CERT

Subscribe to CERT feed
Updated: 9 min 58 sec ago

FTC Releases Alert on Tech-Support Scams

Fri, 06/23/2017 - 16:09
Original release date: June 23, 2017

The Federal Trade Commission (FTC) has released an alert on technical-support scams. In these schemes, deceptive tech-support operations offer to fix problems that don't exist, placing calls or sending pop-ups to make people think their computers are infected with viruses. Users should not give control of their computers to any stranger offering to fix problems.

US-CERT encourages users and administrators to refer to the FTC Alert and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Internet Crime Report for 2016

Wed, 06/21/2017 - 18:40
Original release date: June 21, 2017

The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3. Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world.

US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat.

This product is provided subject to this Notification and this Privacy & Use policy.


Drupal Releases Security Updates

Wed, 06/21/2017 - 17:30
Original release date: June 21, 2017

Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.56 or 8.3.4.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 06/21/2017 - 15:45
Original release date: June 21, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-170: Vulnerability Summary for the Week of June 12, 2017

Mon, 06/19/2017 - 06:38
Original release date: June 19, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infognome -- libcrocoThe cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.2017-06-127.1CVE-2017-8871
MISC
EXPLOIT-DBgnu -- glibcnscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.2017-06-127.5CVE-2014-9984
BID
CONFIRM
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.2017-06-139.3CVE-2014-9960
BID
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.2017-06-139.3CVE-2014-9961
BID
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.2017-06-139.3CVE-2015-9023
BID
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application.2017-06-139.3CVE-2015-9025
BID
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine.2017-06-139.3CVE-2015-9028
BID
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler.2017-06-139.3CVE-2016-10340
BID
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.2017-06-139.3CVE-2016-10342
BID
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.2017-06-139.3CVE-2017-7365
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.2017-06-137.6CVE-2017-7372
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.2017-06-139.3CVE-2017-8236
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image.2017-06-139.3CVE-2017-8237
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function.2017-06-139.3CVE-2017-8238
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.2017-06-139.3CVE-2017-8240
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length.2017-06-139.3CVE-2017-8241
CONFIRMiodata -- ts-wrla_firmwareI-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.2017-06-099.0CVE-2016-7819
CONFIRM
BID
JVNiodata -- ts-wrla_firmwareBuffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors.2017-06-099.0CVE-2016-7820
CONFIRM
BID
JVNiodata -- wfs-sr01_firmwareI-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.2017-06-0910.0CVE-2016-7806
CONFIRM
BID
JVNlibquicktime -- libquicktimeThe quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.2017-06-127.1CVE-2017-9122
EXPLOIT-DBskygroup -- skysea_client_viewSKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.2017-06-0910.0CVE-2016-7836
BID
CONFIRM
JVN
CONFIRMBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infobluez -- bluezBuffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.2017-06-094.6CVE-2016-7837
BID
CONFIRM
JVNbuffalotech -- wnc01wh_firmwareBuffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.2017-06-094.3CVE-2016-7821
CONFIRM
BID
JVNbuffalotech -- wnc01wh_firmwareCross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.2017-06-096.8CVE-2016-7822
CONFIRM
BID
JVNbuffalotech -- wnc01wh_firmwareBuffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.2017-06-096.5CVE-2016-7824
CONFIRM
BID
JVNbuffalotech -- wnc01wh_firmwareDirectory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.2017-06-094.0CVE-2016-7825
CONFIRM
BID
JVNbuffalotech -- wnc01wh_firmwareDirectory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.2017-06-094.0CVE-2016-7826
CONFIRM
BID
JVNcodecabin_ -- wp_live_chat_supportCross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-06-094.3CVE-2017-2187
JVN
CONFIRMcorega -- cg-wlbargnl_firmwareCross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-06-094.3CVE-2016-7808
CONFIRM
BID
JVNcorega -- cg-wlr300nx_firmwareCross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.2017-06-096.8CVE-2016-7809
CONFIRM
BID
JVNcorega -- cg-wlr300nx_firmwareCorega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.2017-06-095.8CVE-2016-7811
CONFIRM
BID
JVNcybozu -- dezieCybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.2017-06-095.0CVE-2016-7832
BID
JVN
CONFIRMcybozu -- dezieCybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.2017-06-096.4CVE-2016-7833
BID
JVN
CONFIRMcybozu -- garoonCross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.2017-06-094.3CVE-2016-4906
BID
JVN
CONFIRMcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.2017-06-096.8CVE-2016-4907
BID
JVN
CONFIRMcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.2017-06-094.0CVE-2016-4908
BID
BID
JVN
CONFIRMcybozu -- garoonCross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.2017-06-094.3CVE-2016-4909
BID
BID
JVN
CONFIRMcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.2017-06-094.0CVE-2016-4910
BID
JVN
CONFIRMcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.2017-06-094.0CVE-2016-7801
BID
JVN
CONFIRMcybozu -- garoonDirectory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.2017-06-094.0CVE-2016-7802
BID
JVN
CONFIRMcybozu -- garoonSQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.2017-06-096.5CVE-2016-7803
BID
JVN
CONFIRMemon-cms -- deraemon-cmsCross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username.2017-06-094.3CVE-2016-7813
CONFIRM
BID
JVNfenrir-inc -- sleipnirSleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage.2017-06-095.8CVE-2016-7831
BID
JVNgnome -- libcrocoThe cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.2017-06-124.3CVE-2017-8834
MISC
EXPLOIT-DBgoogle -- androidA remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305.2017-06-146.8CVE-2017-0638
BID
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.2017-06-134.3CVE-2017-8242
CONFIRMh2o_project -- h2oUse-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.2017-06-096.4CVE-2016-7835
BID
CONFIRM
JVNibm -- maximo_asset_managementIBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276.2017-06-136.5CVE-2016-9984
CONFIRM
MISCiodata -- ts-wrla_firmwareI-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.2017-06-095.0CVE-2016-7814
CONFIRM
BID
JVNiodata -- wfs-sr01_firmwareI-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.2017-06-095.0CVE-2016-7807
CONFIRM
BID
JVNipa -- appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.2017-06-096.8CVE-2017-2179
JVNipa -- appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors.2017-06-094.3CVE-2017-2180
JVNipa -- appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.2017-06-096.8CVE-2017-2181
JVNipa -- appgoatHands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.2017-06-096.8CVE-2017-2182
JVNlibquicktime -- libquicktimeThe lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.2017-06-124.3CVE-2017-9123
EXPLOIT-DBlibquicktime -- libquicktimeThe quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.2017-06-124.3CVE-2017-9124
EXPLOIT-DBlibquicktime -- libquicktimeThe lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.2017-06-124.3CVE-2017-9125
EXPLOIT-DBlibquicktime -- libquicktimeThe quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.2017-06-124.3CVE-2017-9126
EXPLOIT-DBlibquicktime -- libquicktimeThe quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.2017-06-124.3CVE-2017-9127
EXPLOIT-DBlibquicktime -- libquicktimeThe quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.2017-06-124.3CVE-2017-9128
EXPLOIT-DBsimple_keitai_chat_project -- simple_keitai_chatCross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-06-094.3CVE-2016-7817
