yet calculatedCVE-2017-8758
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8748
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.2017-09-12not yet calculatedCVE-2017-8741
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8749.2017-09-12not yet calculatedCVE-2017-8747
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability".2017-09-12not yet calculatedCVE-2017-8733
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".2017-09-12not yet calculatedCVE-2017-8750
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability".2017-09-12not yet calculatedCVE-2017-8736
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8747.2017-09-12not yet calculatedCVE-2017-8749
BID
SECTRACK
CONFIRMmicrosoft -- office_2016
 Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744.2017-09-12not yet calculatedCVE-2017-8630
BID
SECTRACK
CONFIRMmicrosoft -- powerpoint_and_sharepoint_and_office_online_server
 A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742.2017-09-12not yet calculatedCVE-2017-8743
BID
SECTRACK
CONFIRMmicrosoft -- publisher
 A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution".2017-09-12not yet calculatedCVE-2017-8725
BID
SECTRACK
CONFIRM

microsoft -- sharepoint_server_2013


 Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability".2017-09-12not yet calculatedCVE-2017-8629
BID
SECTRACK
CONFIRMmicrosoft -- sharepoint
 An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability".2017-09-12not yet calculatedCVE-2017-8745
BID
CONFIRMmicrosoft -- windowsThe Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability".2017-09-12not yet calculatedCVE-2017-8686
BID
SECTRACK
CONFIRMmicrosoft -- windowsThe Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Remote Desktop Virtual Host Remote Code Execution Vulnerability".2017-09-12not yet calculatedCVE-2017-8714
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka "Windows Security Feature Bypass Vulnerability".2017-09-12not yet calculatedCVE-2017-8716
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution."2017-09-12not yet calculatedCVE-2017-8696
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719.2017-09-12not yet calculatedCVE-2017-8709
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.2017-09-12not yet calculatedCVE-2017-8678
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.2017-09-12not yet calculatedCVE-2017-8677
BID
SECTRACK
CONFIRMmicrosoft -- windows
 A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744.2017-09-12not yet calculatedCVE-2017-8632
BID
SECTRACK
CONFIRM

microsoft -- windows


 The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719.2017-09-12not yet calculatedCVE-2017-8708
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".. This CVE ID is unique from CVE-2017-8720.2017-09-12not yet calculatedCVE-2017-8675
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713.2017-09-12not yet calculatedCVE-2017-8711
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability."2017-09-12not yet calculatedCVE-2017-8676
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688.2017-09-12not yet calculatedCVE-2017-8684
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".2017-09-12not yet calculatedCVE-2017-0161
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719.2017-09-12not yet calculatedCVE-2017-8679
BID
SECTRACK
CONFIRM

microsoft -- windows


 The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability".2017-09-12not yet calculatedCVE-2017-8704
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679.2017-09-12not yet calculatedCVE-2017-8719
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688.2017-09-12not yet calculatedCVE-2017-8685
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682.2017-09-12not yet calculatedCVE-2017-8683
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.2017-09-12not yet calculatedCVE-2017-8680
BID
SECTRACK
CONFIRM

microsoft -- windows


 The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713.2017-09-12not yet calculatedCVE-2017-8707
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8728.2017-09-12not yet calculatedCVE-2017-8737
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability."2017-09-12not yet calculatedCVE-2017-8695
BID
SECTRACK
CONFIRM

microsoft -- windows


 Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability".2017-09-12not yet calculatedCVE-2017-8702
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681.2017-09-12not yet calculatedCVE-2017-8687
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8737.2017-09-12not yet calculatedCVE-2017-8728
BID
SECTRACK
CONFIRM

microsoft -- windows


 Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka "Windows Shell Remote Code Execution Vulnerability".2017-09-12not yet calculatedCVE-2017-8699
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685.2017-09-12not yet calculatedCVE-2017-8688
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683.2017-09-12not yet calculatedCVE-2017-8682
BID
SECTRACK
CONFIRMmicrosoft -- windows
 A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.2017-09-12not yet calculatedCVE-2017-8742
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".2017-09-12not yet calculatedCVE-2017-8710
BID
SECTRACK
CONFIRM

microsoft -- windows


 The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713.2017-09-12not yet calculatedCVE-2017-8706
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713.2017-09-12not yet calculatedCVE-2017-8712
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability".2017-09-12not yet calculatedCVE-2017-8746
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687.2017-09-12not yet calculatedCVE-2017-8681
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675.2017-09-12not yet calculatedCVE-2017-8720
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706.2017-09-12not yet calculatedCVE-2017-8713
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka "Uniscribe Remote Code Execution Vulnerability".2017-09-12not yet calculatedCVE-2017-8692
BID
SECTRACK
CONFIRMmisp -- misp
 When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.2017-09-12not yet calculatedCVE-2017-14337
CONFIRM
CONFIRM

mit -- kerberos


 Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.2017-09-13not yet calculatedCVE-2017-11462
CONFIRM
CONFIRM
CONFIRM
FEDORAmongodb -- libson
 In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.2017-09-09not yet calculatedCVE-2017-14227
BID
MISC
MISC
MISCmosquitto -- mosquitto
 In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto.2017-09-11not yet calculatedCVE-2017-7650
CONFIRM
BID
CONFIRMmp3gain -- mp3gain
 A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.2017-09-12not yet calculatedCVE-2017-14407
MISCmp3gain -- mp3gain
 A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.2017-09-12not yet calculatedCVE-2017-14411
MISCmp3gain -- mp3gain
 A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.2017-09-12not yet calculatedCVE-2017-14410
MISCmp3gain -- mp3gain
 An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact.2017-09-12not yet calculatedCVE-2017-14412
MISCmp3gain -- mp3gain
 A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.2017-09-12not yet calculatedCVE-2017-14406
MISCmp3gain -- mp3gain
 A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.2017-09-12not yet calculatedCVE-2017-14409
MISCmp3gain -- mp3gain
 A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.2017-09-12not yet calculatedCVE-2017-14408
MISCnagios_core -- nagios_core
 Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.2017-09-11not yet calculatedCVE-2017-14312
MISC

ntt_docomo -- wi-fi_station_l-02f


 Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.2017-09-15not yet calculatedCVE-2017-10845
JVN
MISCntt_docomo -- wi-fi_station_l-02f
 Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.2017-09-15not yet calculatedCVE-2017-10846
JVN
MISCosticket -- osticket
 In osTicket 1.10, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.2017-09-12not yet calculatedCVE-2017-14396
MISCpagure -- pagure
 Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization2017-09-14not yet calculatedCVE-2017-1002151
MISC
MISCpuppetlabs -- apache_module
 Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.2017-09-15not yet calculatedCVE-2017-2299
CONFIRMpython-fedora -- python-fedora
 python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection2017-09-14not yet calculatedCVE-2017-1002150
MISC
MISCqnap -- qts_media_library
 QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.2017-09-14not yet calculatedCVE-2017-13067
CONFIRMrazer_synapse -- razer_synapse
 rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection.2017-09-13not yet calculatedCVE-2017-14398
MISC

redhat -- enterprise_mrg


 Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.2017-09-14not yet calculatedCVE-2015-7553
CONFIRM

redhat -- jboss_eap


 Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.2017-09-13not yet calculatedCVE-2017-7561
BID
MISC

rhnsd -- rhnsd

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.2017-09-13not yet calculatedCVE-2017-7560
CONFIRMruby -- ruby
 Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage of its heap by the malicious specification of the format of sprintf method. If a script allows to accept any format from the outside, there is a risk to be spied the contents of the heap.2017-09-15not yet calculatedCVE-2017-0898
SECTRACK
MISC
MISC
MISCsamsung -- network_video_recorder
 On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.2017-09-11not yet calculatedCVE-2017-14262
MISCsilverstripe -- silverstripe
 SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.2017-09-15not yet calculatedCVE-2017-14498
MISC
MISC
MISC
MISC

sophos -- surfright_hitmanpro

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie.2017-09-13not yet calculatedCVE-2017-7441
MISC
MISC

sophos -- surfright_hitmanpro


 A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call.2017-09-13not yet calculatedCVE-2017-6007
MISC
MISC

sophos -- surfright_hitmanpro


 A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.2017-09-13not yet calculatedCVE-2017-6008
MISC
MISC
MISC
MISCsourcebans -- sourcebans
 Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.2017-09-11not yet calculatedCVE-2015-8349
BUGTRAQ
MISCstdu -- stdu_viewer
 STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869."2017-09-11not yet calculatedCVE-2017-14310
MISCstdu -- stdu_viewer
 STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9."2017-09-11not yet calculatedCVE-2017-14295
MISCsymantec -- encryption_desktop
 Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests."2017-09-13not yet calculatedCVE-2017-6330
BID
CONFIRMterramaster -- tos
 Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root.2017-09-15not yet calculatedCVE-2017-9328
MISCtianchoy/blog -- tianchoy/blog
 upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.2017-09-12not yet calculatedCVE-2017-14346
MISCtianchoy/blog -- tianchoy/blog
 SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.2017-09-12not yet calculatedCVE-2017-14345
MISCvbulletin -- vbulletin
 functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.2017-09-15not yet calculatedCVE-2014-9463
CONFIRM
EXPLOIT-DBvmware -- esxi_and_workstation_and_fusion
 VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.2017-09-15not yet calculatedCVE-2017-4925
BID
SECTRACK
SECTRACK
CONFIRM

vmware -- esxi_and_workstation_and_fusion


 VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host.2017-09-15not yet calculatedCVE-2017-4924
BID
SECTRACK
SECTRACK
CONFIRMvmware -- vcenter_server
 VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.2017-09-15not yet calculatedCVE-2017-4926
BID
SECTRACK
CONFIRMwordpress -- wordpressVulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.2017-09-14not yet calculatedCVE-2017-1002028
MISC
MISC
MISCwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php.2017-09-11not yet calculatedCVE-2015-8354
MISC
BUGTRAQ
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.2017-09-14not yet calculatedCVE-2017-1002020
MISC
MISC
MISCwordpress -- wordpress
 PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.2017-09-11not yet calculatedCVE-2015-8351
MISC
BUGTRAQ
CONFIRM
EXPLOIT-DB
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.2017-09-14not yet calculatedCVE-2017-1002019
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.2017-09-14not yet calculatedCVE-2017-1002021
MISC
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.2017-09-14not yet calculatedCVE-2017-1002000
BID
BID
MISC
MISC
EXPLOIT-DBwordpress -- wordpress
 The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().2017-09-11not yet calculatedCVE-2017-14313
CONFIRM
CONFIRM
MISCwordpress -- wordpress
 Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/.2017-09-11not yet calculatedCVE-2015-8350
MISC
BUGTRAQ
CONFIRM
MISCwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php.2017-09-11not yet calculatedCVE-2015-8353
MISC
BUGTRAQ
CONFIRM
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability.2017-09-14not yet calculatedCVE-2017-1002017
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.2017-09-14not yet calculatedCVE-2017-1002022
MISC
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.2017-09-14not yet calculatedCVE-2017-1002018
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.2017-09-14not yet calculatedCVE-2017-1002015
MISC
MISCwordpress -- wordpress
 In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.2017-09-12not yet calculatedCVE-2015-9228
MISC
MISC
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.2017-09-14not yet calculatedCVE-2017-1002027
MISC
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.2017-09-14not yet calculatedCVE-2017-1002016
MISC
MISCwordpress -- wordpress
 In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.2017-09-12not yet calculatedCVE-2015-9229
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.2017-09-14not yet calculatedCVE-2017-1002012
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.2017-09-14not yet calculatedCVE-2017-1002013
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.2017-09-14not yet calculatedCVE-2017-1002006
BID
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php2017-09-14not yet calculatedCVE-2017-1002023
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.2017-09-14not yet calculatedCVE-2017-1002014
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.2017-09-14not yet calculatedCVE-2017-1002001
MISC
MISC
EXPLOIT-DBwordpress -- wordpress
 Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.2017-09-14not yet calculatedCVE-2017-1002003
BID
MISC
MISC
EXPLOIT-DBwordpress -- wordpress
 Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/2017-09-14not yet calculatedCVE-2017-1002002
BID
MISC
MISC
EXPLOIT-DBwordpress -- wordpress
 Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.2017-09-14not yet calculatedCVE-2017-1002004
BID
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.2017-09-14not yet calculatedCVE-2017-1002005
BID
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.2017-09-14not yet calculatedCVE-2017-1002025
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.2017-09-14not yet calculatedCVE-2017-1002026
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.2017-09-14not yet calculatedCVE-2017-1002011
MISC
MISCwordpress -- wordpress
 In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter.2017-09-12not yet calculatedCVE-2015-9230
MISC
MISC
MISC
MISC
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.2017-09-14not yet calculatedCVE-2017-1002010
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.2017-09-14not yet calculatedCVE-2017-1002009
MISC
MISCwordpress -- wordpress
 Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.2017-09-14not yet calculatedCVE-2017-1002008
MISC
MISC
MISC
EXPLOIT-DBwordpress -- wordpress
 Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.2017-09-14not yet calculatedCVE-2017-1002007
BID
MISC
MISCxen -- xen
 A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.).2017-09-12not yet calculatedCVE-2017-14317
BID
SECTRACK
CONFIRMxen -- xen
 A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account.2017-09-12not yet calculatedCVE-2017-14319
BID
SECTRACK
CONFIRMxen -- xen
 An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct.2017-09-12not yet calculatedCVE-2017-14318
BID
SECTRACK
CONFIRMxen -- xen
 A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array.2017-09-12not yet calculatedCVE-2017-14316
BID
SECTRACK
CONFIRMxen -- xen
 Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.2017-09-13not yet calculatedCVE-2017-14431
CONFIRMxnview -- xnview
 XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010."2017-09-11not yet calculatedCVE-2017-14270
MISCxnview -- xnview
 XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000595d."2017-09-11not yet calculatedCVE-2017-14272
MISCxnview -- xnview
 XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e."2017-09-11not yet calculatedCVE-2017-14271
MISCxnview -- xnview
 XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706."2017-09-11not yet calculatedCVE-2017-14274
MISCxnview -- xnview
 XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0."2017-09-11not yet calculatedCVE-2017-14273
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