BID
JVNtorproject -- torThe hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.2017-06-095.0CVE-2017-0375
BID
CONFIRM
CONFIRM
CONFIRMtorproject -- torThe hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.2017-06-095.0CVE-2017-0376
CONFIRM
CONFIRM
CONFIRMunisys -- mobigateThe mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-094.3CVE-2016-7805
BID
JVNBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infobigtreecms -- bigtree_cmsadmin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.2017-06-123.5CVE-2017-9546
CONFIRMbigtreecms -- bigtree_cmsadmin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change).2017-06-123.5CVE-2017-9547
CONFIRMbigtreecms -- bigtree_cmsadmin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change).2017-06-123.5CVE-2017-9548
CONFIRMbuffalotech -- wnc01wh_firmwareCross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-06-092.3CVE-2016-7823
CONFIRM
BID
JVNcorega -- cg-wlr300nx_firmwareCross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.2017-06-093.5CVE-2016-7810
CONFIRM
BID
JVNibm -- inotesIBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.2017-06-123.5CVE-2017-1214
CONFIRM
MISCibm -- rational_doors_next_generationIBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627.2017-06-123.5CVE-2017-1247
CONFIRM
BID
MISCibm -- rational_doors_next_generationIBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751.2017-06-123.5CVE-2017-1276
CONFIRM
BID
MISCibm -- rational_doors_next_generationIBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.2017-06-123.5CVE-2017-1278
CONFIRM
BID
MISClinux -- linux_kernelAn information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815.2017-06-142.6CVE-2017-0651
BID
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacquisition_technology_logistics_agency -- electronic_bidding_systemUntrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2178
JVN
CONFIRM
BIDanti-web -- anti-web
 In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.2017-06-15not yet calculatedCVE-2017-9097
MISC
MISC
MISCapache -- kibana
 Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield.2017-06-16not yet calculatedCVE-2016-1000219
CONFIRMapache -- kibana
 With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.2017-06-16not yet calculatedCVE-2017-8451
CONFIRMapache -- kibana
 Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website.2017-06-16not yet calculatedCVE-2016-10365
CONFIRMapache -- kibana
 Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.2017-06-16not yet calculatedCVE-2017-8452
CONFIRMapache -- kibana
 Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.2017-06-16not yet calculatedCVE-2016-10366
CONFIRMapache -- kibana
 Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.2017-06-16not yet calculatedCVE-2016-1000220
CONFIRMapache -- kibana
 Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.2017-06-16not yet calculatedCVE-2016-1000218
CONFIRMapache -- kibana
 With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions.2017-06-16not yet calculatedCVE-2016-10364
CONFIRMapache -- kibana
 Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.2017-06-16not yet calculatedCVE-2015-9056
CONFIRMapache -- nifiApache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.2017-06-12not yet calculatedCVE-2017-7667
BID
MLISTapache -- nifi
 In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.2017-06-12not yet calculatedCVE-2017-7665
BID
MLISTapache -- ranger
 Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.2017-06-14not yet calculatedCVE-2016-8751
BID
CONFIRMapache -- ranger
 In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.2017-06-14not yet calculatedCVE-2017-7677
BID
CONFIRMapache -- ranger
 Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.2017-06-14not yet calculatedCVE-2016-8746
BID
CONFIRMapache -- ranger
 Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.2017-06-14not yet calculatedCVE-2017-7676
BID
CONFIRMapache -- thrift
 The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.2017-06-16not yet calculatedCVE-2015-3254
CONFIRM
CONFIRM
MLISTapcupsd -- apcupsd
 In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup. This occurs because of "RW NT AUTHORITY\Authenticated Users" permissions for %SYSTEMDRIVE%\apcupsd\bin\apcupsd.exe.2017-06-16not yet calculatedCVE-2017-7884
MISCatlassian -- bamboo
 Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.2017-06-14not yet calculatedCVE-2017-8907
CONFIRMatlassian -- confluence
 Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.2017-06-15not yet calculatedCVE-2017-9505
CONFIRM
MISCavira -- avira mobile security application
 The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.2017-06-15not yet calculatedCVE-2015-7732
MISCcisco -- asr_5000_series_routersA vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083.2017-06-13not yet calculatedCVE-2017-6690
BID
CONFIRMcisco -- context_service
 A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.2017-06-13not yet calculatedCVE-2017-6667
BID
CONFIRMcisco -- cucdm
 Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1.2017-06-13not yet calculatedCVE-2017-6668
BID
CONFIRMcisco -- cucdm
 A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1.2017-06-13not yet calculatedCVE-2017-6670
BID
CONFIRMcisco -- elastic_services_controllersA vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More Information: CSCvc76642. Known Affected Releases: 2.2(9.76).2017-06-13not yet calculatedCVE-2017-6683
BID
CONFIRMcisco -- elastic_services_controllers
 A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76).2017-06-13not yet calculatedCVE-2017-6697
BID
CONFIRMcisco -- elastic_services_controllers
 A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.2(9.76).2017-06-13not yet calculatedCVE-2017-6689
BID
CONFIRMcisco -- elastic_services_controllers
 A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2).2017-06-13not yet calculatedCVE-2017-6696
BID
CONFIRMcisco -- elastic_services_controllers
 A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).2017-06-13not yet calculatedCVE-2017-6688
BID
CONFIRMcisco -- elastic_services_controllers
 A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).2017-06-13not yet calculatedCVE-2017-6691
BID
CONFIRMcisco -- elastic_services_controllers
 A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76).2017-06-13not yet calculatedCVE-2017-6682
BID
CONFIRMcisco -- elastic_services_controllers
 A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0.2017-06-13not yet calculatedCVE-2017-6684
BID
CONFIRMcisco -- elastic_services_controllers
 A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.2(9.76) 2.3(1).2017-06-13not yet calculatedCVE-2017-6693
BID
CONFIRMcisco -- esa_sma
 A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049.2017-06-13not yet calculatedCVE-2017-6661
BID
CONFIRMcisco -- esa
 A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015.2017-06-13not yet calculatedCVE-2017-6671
BID
CONFIRMcisco -- firepower
 A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0.2017-06-13not yet calculatedCVE-2017-6673
CONFIRMcisco -- firepower
 A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2.2017-06-13not yet calculatedCVE-2017-6674
BID
CONFIRMcisco -- industrial_network_director
 A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176).2017-06-13not yet calculatedCVE-2017-6675
BID
CONFIRMcisco -- ip_phone_8800_series
 A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are dropped as the SIP process restarts. More Information: CSCvc29353. Known Affected Releases: 11.0(0.1). Known Fixed Releases: 11.0(0)MP2.153 11.0(0)MP2.62.2017-06-13not yet calculatedCVE-2017-6656
BID
CONFIRMcisco -- ncs_5500_series_routers
 A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE.2017-06-13not yet calculatedCVE-2017-6666
BID
CONFIRMcisco -- nx-os
 A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects Cisco NX-OS Software on the following Cisco devices when they are configured for FCoE: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. More Information: CSCvc91729. Known Affected Releases: 8.3(0)CV(0.833). Known Fixed Releases: 8.3(0)ISH(0.62) 8.3(0)CV(0.944) 8.1(1) 8.1(0.8)S0 7.3(2)D1(0.47).2017-06-13not yet calculatedCVE-2017-6655
BID
CONFIRMcisco -- prime_collaboration_assurance
 A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6.2017-06-13not yet calculatedCVE-2017-6659