Fri, 09/15/2017 - 13:03
Original release date: September 15, 2017

VMware has released security updates to address vulnerabilities in ESXi, vCenter Server, Fusion, and Workstation. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0015 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Potential Phishing Scams Related to Equifax Data Breach

Thu, 09/14/2017 - 11:07
Original release date: September 14, 2017

The Federal Trade Commission (FTC) has released an alert on scams related to the Equifax data breach. FTC warns consumers to be wary of calls or emails purporting to be from Equifax agents. Legitimate Equifax representatives will not contact consumers to ask for verification of their information.

US-CERT encourages consumers to report fraudulent calls and emails to the FTC Complaint Assistant and to refer to the FTC Alert and US-CERT Tips on Avoiding Social Engineering and Phishing Attacks and Preventing and Responding to Identity Theft for more information.

 

This product is provided subject to this Notification and this Privacy & Use policy.


BlueBorne Bluetooth Vulnerabilities

Tue, 09/12/2017 - 17:26
Original release date: September 12, 2017

US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices.

US-CERT recommends that users and administrators read Vulnerability Note VU#240311 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases September 2017 Security Updates

Tue, 09/12/2017 - 17:17
Original release date: September 12, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's September 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 09/12/2017 - 16:29
Original release date: September 12, 2017

Adobe has released security updates to address vulnerabilities in Adobe RoboHelp, Flash Player, and ColdFusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-25, APSB17-28, and APSB17-30 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Update

Mon, 09/11/2017 - 13:04
Original release date: September 11, 2017

Cisco has released an update to address an Apache Struts 2 vulnerability affecting multiple Cisco products. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-254: Vulnerability Summary for the Week of September 4, 2017

Mon, 09/11/2017 - 06:30
Original release date: September 11, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoffmpeg -- ffmpegIn libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file.2017-09-077.1CVE-2017-14170
CONFIRMffmpeg -- ffmpegIn libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop.2017-09-077.1CVE-2017-14171
CONFIRMfujixerox -- contentsbridge_utilityUntrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-09-019.3CVE-2017-10851
CONFIRM
JVNfujixerox -- docuworksUntrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-09-019.3CVE-2017-10848
CONFIRM
JVNfujixerox -- docuworksUntrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-09-019.3CVE-2017-10849
CONFIRM
JVNgnome -- geditlibgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.2017-09-057.1CVE-2017-14108
MISC
MISChelpdezk -- helpdezkHelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.2017-09-057.5CVE-2017-14145
MISCimagemagick -- imagemagickThe ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.2017-09-017.1CVE-2017-12691
CONFIRMimagemagick -- imagemagickThe ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.2017-09-017.1CVE-2017-12692
CONFIRMimagemagick -- imagemagickThe ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.2017-09-017.1CVE-2017-12693
CONFIRMimagemagick -- imagemagickReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.2017-09-047.5CVE-2017-14137
CONFIRMimagemagick -- imagemagickImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.2017-09-047.5CVE-2017-14138
CONFIRMimagemagick -- imagemagickIn coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.2017-09-077.1CVE-2017-14172
CONFIRM
CONFIRMimagemagick -- imagemagickIn coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop.2017-09-077.1CVE-2017-14174
CONFIRM
CONFIRM
CONFIRMimagemagick -- imagemagickIn coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.2017-09-077.1CVE-2017-14175
CONFIRM
CONFIRMmcafee -- security_scan_plusA Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.2017-09-017.5CVE-2017-3897
CONFIRM
BIDnetapp -- data_ontapNetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.2017-09-017.5CVE-2015-7746
CONFIRMntt -- enkaku_support_toolUntrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-09-019.3CVE-2017-10829
CONFIRM
MISC
JVNrarlab -- unrarunrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.2017-09-037.5CVE-2017-14122
MISC
MISCsalesagility -- suitecrmRace condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.2017-09-069.3CVE-2015-5948
MLIST
MISC
CONFIRM
CONFIRMsap -- netweaverXML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.2017-09-067.5CVE-2015-7241
MISC
BUGTRAQ
BID
EXPLOIT-DBscrapy -- scrapyScrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.2017-09-057.8CVE-2017-14158
MISC
MISCsimplesamlphp -- simplesamlphpThe secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.2017-09-017.5CVE-2017-12868
CONFIRM
CONFIRMsimplesamlphp -- simplesamlphpSimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.2017-09-017.5CVE-2017-12873
CONFIRM
CONFIRMtechnicolor -- td5336_firmwareCommand Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.2017-09-0410.0CVE-2017-14127
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaspl -- libaxlHeap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document.2017-09-066.8CVE-2015-3450
MLIST
BIDbeaker-project -- beakerXML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system.2017-09-064.0CVE-2015-3160
MLIST
BID
CONFIRM
CONFIRM
CONFIRMbeaker-project -- beakerThe admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively.2017-09-064.0CVE-2015-3163
MLIST
BID
CONFIRM
CONFIRMbento4 -- bento4The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.2017-09-064.3CVE-2017-12474
MISC
MISC
MISCbento4 -- bento4The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.2017-09-064.3CVE-2017-12475
MISC
MISC
MISCbento4 -- bento4The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.2017-09-064.3CVE-2017-12476
MISC
MISC
MISCembedthis -- goaheadGoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.2017-09-055.0CVE-2017-14149
MISCeyesofnetwork -- eonwebIn the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.2017-09-036.5CVE-2017-14118
MISCeyesofnetwork -- eonwebIn the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.2017-09-036.5CVE-2017-14119
MISCffmpeg -- ffmpegIn the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.2017-09-076.8CVE-2017-14169
CONFIRMfroxlor -- froxlorFroxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log.2017-09-065.0CVE-2015-5959
MLIST
BID
CONFIRMgnome -- evincebackend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.2017-09-056.8CVE-2017-1000083
MISC
BID
MISC
MISCgnome -- gdk-pixbufAn exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.2017-09-056.8CVE-2017-2862
BID
MISCgnome -- gdk-pixbufAn exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.2017-09-056.8CVE-2017-2870
BID
MISCgnu -- binutilsThe decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file.2017-09-044.3CVE-2017-14128
BID
CONFIRM
CONFIRMgnu -- binutilsThe read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file.2017-09-044.3CVE-2017-14129
BID
CONFIRM
CONFIRMgnu -- binutilsThe _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file.2017-09-044.3CVE-2017-14130
BID
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagickThe ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403.2017-09-016.8CVE-2017-14103
MISC
MISChelpdezk -- helpdezkHelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory.2017-09-056.5CVE-2017-14146
MISChonda -- moto_lincHonda Moto LINC 1.6.1 does not verify SSL certificates.2017-09-064.3CVE-2015-2943
JVN
JVNDBibm -- emptoris_strategic_supply_managementIBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.2017-09-056.8CVE-2017-1097
CONFIRM
MISCibm -- inotesIBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.2017-09-054.3CVE-2017-1129
CONFIRM
CONFIRM
MISC
EXPLOIT-DBibm -- inotesIBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.2017-09-054.3CVE-2017-1130
CONFIRM
BID
MISC
EXPLOIT-DBibm -- qradar_network_securityIBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376.2017-09-054.3CVE-2017-1457
CONFIRM
BID
MISCibm -- qradar_network_securityIBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.2017-09-055.5CVE-2017-1458
CONFIRM
BID
MISCibm -- qradar_network_securityIBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 128689.2017-09-055.0CVE-2017-1491
CONFIRM
MISCimagemagick -- imagemagickImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.2017-09-046.8CVE-2017-14139
CONFIRMimagemagick -- imagemagickIn the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value.2017-09-074.3CVE-2017-14173
CONFIRM
CONFIRMjasper_project -- jasperJasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c.2017-09-044.3CVE-2017-14132
MISCledger-cli -- ledgerAn exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability.2017-09-056.8CVE-2017-2807