BID
CONFIRMcisco -- ultra_services_framework
 A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839.2017-06-13not yet calculatedCVE-2017-6692
BID
CONFIRMcisco -- ultra_services_framework
 A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0.2017-06-13not yet calculatedCVE-2017-6680
BID
CONFIRMcisco -- ultra_services_framework
 A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839.2017-06-13not yet calculatedCVE-2017-6694
BID
CONFIRMcisco -- ultra_services_framework
 A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839.2017-06-13not yet calculatedCVE-2017-6695
BID
CONFIRMcisco -- ultra_services_framework
 A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0.2017-06-13not yet calculatedCVE-2017-6687
BID
CONFIRMcisco -- ultra_services_framework
 A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0.2017-06-13not yet calculatedCVE-2017-6685
BID
CONFIRMcisco -- ultra_services_framework
 A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76699. Known Affected Releases: 21.0.0.2017-06-13not yet calculatedCVE-2017-6686
BID
CONFIRMcisco -- ultra_services_framework
 A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0.2017-06-13not yet calculatedCVE-2017-6681
BID
CONFIRMcitrix -- xenmobile_serverXML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.2017-06-16not yet calculatedCVE-2017-9231
BID
CONFIRMcurl -- curl
 In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://").2017-06-14not yet calculatedCVE-2017-9502
CONFIRM
CONFIRMcybozu -- kintone_app
 The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-09not yet calculatedCVE-2016-7816
BID
JVN
CONFIRMd-link -- dir-605l_devices
 On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.2017-06-15not yet calculatedCVE-2017-9675
CONFIRMd-link -- wireless_n300_router
 D-Link DIR-615 Wireless N300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.2017-06-11not yet calculatedCVE-2017-9542
BID
MISC
MISCdigital_canal_structural -- wind_analysis
 A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack.2017-06-14not yet calculatedCVE-2017-7910
BID
MISCeclipse -- jetty
 Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.2017-06-16not yet calculatedCVE-2017-9735
MISC
MISCefs_software -- easy_chat_server
 There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.2017-06-12not yet calculatedCVE-2017-9544
EXPLOIT-DBefs_software -- easy_chat_server
 register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.2017-06-12not yet calculatedCVE-2017-9543
EXPLOIT-DBefs_software -- easy_chat_server
 register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.2017-06-12not yet calculatedCVE-2017-9557
EXPLOIT-DBelastic -- logstash
 Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit.2017-06-16not yet calculatedCVE-2016-10363
CONFIRMelastic -- logstash
 Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.2017-06-16not yet calculatedCVE-2016-1000222
CONFIRMelastic -- logstash
 Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.2017-06-16not yet calculatedCVE-2016-1000221
CONFIRMelastic -- logstash
 Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.2017-06-16not yet calculatedCVE-2016-10362
CONFIRMelastic -- x-pack_security
 X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information.2017-06-16not yet calculatedCVE-2017-8450
CONFIRMelastic -- x-pack_security
 X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index.2017-06-16not yet calculatedCVE-2017-8449
CONFIRMemc -- esrs_ve
 EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.2017-06-14not yet calculatedCVE-2017-4986
CONFIRM
BIDemc -- rsa_bsafe_cert_c
 EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.2017-06-14not yet calculatedCVE-2017-4981
CONFIRM
BIDemc -- rsa_identity_governanace_and_lifecycle_versions
 EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.2017-06-09not yet calculatedCVE-2017-5003
CONFIRM
BIDemc -- rsa_identity_governanace_and_lifecycle_versions
 EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.2017-06-09not yet calculatedCVE-2017-5004
CONFIRM
BIDf5 -- multiple_products
 A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.2017-06-09not yet calculatedCVE-2016-7469
BID
CONFIRMflexera -- flexnet_publisher
 In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.2017-06-15not yet calculatedCVE-2016-10395
MISCgnuplot -- gnuplot
 An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.2017-06-15not yet calculatedCVE-2017-9670
CONFIRMgnutls -- gnutls
 GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.2017-06-16not yet calculatedCVE-2017-7507
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS.2017-06-13not yet calculatedCVE-2016-10333
BID
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten.2017-06-13not yet calculatedCVE-2016-10334
BID
CONFIRMgoogle -- androidIn all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.2017-06-13not yet calculatedCVE-2017-8235
CONFIRMgoogle -- androidA remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.2017-06-14not yet calculatedCVE-2017-0663
BID
CONFIRMgoogle -- androidA remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-35472997.2017-06-14not yet calculatedCVE-2017-0644
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.2017-06-13not yet calculatedCVE-2015-9021
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs.2017-06-13not yet calculatedCVE-2015-9022
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer.2017-06-13not yet calculatedCVE-2015-9033
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.2017-06-13not yet calculatedCVE-2014-9965
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500.2017-06-14not yet calculatedCVE-2017-0637
BID
CONFIRM
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.2017-06-13not yet calculatedCVE-2014-9966
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.2017-06-13not yet calculatedCVE-2017-7371
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.2017-06-13not yet calculatedCVE-2017-7370
CONFIRMgoogle -- android
 An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991.2017-06-14not yet calculatedCVE-2017-0639
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM.2017-06-13not yet calculatedCVE-2014-9963
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.2017-06-13not yet calculatedCVE-2014-9964
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278.2017-06-14not yet calculatedCVE-2017-0650
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.2017-06-14not yet calculatedCVE-2017-0645
BID
CONFIRMgoogle -- android
 A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591.2017-06-14not yet calculatedCVE-2017-0641
BID
CONFIRM
CONFIRMgoogle -- android
 A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017.2017-06-14not yet calculatedCVE-2017-0642
BID
CONFIRM
CONFIRMgoogle -- android
 A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051.2017-06-14not yet calculatedCVE-2017-0643
BID
CONFIRMgoogle -- android
 A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467.2017-06-14not yet calculatedCVE-2017-0640
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337.2017-06-14not yet calculatedCVE-2017-0646
BID
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-36101220.2017-06-14not yet calculatedCVE-2017-0648
BID
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283.2017-06-14not yet calculatedCVE-2017-0649
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.2017-06-13not yet calculatedCVE-2015-9032
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.2017-06-13not yet calculatedCVE-2017-7373
CONFIRMgoogle -- android
 An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.2017-06-14not yet calculatedCVE-2017-0647
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.2017-06-13not yet calculatedCVE-2015-9031
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.2017-06-13not yet calculatedCVE-2015-9030
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.2017-06-13not yet calculatedCVE-2015-9029
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.2017-06-13not yet calculatedCVE-2017-7369
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.2017-06-13not yet calculatedCVE-2017-8239
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.2017-06-13not yet calculatedCVE-2014-9967
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.2017-06-13not yet calculatedCVE-2015-9020
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot.2017-06-13not yet calculatedCVE-2016-10336