BID
MISCledger-cli -- ledgerAn exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.2017-09-056.8CVE-2017-2808
BID
MISClexmark -- perceptive_document_filtersAn exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.2017-09-056.8CVE-2017-2821
BID
MISClexmark -- perceptive_document_filtersAn exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability.2017-09-056.8CVE-2017-2822
BID
MISClibarchive -- libarchivelibarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.2017-09-064.3CVE-2017-14166
MISC
MISClibzip_project -- libzipThe _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.2017-09-014.3CVE-2017-14107
MISC
MISClinux -- linux_kernelThe tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.2017-09-014.9CVE-2017-14106
CONFIRM
CONFIRM
CONFIRMmcafee -- livesafeA man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.2017-09-014.3CVE-2017-3898
CONFIRMmimedefang -- mimedefangMIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts.2017-09-014.6CVE-2017-14102
MISC
MISCnetapp -- clustered_data_ontapNetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors.2017-09-016.5CVE-2017-12421
CONFIRMnetapp -- clustered_data_ontapNetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors.2017-09-014.0CVE-2017-12423
CONFIRMnetapp -- data_ontapNetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.2017-09-014.0CVE-2016-1895
CONFIRMnetapp -- oncommand_unified_manager_for_clustered_data_ontapNetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.2017-09-015.0CVE-2017-14053
CONFIRMopencv -- opencvOpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597.2017-09-044.3CVE-2017-14136
MISC
MISC
MISCopenjpeg -- openjpegAn off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution.2017-09-056.8CVE-2017-14151
BID
MISC
MISC
MISCopenjpeg -- openjpegA mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.2017-09-056.8CVE-2017-14152
MISC
MISC
MISCqemu -- qemuUse-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.2017-09-015.0CVE-2017-13711
MLIST
BID
CONFIRM
MLISTrarlab -- unrarunrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.2017-09-035.0CVE-2017-14120
MISC
MISCrarlab -- unrarThe DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive.2017-09-036.8CVE-2017-14121
MISC
MISCsimplesamlphp -- infocard_moduleThe InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.2017-09-015.0CVE-2017-12874
CONFIRMsimplesamlphp -- simplesamlphpThe multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.2017-09-015.0CVE-2017-12869
CONFIRMsimplesamlphp -- simplesamlphpSimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers.2017-09-014.3CVE-2017-12870
CONFIRMsimplesamlphp -- simplesamlphpThe aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).2017-09-014.3CVE-2017-12871
CONFIRM
CONFIRMsimplesamlphp -- simplesamlphpThe (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input.2017-09-014.3CVE-2017-12872
CONFIRMsuitecrm -- suitecrmSuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.2017-09-066.8CVE-2015-5947
MLIST
CONFIRM
CONFIRM
CONFIRMvulcanjs -- vulcanTelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.2017-09-065.0CVE-2015-3454
MLIST
BID
CONFIRM
MISCxnau -- participants_databaseThe Participants Database plugin before 1.7.5.10 for WordPress has XSS.2017-09-044.3CVE-2017-14126
MISC
CONFIRM
EXPLOIT-DBBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infobeaker-project -- beakerThe search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON.2017-09-063.5CVE-2015-3161
MLIST
BID
CONFIRM
MISC
CONFIRMbeaker-project -- beakerCross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked cancelled job.2017-09-063.5CVE-2015-3162
MLIST
BID
CONFIRM
MISC
CONFIRMlinux -- linux_kernelThe move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.2017-09-052.1CVE-2017-14140
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernelThe atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.2017-09-052.1CVE-2017-14156
BID
MISC
MISC
MISCqemu -- qemuQEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.2017-09-012.1CVE-2017-13672
MLIST
BID
CONFIRM
MLISTBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoanchor-cms -- anchor-cms
 Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.2017-09-07not yet calculatedCVE-2015-5060
CONFIRMapache -- hadoop
 The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.2017-09-05not yet calculatedCVE-2016-3086
MLIST
BIDapache_directory -- ldap_api
 Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.2017-09-07not yet calculatedCVE-2015-3250
CONFIRM
MLIST
MLIST
CONFIRMaskbot -- askbot
 Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch.2017-09-07not yet calculatedCVE-2015-3169
MLIST
BID
CONFIRMasterisk -- asteriskIn Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.2017-09-02not yet calculatedCVE-2017-14100
CONFIRM
SECTRACK
CONFIRM
CONFIRMasterisk -- asterisk
 In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.2017-09-02not yet calculatedCVE-2017-14098
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRMasterisk -- asterisk
 In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.2017-09-02not yet calculatedCVE-2017-14099
CONFIRM
SECTRACK
CONFIRM
CONFIRM
MISCat&t -- u-verse_firmware
 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports.2017-09-03not yet calculatedCVE-2017-10793
BID
MISC
MISCat&t -- u-verse_firmware
 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support.2017-09-03not yet calculatedCVE-2017-14116
BID
MISC
MISCat&t -- u-verse_firmware
 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands.2017-09-03not yet calculatedCVE-2017-14115
BID
MISC
MISCat&t -- u-verse_firmware
 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values.2017-09-03not yet calculatedCVE-2017-14117
BID
MISC
MISCazeotech -- daqfactory
 An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path.2017-09-08not yet calculatedCVE-2017-5147
BID
MISCazeotech -- daqfactory
 An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones.2017-09-08not yet calculatedCVE-2017-12699
BID
MISCcentreon -- centreon
 Cross-site scripting (XSS) vulnerability in Centreon 2.6.1.2017-09-07not yet calculatedCVE-2015-7672
MISCcisco -- asyncos_software_for_cisco_security_appliancesA vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user. Vulnerable Products: This vulnerability affects Cisco AsyncOS Software for Cisco ESA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA. Cisco Bug IDs: CSCuz81533.2017-09-07not yet calculatedCVE-2017-12218
SECTRACK
CONFIRMcisco -- emergency_responder
 A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973.2017-09-07not yet calculatedCVE-2017-12227
BID
SECTRACK
CONFIRMcisco -- firepower_management_center
 A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc50771.2017-09-07not yet calculatedCVE-2017-12220
BID
CONFIRMcisco -- firepower_management_center

 A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the affected system. Cisco Bug IDs: CSCvc38983.2017-09-07not yet calculatedCVE-2017-12221
BID
CONFIRMcisco -- gprs_tunneling_protocol
 A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation of GPRS Tunneling Protocol packet headers. An attacker could exploit this vulnerability by sending a malformed GPRS Tunneling Protocol packet to an affected device. A successful exploit could allow the attacker to cause the GTPUMGR process on an affected device to restart unexpectedly, resulting in a partial DoS condition. If the GTPUMGR process restarts, there could be a brief impact on traffic passing through the device. Cisco Bug IDs: CSCve07119.2017-09-07not yet calculatedCVE-2017-12217
BID
SECTRACK
CONFIRMcisco -- ios_and_ios_xe
 A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this vulnerability by polling the affected device IPv6 information. An exploit could allow the attacker to trigger high CPU usage or a reload of the device. Known Affected Releases: Denali-16.3.1. Cisco Bug IDs: CSCvb14640.2017-09-07not yet calculatedCVE-2017-12211
BID
SECTRACK
CONFIRM
CONFIRMcisco -- ios_and_ios_xe
 A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506.2017-09-07not yet calculatedCVE-2017-6627
BID
SECTRACK
CONFIRMcisco -- ios_xe
 A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949.2017-09-07not yet calculatedCVE-2017-6796
BID
SECTRACK
CONFIRMcisco -- ios_xe
 A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751.2017-09-07not yet calculatedCVE-2017-12213
BID
SECTRACK
CONFIRMcisco -- ios_xe
 A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device. Cisco Bug IDs: CSCvf10783.2017-09-07not yet calculatedCVE-2017-6795
BID
SECTRACK
CONFIRMcisco -- iot_field_network_directorA vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process. This vulnerability affects the following Cisco products: Connected Grid Network Management System, if running a software release prior to IoT-FND Release 4.0; IoT Field Network Director, if running a software release prior to IoT-FND Release 4.0. Cisco Bug IDs: CSCvc77164.2017-09-07not yet calculatedCVE-2017-6780
BID
CONFIRMcisco -- ir800_integrated_services_router_software
 A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027.2017-09-07not yet calculatedCVE-2017-12223
SECTRACK
CONFIRMcisco -- meeting server
 A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected. Cisco Bug IDs: CSCve20873.2017-09-07not yet calculatedCVE-2017-12224
BID
SECTRACK
CONFIRMcisco -- meeting_server
 A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution at the Cisco Meeting Server CLI. An exploit could allow the attacker to perform command injection and escalate their privilege level to root. Vulnerable Products: This vulnerability exists in Cisco Meeting Server software versions prior to and including 2.0, 2.1, and 2.2. Cisco Bug IDs: CSCvf53830.2017-09-07not yet calculatedCVE-2017-6794
BID
SECTRACK
CONFIRMcisco -- prime_collaboration_provisioning_tool
 A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted information. An attacker could exploit this vulnerability by accessing unauthorized information via the user interface. Cisco Bug IDs: CSCvd61932.2017-09-07not yet calculatedCVE-2017-6793
SECTRACK
CONFIRMcisco -- prime_collaboration_provisioning_tool
 A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766.2017-09-07not yet calculatedCVE-2017-6792
BID
SECTRACK
CONFIRMcisco -- prime_lan_management_solution
 A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user's session. Known Affected Releases 4.2(5). Cisco Bug IDs: CSCvf58392.2017-09-07not yet calculatedCVE-2017-12225
SECTRACK
CONFIRM
CONFIRMcisco -- socialminer
 A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946.2017-09-07not yet calculatedCVE-2017-12216
BID
SECTRACK
CONFIRMcisco -- unified_intelligence_center
 A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905.2017-09-07not yet calculatedCVE-2017-6791
BID
SECTRACK
CONFIRM
CONFIRMcisco -- unified_intelligence_center
 A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325.2017-09-07not yet calculatedCVE-2017-6789
BID
SECTRACK
CONFIRM
CONFIRMcisco -- unity_connection
 A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Known Affected Releases 10.5(2). Cisco Bug IDs: CSCvf25345.2017-09-07not yet calculatedCVE-2017-12212
BID
SECTRACK
CONFIRM
CONFIRMcisco -- yes_set-top_boxes
 A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the firmware of an affected device fails to handle certain XML values that are passed to the HTTP RPC service listening on the local subnet of the device. An attacker could exploit this vulnerability by submitting a malformed request to an affected device. A successful attack could cause the affected device to restart, resulting in a DoS condition. Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action. Vulnerable Products: This vulnerability affects YesMaxTotal, YesMax HD, and YesQuattro STB devices. Cisco Bug IDs: CSCvd08812.2017-09-07not yet calculatedCVE-2017-6631
BID
CONFIRMconcrete5 -- concrete5
 SQL injection vulnerability in Concrete5 5.7.3.1.2017-09-07not yet calculatedCVE-2015-4724
MISCconcrete5 -- concrete5
 Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.2017-09-07not yet calculatedCVE-2015-4721
MISCd-link -- dir-600l
 Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors.2017-09-07not yet calculatedCVE-2016-10405
CONFIRMdayrui -- finecms
 The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.2017-09-07not yet calculatedCVE-2017-14192
MISCdayrui -- finecms
 The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.2017-09-07not yet calculatedCVE-2017-14194
MISCdayrui -- finecms
 The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.2017-09-07not yet calculatedCVE-2017-14193
MISCdayrui -- finecms
 The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer.2017-09-07not yet calculatedCVE-2017-14195
MISCdevscripts -- devscripts
 Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.2017-09-06not yet calculatedCVE-2015-5705
FEDORA
FEDORA
MLIST
CONFIRM
CONFIRM
CONFIRMdiving_log -- diving_log
 XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.2017-09-08not yet calculatedCVE-2017-9095
MISCdjango -- django
 In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.2017-09-07not yet calculatedCVE-2017-12794
BID
SECTRACK
CONFIRMepicor_crs -- retail_store
 The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.2017-09-06not yet calculatedCVE-2015-2210
MISC
BUGTRAQetherpad -- etherpad
 Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1.2017-09-07not yet calculatedCVE-2015-4085
MLIST
CONFIRMffmpeg -- ffmpegIn libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.2017-09-08not yet calculatedCVE-2017-14223
CONFIRMffmpeg -- ffmpeg
 The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)2017-09-09not yet calculatedCVE-2017-14225
MISC
MISCffmpeg -- ffmpeg
 In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.2017-09-08not yet calculatedCVE-2017-14222
CONFIRMfiberhome -- user_end_routers_an1020-25
 An issue was discovered on FiberHome User End Routers bearing model number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.2017-09-07not yet calculatedCVE-2017-14147
MISCglibc -- glibc
 The DNS stub resolver in the GNU C Library (glibc) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation.2017-09-07not yet calculatedCVE-2017-12133
FEDORA
CONFIRM
CONFIRMgongjin_electronics -- t&w_wifi_repeater_be126
 T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.2017-09-07not yet calculatedCVE-2017-13713
MISC
EXPLOIT-DBgoogle -- androidA remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741.2017-09-08not yet calculatedCVE-2017-0758
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744.2017-09-08not yet calculatedCVE-2017-0753
BID
CONFIRMgoogle -- androidA denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911.2017-09-08not yet calculatedCVE-2017-0773
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122.2017-09-08not yet calculatedCVE-2017-0769
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.2017-09-08not yet calculatedCVE-2017-0786
BID
CONFIRMgoogle -- androidA denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.2017-09-08not yet calculatedCVE-2017-0771
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815.2017-09-08not yet calculatedCVE-2017-0757
BID
CONFIRMgoogle -- androidA information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117.2017-09-08not yet calculatedCVE-2017-0779
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103.2017-09-08not yet calculatedCVE-2017-0788
BID
CONFIRMgoogle -- androidA information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499.2017-09-08not yet calculatedCVE-2017-0777
BID
CONFIRMgoogle -- androidA elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477.2017-09-08not yet calculatedCVE-2017-0803
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381.2017-09-08not yet calculatedCVE-2017-0761