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.2017-06-13not yet calculatedCVE-2016-10337
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing.2017-06-13not yet calculatedCVE-2016-10338
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications.2017-06-13not yet calculatedCVE-2016-10332
BID
CONFIRMgoogle -- android
 The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted /sys/kernel/debug/msm-bus-dbg/client-data/update-request write request.2017-06-16not yet calculatedCVE-2017-6899
MISCgoogle -- android
 In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.2017-06-13not yet calculatedCVE-2015-9027
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.2017-06-13not yet calculatedCVE-2016-10339
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended.2017-06-13not yet calculatedCVE-2016-10341
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, libtomcrypt was updated.2017-06-13not yet calculatedCVE-2016-10335
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.2017-06-13not yet calculatedCVE-2014-9962
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.2017-06-13not yet calculatedCVE-2017-7368
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.2017-06-13not yet calculatedCVE-2015-9026
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.2017-06-13not yet calculatedCVE-2015-9024
BID
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.2017-06-13not yet calculatedCVE-2017-8234
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.2017-06-13not yet calculatedCVE-2017-7366
CONFIRMgoogle -- android
 In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.2017-06-13not yet calculatedCVE-2017-7367
CONFIRMgoogle -- android
 In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write.2017-06-13not yet calculatedCVE-2017-8233
CONFIRMibm -- api_connect
 IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002.2017-06-15not yet calculatedCVE-2017-1379
CONFIRM
BID
MISCibm -- bigfix_compliance
 IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672.2017-06-15not yet calculatedCVE-2017-1197
CONFIRM
MISCibm -- jazz_foundation
 IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.2017-06-13not yet calculatedCVE-2016-9973
CONFIRM
BID
MISCibm -- jazz_foundation
 IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.2017-06-13not yet calculatedCVE-2017-1099
CONFIRM
MISCibm -- quality_manager
 IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666.2017-06-13not yet calculatedCVE-2017-1104
CONFIRM
BID
MISCibm -- quality_manager
 IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663.2017-06-13not yet calculatedCVE-2017-1102
CONFIRM
BID
MISCibm -- quality_manager
 IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662.2017-06-13not yet calculatedCVE-2017-1101
CONFIRM
BID
MISCibm -- quality_manager
 IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661.2017-06-13not yet calculatedCVE-2017-1100
CONFIRM
BID
MISCinfotecs -- vipnet_client_and_coordinator
 Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.2017-06-14not yet calculatedCVE-2017-9606
MISCintel -- active_management_technology
 Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.2017-06-14not yet calculatedCVE-2017-5697
CONFIRMjadf -- screensaver_installers
 Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2176
JVN
CONFIRM
BIDjapan_agency_for_local_authority_information _systems -- jpki_client_software_for_windows
 Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2016-4902
BID
JVNjapan_pension_service -- todokesho
 Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2016-7818
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BID
JVNjapan_total_system -- groupsession
 GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors.2017-06-09not yet calculatedCVE-2017-2165
JVN
BIDkbvault_mysql -- kbvault_mysql
 KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.2017-06-16not yet calculatedCVE-2017-9602
EXPLOIT-DBkde -- kde_applications
 KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.2017-06-13not yet calculatedCVE-2017-9604
CONFIRM
CONFIRMlenovo -- mouse suite
 Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.2017-06-13not yet calculatedCVE-2015-4596
CONFIRMlibgcrypt -- libgcrypt
 In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.2017-06-10not yet calculatedCVE-2017-9526
BID
CONFIRM
CONFIRM
CONFIRMlibreswan -- libreswan
 libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).2017-06-13not yet calculatedCVE-2016-5391
CONFIRM
CONFIRM
FEDORA
FEDORAlibsndfile -- libsndfile
 In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.2017-06-12not yet calculatedCVE-2017-6892
CONFIRM
MISC
MISClinux -- linux_kernel
 sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.2017-06-17not yet calculatedCVE-2017-1000380
MISC
MISC
MISC
MISC
MISC
MISClinux -- linux_kernel
 The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.2017-06-13not yet calculatedCVE-2017-9605
CONFIRM
CONFIRMmea_financial_enterprises -- algonquin_state_bank_mobile_banking_app
 The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9581
MISCmea_financial_enterprises -- athens_state_bank_mobile_app
 The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9572
MISCmea_financial_enterprises -- avb_bank_mobile_banking_app
 The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9567
MISCmea_financial_enterprises -- blue_ridge_bank_app
 The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9597
MISCmea_financial_enterprises -- bnb_mobile_banking_app
 The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-mobile-banking/id674215747 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9582
MISCmea_financial_enterprises -- cayuga_lake_national_bank_app
 The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9560
MISCmea_financial_enterprises -- cb2go_app
 The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9564
MISCmea_financial_enterprises -- cbtx_on_the_go_app
 The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9569
MISCmea_financial_enterprises -- ccb_mobile_banking_app
 The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9571
MISCmea_financial_enterprises -- cfb_mobile_banking_app
 The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9596
MISCmea_financial_enterprises -- charlevoix_state_bank_app
 The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9583
MISCmea_financial_enterprises -- community_state_bank_lamar_app
 The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9585
MISCmea_financial_enterprises -- financial_plus_mobile_banking_app
 The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9568
MISCmea_financial_enterprises -- first_citizens_bank_mobile_banking_app
 The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9577
MISCmea_financial_enterprises -- first_citizens_community_bank_app
 The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9563
MISCmea_financial_enterprises -- first_security_bank_sleepy_eye_mobile_app
 The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9565
MISCmea_financial_enterprises -- first_state_bank_of_bigfork_mobile_banking_app
 The "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9595
MISCmea_financial_enterprises -- fnb_kemp_mobile_banking_app
 The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9601
MISCmea_financial_enterprises -- fountain_trust_mobile_banking_appThe "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app 3.0.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9599
MISCmea_financial_enterprises -- freedom_1st_credit_union_mobile_banking_app
 The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9562
MISCmea_financial_enterprises -- fsb_dequeen_mobile_banking_app
 The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9566
MISCmea_financial_enterprises -- fsby_mobile_banking_app
 The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9586
MISCmea_financial_enterprises -- fvb_mobile_banking_app
 The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9575
MISCmea_financial_enterprises -- hbo_mobile_banking_app
 The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9584
MISCmea_financial_enterprises -- jmcu_mobile_banking_app
 The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9579
MISCmea_financial_enterprises -- kc_area_credit_union_mobile_banking_app
 The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9574