BID
CONFIRMgoogle -- androidA information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.2017-09-08not yet calculatedCVE-2017-0792
BID
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268.2017-09-08not yet calculatedCVE-2017-0759
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480.2017-09-08not yet calculatedCVE-2017-0795
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854.2017-09-08not yet calculatedCVE-2017-0797
BID
CONFIRMgoogle -- android
 A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844.2017-09-08not yet calculatedCVE-2017-0774
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532.2017-09-08not yet calculatedCVE-2017-0798
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887.2017-09-08not yet calculatedCVE-2017-0796
BID
CONFIRMgoogle -- android
 A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946.2017-09-08not yet calculatedCVE-2017-0793
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072.2017-09-08not yet calculatedCVE-2017-0799
BID
CONFIRMgoogle -- android
 A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076.2017-09-08not yet calculatedCVE-2017-0772
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818.2017-09-08not yet calculatedCVE-2017-0802
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992.2017-09-08not yet calculatedCVE-2017-0768
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988.2017-09-08not yet calculatedCVE-2017-0800
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101.2017-09-08not yet calculatedCVE-2017-0790
BID
CONFIRMgoogle -- android
 A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227.2017-09-08not yet calculatedCVE-2017-0778
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812.2017-09-08not yet calculatedCVE-2017-0770
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.2017-09-08not yet calculatedCVE-2017-0794
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980.2017-09-08not yet calculatedCVE-2017-0801
BID
CONFIRMgoogle -- android
 A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660.2017-09-08not yet calculatedCVE-2017-0776
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102.2017-09-08not yet calculatedCVE-2017-0789
BID
CONFIRMgoogle -- android
 A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179.2017-09-08not yet calculatedCVE-2017-0775
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407.2017-09-08not yet calculatedCVE-2017-0767
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015.2017-09-08not yet calculatedCVE-2017-0764
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264.2017-09-08not yet calculatedCVE-2017-0762
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688.2017-09-08not yet calculatedCVE-2017-0766
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693.2017-09-08not yet calculatedCVE-2017-0763
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863.2017-09-08not yet calculatedCVE-2017-0765
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302.2017-09-08not yet calculatedCVE-2017-0791
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396.2017-09-08not yet calculatedCVE-2017-0760
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.2017-09-08not yet calculatedCVE-2017-0784
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.2017-09-08not yet calculatedCVE-2017-0752
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.2017-09-08not yet calculatedCVE-2017-0756
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311.2017-09-08not yet calculatedCVE-2017-0755
BID
CONFIRMgoogle -- android
 A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976.2017-09-08not yet calculatedCVE-2017-0780
BID
CONFIRMgoogle -- android
 A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104.2017-09-08not yet calculatedCVE-2017-0787
BID
CONFIRMgraphicsmagick -- graphicsmagick
 The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c.2017-09-06not yet calculatedCVE-2017-14165
MISC
MISChuawei -- e5756s
 Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.2017-09-07not yet calculatedCVE-2015-4629
BID
CONFIRMibm -- content_navigator_&_cmis
 IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577.2017-09-07not yet calculatedCVE-2017-1502
CONFIRM
MISCibm -- emptoris_supplier_lifecycle_management
 IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.2017-09-07not yet calculatedCVE-2017-1098
CONFIRM
MISCibm -- flex_system
 Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier.2017-09-07not yet calculatedCVE-2014-9565
BID
CONFIRMibm -- websphere_portal_web_content_manager
 IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558.2017-09-07not yet calculatedCVE-2017-1189
CONFIRM
SECTRACK
MISCidapauth-fork -- idapauth-fork
 Idapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.2017-09-06not yet calculatedCVE-2015-7294
MLIST
MLIST
CONFIRM
CONFIRMimagemagick -- imagemagick
 A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.2017-09-08not yet calculatedCVE-2017-14224
CONFIRMintel -- firmware_for_multiple_products
 Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 can be upgraded to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.2017-09-05not yet calculatedCVE-2017-5698
CONFIRMintelbras -- wireless_n_router_firmware
 XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command.2017-09-07not yet calculatedCVE-2017-14219
MISC
EXPLOIT-DBjasper -- jasper
 There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of JasPer 2.0.13. It will lead to a remote denial of service attack.2017-09-09not yet calculatedCVE-2017-14229
MISCjoomla! -- joomla!
 The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php.2017-09-07not yet calculatedCVE-2013-7428
FULLDISC
CONFIRM
MLIST
MLISTjoomla! -- joomla!
 Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename.2017-09-08not yet calculatedCVE-2017-2550
MISCkamailio -- kamailio
 The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl.2017-09-07not yet calculatedCVE-2015-1590
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRMlexmark -- scan_to_network
 Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.2017-09-07not yet calculatedCVE-2017-13771
MISC
FULLDISClibgd2 -- libgd2
 Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.2017-09-07not yet calculatedCVE-2017-6362
DEBIAN
CONFIRM
CONFIRM
FEDORAlibwpd -- libwpd
 WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.2017-09-09not yet calculatedCVE-2017-14226
MISC
MISC
MISC
MISC
MISC
MISClightdm -- lightdm
 Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address.2017-09-06not yet calculatedCVE-2015-8316
MLIST
CONFIRM
CONFIRMlinux -- linux_kernel
 The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides.2017-09-08not yet calculatedCVE-2017-12146
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root.2017-09-08not yet calculatedCVE-2016-5759
SUSE
MLISTlinux -- linux_kernel
 Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.2017-09-06not yet calculatedCVE-2015-5186
MLIST
BID
CONFIRM
CONFIRMmediatek -- mediatekA elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.2017-09-08not yet calculatedCVE-2017-0804
BID
CONFIRMmongodb -- libbson
 In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c.2017-09-09not yet calculatedCVE-2017-14227
MISC
MISC
MISCmongoose_web_server -- mongoose_web_server
 Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.2017-09-07not yet calculatedCVE-2017-11567
MISC
FULLDISC
EXPLOIT-DBmp3gain -- mp3gain
 The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file.2017-09-07not yet calculatedCVE-2017-12912
MISCmp3gain -- mp3gain
 The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file.2017-09-07not yet calculatedCVE-2017-12911
MISCmp4tools -- aacplusenc
 DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference.2017-09-07not yet calculatedCVE-2017-14181
MISC
MISCnasm -- nasmIn Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.2017-09-09not yet calculatedCVE-2017-14228
MISCnational_instruments -- labview
 An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution.2017-09-05not yet calculatedCVE-2017-2779
CONFIRM
BID
MISC
MISCnexsusphp -- nexsusphp
 Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.2017-09-07not yet calculatedCVE-2017-12838
MISCnexsusphp -- nexsusphp
 Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php.2017-09-07not yet calculatedCVE-2017-12906
MISC
MISCocaml -- ocaml
 OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."2017-09-07not yet calculatedCVE-2017-9779
CONFIRM
MLISTopendreambox -- opendreambox
 enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.2017-09-04not yet calculatedCVE-2017-14135
MISCopenjpeg -- openjpeg
 A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.2017-09-06not yet calculatedCVE-2017-14164
MISC
MISC
MISCopenldap -- openldap
 slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.2017-09-05not yet calculatedCVE-2017-14159
MISCopw_fuel_management_systems -- sitesentinel_integra_consoles