MISCmea_financial_enterprises -- lee_bank_and_trust_mobile_app
 The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9561
MISCmea_financial_enterprises -- mea_financial_vision_bank_app
 The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9559
MISCmea_financial_enterprises -- middleton_community_bank_mobile_banking_app
 The "Middleton Community Bank Mobile Banking" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9576
MISCmea_financial_enterprises -- morton_credit_union_app
 The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9598
MISCmea_financial_enterprises -- mount_vernon_bank_trust_mobile_banking_app
 The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9570
MISCmea_financial_enterprises -- nasb_mobile_banking_app
 The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9573
MISCmea_financial_enterprises -- oculina_mobile_banking_app
 The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9593
MISCmea_financial_enterprises -- oritani_mobile_banking_app
 The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9588
MISCmea_financial_enterprises -- pcb_mobile_app
 The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9591
MISCmea_financial_enterprises -- pcsb_bank_mobile_app
 The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9587
MISCmea_financial_enterprises -- peoples_bank_tulsa_app
 The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9600
MISCmea_financial_enterprises -- pioneer_bank_and_trust_mobile_banking_app
 The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9580
MISCmea_financial_enterprises -- rvcb_mobile_banking_app
 The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9578
MISCmea_financial_enterprises -- scsb_shelbyville_il_mobile_banking_app
 The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9589
MISCmea_financial_enterprises -- state_bank_of_waterloo_mobile_banking_app
 The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9590
MISCmea_financial_enterprises -- svb_mobile_banking_app
 The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9594
MISCmea_financial_enterprises -- wawa_employees_credit_union_app
 The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9558
MISCmea_financial_enterprises -- your_legacy_mobile_banking_app
 The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-16not yet calculatedCVE-2017-9592
MISCmediatek -- mediatek
 An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263.2017-06-14not yet calculatedCVE-2017-0636
BID
CONFIRMmetasploit -- metasploit
 Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.2017-06-15not yet calculatedCVE-2017-5244
BID
CONFIRM
MISCmicrosoft -- officeA remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.2017-06-14not yet calculatedCVE-2017-8509
BID
CONFIRMmicrosoft -- officeA remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corruption Vulnerability".2017-06-14not yet calculatedCVE-2017-8507
BID
CONFIRMmicrosoft -- office
 A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.2017-06-14not yet calculatedCVE-2017-8510
BID
CONFIRMmicrosoft -- office
 A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260.2017-06-14not yet calculatedCVE-2017-8506
BID
CONFIRMmicrosoft -- office
 A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506.2017-06-14not yet calculatedCVE-2017-0260
BID
CONFIRMmicrosoft -- office
 A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability".2017-06-14not yet calculatedCVE-2017-8508
BID
CONFIRMmicrosoft -- office
 A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506.2017-06-14not yet calculatedCVE-2017-8512
BID
CONFIRMmicrosoft -- office
 A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506.2017-06-14not yet calculatedCVE-2017-8511
BID
CONFIRMmicrosoft -- outlook
 A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability".2017-06-14not yet calculatedCVE-2017-8545
BID
CONFIRMmicrosoft -- powerpoint
 A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability".2017-06-14not yet calculatedCVE-2017-8513
BID
CONFIRMmicrosoft -- sharepoint
 An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".2017-06-14not yet calculatedCVE-2017-8551
BID
CONFIRMmicrosoft -- sharepoint
 An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability".2017-06-14not yet calculatedCVE-2017-8514
BID
CONFIRMmicrosoft -- skype
 A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".2017-06-14not yet calculatedCVE-2017-8550
BID
CONFIRMmicrosoft -- windowsWindows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0291.2017-06-14not yet calculatedCVE-2017-0292
BID
CONFIRMmicrosoft -- windowsMicrosoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.2017-06-14not yet calculatedCVE-2017-8471
BID
CONFIRMmicrosoft -- windowsMicrosoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.2017-06-14not yet calculatedCVE-2017-8473
BID
CONFIRMmicrosoft -- windowsThe kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8489
BID
CONFIRMmicrosoft -- windowsMicrosoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219.2017-06-14not yet calculatedCVE-2017-0216
BID
CONFIRMmicrosoft -- windowsThe kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8488
BID
CONFIRMmicrosoft -- windowsMicrosoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8548, and CVE-2017-8549.2017-06-14not yet calculatedCVE-2017-8521
BID
CONFIRMmicrosoft -- windowsMicrosoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability".2017-06-14not yet calculatedCVE-2017-8544
BID
CONFIRMmicrosoft -- windowsMicrosoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477.2017-06-14not yet calculatedCVE-2017-8484
BID
CONFIRMmicrosoft -- windowsMicrosoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484.2017-06-14not yet calculatedCVE-2017-8475
BID
CONFIRMmicrosoft -- windowsMicrosoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.2017-06-14not yet calculatedCVE-2017-8470
BID
CONFIRMmicrosoft -- windowsThe kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8492
BID
CONFIRMmicrosoft -- windowsThe kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8490
BID
CONFIRMmicrosoft -- windowsMicrosoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497.2017-06-14not yet calculatedCVE-2017-8496
BID
CONFIRMmicrosoft -- windows
 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.2017-06-14not yet calculatedCVE-2017-0288
BID
CONFIRMmicrosoft -- windows
 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.2017-06-14not yet calculatedCVE-2017-0289
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8468.2017-06-14not yet calculatedCVE-2017-8465
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8491
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8480
BID
CONFIRMmicrosoft -- windows
 Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."2017-06-15not yet calculatedCVE-2017-8487
BID
CONFIRMmicrosoft -- windows
 Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0292.2017-06-14not yet calculatedCVE-2017-0291
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219.2017-06-14not yet calculatedCVE-2017-0218
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability".2017-06-14not yet calculatedCVE-2017-0295
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484.2017-06-14not yet calculatedCVE-2017-8477
BID
CONFIRMmicrosoft -- windows
 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.2017-06-14not yet calculatedCVE-2017-0286
BID
CONFIRMmicrosoft -- windows
 Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0284, CVE-2017-0285, and CVE-2017-8534.2017-06-14not yet calculatedCVE-2017-0282
BID
CONFIRMmicrosoft -- windows
 Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528.2017-06-14not yet calculatedCVE-2017-0283
BID
CONFIRMmicrosoft -- windows
 Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-8534.2017-06-14not yet calculatedCVE-2017-0285
BID
CONFIRMmicrosoft -- windows
 Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0285, and CVE-2017-8534.2017-06-14not yet calculatedCVE-2017-0284
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka "Windows Remote Code Execution Vulnerability".2017-06-14not yet calculatedCVE-2017-0294
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484.2017-06-14not yet calculatedCVE-2017-8472
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8469
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability".2017-06-14not yet calculatedCVE-2017-0296
BID
CONFIRMmicrosoft -- windows

 Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8522 and CVE-2017-8524.2017-06-14not yet calculatedCVE-2017-8517
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8465.2017-06-14not yet calculatedCVE-2017-8468
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability".2017-06-14not yet calculatedCVE-2017-8493
BID
CONFIRMmicrosoft -- windows
 Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka "Windows Cursor Elevation of Privilege Vulnerability".2017-06-14not yet calculatedCVE-2017-8466
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability".2017-06-14not yet calculatedCVE-2017-8515
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of Privilege Vulnerability".2017-06-14not yet calculatedCVE-2017-8494
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8474
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8481
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8479
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8476
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8482
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8485
BID
CONFIRMmicrosoft -- windows

 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8547.2017-06-14not yet calculatedCVE-2017-8519
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8483
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8478
BID
CONFIRMmicrosoft -- windows
 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533.2017-06-14not yet calculatedCVE-2017-0287
BID
CONFIRMmicrosoft -- windows
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519.2017-06-14not yet calculatedCVE-2017-8547
BID
CONFIRMmicrosoft -- windows
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".2017-06-14not yet calculatedCVE-2017-8529
BID
CONFIRMmicrosoft -- windows
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555.2017-06-14not yet calculatedCVE-2017-8530
BID
CONFIRMmicrosoft -- windows
 A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE is unique from CVE-2017-0263.2017-06-14not yet calculatedCVE-2017-8552
CONFIRMmicrosoft -- windows
 Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530.2017-06-14not yet calculatedCVE-2017-8555
BID
CONFIRMmicrosoft -- windows
 Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8522.2017-06-14not yet calculatedCVE-2017-8524
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.2017-06-14not yet calculatedCVE-2017-0173
BID
CONFIRMmicrosoft -- windows
 Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0283.2017-06-14not yet calculatedCVE-2017-8528
BID
CONFIRMmicrosoft -- windows
 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability".2017-06-14not yet calculatedCVE-2017-8527
BID
CONFIRMmicrosoft -- windows

 Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504.2017-06-14not yet calculatedCVE-2017-8498
BID
CONFIRMmicrosoft -- windows

 Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8520, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.2017-06-14not yet calculatedCVE-2017-8499
BID
CONFIRMmicrosoft -- windows
 Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability".2017-06-14not yet calculatedCVE-2017-8460
BID
CONFIRMmicrosoft -- windows

 Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8498.2017-06-14not yet calculatedCVE-2017-8504
BID
CONFIRMmicrosoft -- windows
 Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8496.2017-06-14not yet calculatedCVE-2017-8497
BID
CONFIRMmicrosoft -- windows

 Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.2017-06-14not yet calculatedCVE-2017-8520
BID
CONFIRMmicrosoft -- windows
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555.2017-06-14not yet calculatedCVE-2017-8523
BID
CONFIRMmicrosoft -- windows
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8548.2017-06-14not yet calculatedCVE-2017-8549
BID
CONFIRMmicrosoft -- windows
 An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability".2017-06-14not yet calculatedCVE-2017-8553
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300.2017-06-14not yet calculatedCVE-2017-0297
BID
CONFIRMmicrosoft -- windows
 A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability."2017-06-14not yet calculatedCVE-2017-0298
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-0299
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.2017-06-14not yet calculatedCVE-2017-0215
BID
CONFIRMmicrosoft -- windows
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8549.2017-06-14not yet calculatedCVE-2017-8548
BID
CONFIRMmicrosoft -- windows
 Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."2017-06-15not yet calculatedCVE-2017-8461
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218.2017-06-14not yet calculatedCVE-2017-0219
BID
CONFIRMmicrosoft -- windows
 Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."2017-06-14not yet calculatedCVE-2017-8464
BID
CONFIRMmicrosoft -- windows
 Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524.2017-06-14not yet calculatedCVE-2017-8522
BID
CONFIRMmicrosoft -- windows
 Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability".2017-06-14not yet calculatedCVE-2017-0193
BID
CONFIRMmicrosoft -- windows
 Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285.2017-06-14not yet calculatedCVE-2017-8534
BID
CONFIRMmicrosoft -- windows
 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532.2017-06-14not yet calculatedCVE-2017-8533
BID
CONFIRMmicrosoft -- windows
 Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".2017-06-14not yet calculatedCVE-2017-8543
BID
CONFIRMmicrosoft -- windows
 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533.2017-06-14not yet calculatedCVE-2017-8532
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-8462
BID
CONFIRMmicrosoft -- windows
 Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533.2017-06-14not yet calculatedCVE-2017-8531
BID
CONFIRMmicrosoft -- windows
 The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, and CVE-2017-0297.2017-06-14not yet calculatedCVE-2017-0300
BID
CONFIRMmruby -- mruby
 The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.2017-06-11not yet calculatedCVE-2017-9527
CONFIRM
CONFIRMnetmove -- saat_netizen
 Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2206
BID
JVN
CONFIRMnetmove -- saat_netizen
 Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2207
BID
JVN
CONFIRMnew_relic -- .net_agent
 New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.2017-06-13not yet calculatedCVE-2017-9246
MISCopen_ticket_request_system -- open_ticket_request_system
 In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.2017-06-12not yet calculatedCVE-2017-9324
MISC
MISCpascal-bajorat -- simplece
 In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user.2017-06-15not yet calculatedCVE-2017-9674
MISCpascal-bajorat -- simplece
 In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password.2017-06-15not yet calculatedCVE-2017-9673
MISCpivotal -- cloud_foundryAn issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 - v2.7.4.12 & v3.0.0 - v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers.2017-06-13not yet calculatedCVE-2017-4963
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.2017-06-13not yet calculatedCVE-2016-8219
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka "Blind SQL Injection with privileged UAA endpoints."2017-06-13not yet calculatedCVE-2017-4974
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges.2017-06-13not yet calculatedCVE-2017-4973
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the application root. Applications containing a Staticfile.auth file but not a Static file had their basic auth turned off when an operator upgraded the Static file build pack in the foundation to one of the vulnerable versions. Note that Static file applications without a Static file are technically misconfigured, and will not successfully detect unless the Static file build pack is explicitly specified.2017-06-13not yet calculatedCVE-2017-4970
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database.2017-06-13not yet calculatedCVE-2017-4972
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption.2017-06-13not yet calculatedCVE-2017-4994
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.2017-06-13not yet calculatedCVE-2016-8218
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell Injection Vulnerabilities."2017-06-13not yet calculatedCVE-2017-4961
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.2017-06-13not yet calculatedCVE-2016-6655
BID
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations.2017-06-13not yet calculatedCVE-2017-4992
CONFIRMpivotal -- cloud_foundry
 An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone.2017-06-13not yet calculatedCVE-2017-4991
CONFIRMpivotal -- pivotal_cloud_foundry_elastic_runtime

 