 A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges.2017-09-08not yet calculatedCVE-2017-12733
BID
MISCopw_fuel_management_systems -- sitesentinel_integra_consoles
 A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client.2017-09-08not yet calculatedCVE-2017-12731
BID
MISCossec -- ossec
 syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.2017-09-07not yet calculatedCVE-2015-3222
MISC
MLIST
BID
CONFIRMpalo_alto -- pan-osCross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation.2017-09-07not yet calculatedCVE-2017-12416
CONFIRM
BID
SECTRACKpalo_alto -- pan_os
 XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors.2017-09-07not yet calculatedCVE-2017-9458
CONFIRM
BID
SECTRACKpivotal -- cloud_foundry
 The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors.2017-09-07not yet calculatedCVE-2016-0732
CONFIRMpivotal -- cloud_foundry
 In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system.2017-09-08not yet calculatedCVE-2017-8040
BID
CONFIRMpivotal -- cloud_foundry
 In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name.2017-09-08not yet calculatedCVE-2017-8041
BID
CONFIRMpragyan -- pragyan
 SQL injection vulnerability in Pragyan CMS 3.0.2017-09-07not yet calculatedCVE-2015-4627
MISCqemu -- qemu
 Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write.2017-09-08not yet calculatedCVE-2017-14167
MLIST
MLISTqtwebkit -- qt5
 qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.2017-09-07not yet calculatedCVE-2015-8079
MLIST
CONFIRM
CONFIRMruby -- ruby
 The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string.2017-09-06not yet calculatedCVE-2014-6438
MLIST
SECTRACK
CONFIRM
CONFIRMsafrengo -- safrengo
 SQL injection vulnerability in Sefrengo before 1.6.5 beta2.2017-09-07not yet calculatedCVE-2015-5052
CONFIRMsimple-php-captcha -- simple-php-captcha
 simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side.2017-09-06not yet calculatedCVE-2015-6250
MLIST
CONFIRM
CONFIRMsoreco -- xpert_line
 Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call.2017-09-07not yet calculatedCVE-2015-3442
MISC
FULLDISC
BUGTRAQ
BID
MISCspina -- spina
 Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75.2017-09-07not yet calculatedCVE-2015-4619
MLIST
BID
MISCstrongswan -- strongswan
 strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.2017-09-07not yet calculatedCVE-2015-3991
FEDORA
FEDORA
BID
CONFIRM
CONFIRMsvn-workbench -- svn-workbench
 svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes).2017-09-06not yet calculatedCVE-2015-0853
MISC
MLIST
MISC
MISC
CONFIRMsymantec -- proxyclient
 Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges.2017-09-01not yet calculatedCVE-2017-13674
BID
CONFIRMsynology -- photo_stationServer-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.2017-09-08not yet calculatedCVE-2017-12071
CONFIRMsynology -- photo_station
 Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.2017-09-08not yet calculatedCVE-2017-11162
CONFIRMsynology -- photo_station
 Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.2017-09-08not yet calculatedCVE-2017-11161
CONFIRMtinfoil -- devise-two-factor
 Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step.2017-09-06not yet calculatedCVE-2015-7225
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRMwibu_systems -- codemeter
 Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.2017-09-07not yet calculatedCVE-2017-13754
FULLDISC
BUGTRAQ
EXPLOIT-DB
MISCwolf_cms -- wolf_cms
 Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI).2017-09-08not yet calculatedCVE-2017-11611
MISCwordpress -- wordpress
 SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php.2017-09-07not yet calculatedCVE-2017-9834
MISC
EXPLOIT-DBwordpress -- wordpress
 Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563.2017-09-07not yet calculatedCVE-2015-4697
MLIST
MLIST
BID
MISC
MISCwordpress -- wordpress
 SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.2017-09-07not yet calculatedCVE-2015-3314
MISC
MLIST
MLIST
BID
CONFIRM
EXPLOIT-DBwordpress -- wordpress
 SQL injection vulnerability in WordPress Community Events plugin before 1.4.2017-09-07not yet calculatedCVE-2015-3313
MISC
MLIST
MLIST
BID
CONFIRM
EXPLOIT-DByast -- yast
 The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.2017-09-08not yet calculatedCVE-2011-3177
CONFIRM
CONFIRMzoho -- manageengine_firewall_analyzer
 Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.2017-09-04not yet calculatedCVE-2017-14123
MISC
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Pages