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an "Unauthenticated JWT signing algorithm in multiple components" issue.2017-06-13not yet calculatedCVE-2017-2773
BID
CONFIRMpivotal -- pivotal_cloud_foundry_elastic_runtime
 An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.2017-06-13not yet calculatedCVE-2017-4955
BID
CONFIRMpivotal -- pivotal_cloud_foundry_elastic_runtime
 An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges.2017-06-13not yet calculatedCVE-2017-4959
BID
CONFIRMpivotal -- pivotal_cloud_foundry_tile_generator
 An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator.2017-06-13not yet calculatedCVE-2017-4975
CONFIRMpivotal -- rabbitmq
 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.2017-06-13not yet calculatedCVE-2017-4966
CONFIRMpivotal -- rabbitmq
 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.2017-06-13not yet calculatedCVE-2017-4965
BID
CONFIRMpivotal -- rabbitmq
 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.2017-06-13not yet calculatedCVE-2017-4967
CONFIRMpivotal -- spring_web_flow
 An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.2017-06-13not yet calculatedCVE-2017-4971
BID
CONFIRM
CONFIRMpiwigo -- piwigo
 An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect" parameter is not validated.2017-06-14not yet calculatedCVE-2017-9464
MISC
MISCpiwigo -- piwigo
 The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application.2017-06-14not yet calculatedCVE-2017-9463
MISC
MISC
MISCpulp -- pulp
 Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.2017-06-13not yet calculatedCVE-2016-3704
CONFIRM
CONFIRM
MISC
MISC
FEDORA
CONFIRMpulp -- pulp
 The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.2017-06-13not yet calculatedCVE-2016-3696
CONFIRM
CONFIRM
FEDORA
CONFIRMqemu -- qemu
 Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.2017-06-16not yet calculatedCVE-2017-9374
CONFIRM
MLIST
CONFIRMqemu -- qemu
 QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing.2017-06-16not yet calculatedCVE-2017-9503
MLIST
CONFIRM
MLIST
MLISTqemu -- qemu
 QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.2017-06-16not yet calculatedCVE-2017-9375
CONFIRM
MLIST
BID
CONFIRMqemu -- qemu
 Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.2017-06-16not yet calculatedCVE-2017-9373
CONFIRM
MLIST
BID
CONFIRMqnap -- qts
 QNAP QTS before 4.2.6 build 20170517 allows command injection.2017-06-15not yet calculatedCVE-2017-7876
CONFIRMqnap -- qts
 QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function.2017-06-15not yet calculatedCVE-2017-7629
CONFIRMred_hat -- quickstart_cloud_installer
 /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.2017-06-13not yet calculatedCVE-2016-5411
BID
CONFIRMrockwell_automation -- panelview_plus_6
 A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access.2017-06-14not yet calculatedCVE-2017-7914
MISCruby -- ruby
 Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.2017-06-12not yet calculatedCVE-2015-9096
MISC
MISC
MISC
MISCruby -- ruby
 The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.2017-06-12not yet calculatedCVE-2015-9097
MISC
MISC
MISC
MISC
MISC
MISC
MISCsap -- successfactors
 Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.2017-06-15not yet calculatedCVE-2017-9613
MISC
BID
MISCspip -- spip
 SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.2017-06-17not yet calculatedCVE-2017-9736
CONFIRM
CONFIRM
CONFIRMsynology -- photo_station
 A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline".2017-06-13not yet calculatedCVE-2017-9552
MISC
CONFIRMtablib -- tablib
 An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.2017-06-14not yet calculatedCVE-2017-2810
BID
MISCtelaxus -- epesiMultiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data.2017-06-14not yet calculatedCVE-2017-9624
CONFIRM
CONFIRMtelaxus -- epesi
 Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.2017-06-14not yet calculatedCVE-2017-9621
CONFIRM
CONFIRMtelaxus -- epesi
 Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.2017-06-14not yet calculatedCVE-2017-9622
CONFIRM
CONFIRMtelaxus -- epesi
 Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.2017-06-14not yet calculatedCVE-2017-9623
CONFIRM
CONFIRMtera_term -- tera_term
 Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2193
JVN
BID
CONFIRMtslite -- tslite
 The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash).2017-06-13not yet calculatedCVE-2015-3220
CONFIRM
CONFIRM
MLISTuclibc -- uclibc
 In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression.2017-06-16not yet calculatedCVE-2017-9728
MISCuclibc -- uclibc
 In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression.2017-06-16not yet calculatedCVE-2017-9729
MISCwinsparkle -- winsparkle
 Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-06-09not yet calculatedCVE-2016-7838
BID
CONFIRM
JVN
JVN
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.2017-06-14not yet calculatedCVE-2017-9616
CONFIRMwireshark -- wireshark
 In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.2017-06-14not yet calculatedCVE-2017-9617
CONFIRMwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.2017-06-15not yet calculatedCVE-2017-9419
MISCwordpress -- wordpress
 SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.2017-06-13not yet calculatedCVE-2017-9603
MISC
MISCwordpress -- wordpress
 SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.2017-06-12not yet calculatedCVE-2017-9418
MISCwordpress -- wordpress
 SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.2017-06-13not yet calculatedCVE-2017-9429
MISCyocto_project -- yp_core_pyro
 In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package.2017-06-16not yet calculatedCVE-2017-9731
CONFIRMBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update

Thu, 06/15/2017 - 21:29
Original release date: June 15, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.2 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Thu, 06/15/2017 - 21:27
Original release date: June 15, 2017

Google has released Chrome version 59.0.3071.104 for Windows, Mac, and Linux. This version addresses several vulnerabilities, including one that an attacker could exploit to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


ISC Releases Security Updates for BIND

Thu, 06/15/2017 - 01:26
Original release date: June 15, 2017

The Internet Systems Consortium (ISC) has released updates that address two vulnerabilities in BIND. An attacker could exploit one of these vulnerabilities to take control of an affected system.

Available updates include:

  • BIND version 9.11.1-P1
  • BIND version 9.10.5-P1
  • BIND version 9.9.10-P1

ISC recommends disabling LMDB (liblmdb) until BIND 9.11.2 is released later this summer. US-CERT encourages users and administrators to review ISC Knowledge Base Article AA-01497 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases June 2017 Security Updates

Tue, 06/13/2017 - 16:56
Original release date: June 13, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's June 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Updates

Tue, 06/13/2017 - 16:52
Original release date: June 13, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 54 and Firefox ESR 52.2 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 06/13/2017 - 16:51
Original release date: June 13, 2017

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Shockwave Player, Captivate, and Digital Editions. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-17, APSB17-18, APSB17-19, and APSB17-20 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

Tue, 06/13/2017 - 11:45
Original release date: June 13, 2017
Systems Affected

Networked Systems

Overview

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.

If users or administrators detect the custom tools indicative of HIDDEN COBRA, these tools should be immediately flagged, reported to the DHS National Cybersecurity Communications and Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and given highest priority for enhanced mitigation. This alert identifies IP addresses linked to systems infected with DeltaCharlie malware and provides descriptions of the malware and associated malware signatures. DHS and FBI are distributing these IP addresses to enable network defense activities and reduce exposure to the DDoS command-and-control network. FBI has high confidence that HIDDEN COBRA actors are using the IP addresses for further network exploitation.

This alert includes technical indicators related to specific North Korean government cyber operations and provides suggested response actions to those indicators, recommended mitigation techniques, and information on reporting incidents to the U.S. Government.

For a downloadable copy of IOCs, see:

Description

Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group[1] and Guardians of Peace.[2] DHS and FBI assess that HIDDEN COBRA actors will continue to use cyber operations to advance their government’s military and strategic objectives. Cyber analysts are encouraged to review the information provided in this alert to detect signs of malicious network activity.

Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover,[3] Wild Positron/Duuzer,[4] and Hangman.[5] DHS has previously released Alert TA14-353A,[6] which contains additional details on the use of a server message block (SMB) worm tool employed by these actors. Further research is needed to understand the full breadth of this group’s cyber capabilities. In particular, DHS recommends that more research should be conducted on the North Korean cyber activity that has been reported by cybersecurity and threat research firms.

HIDDEN COBRA actors commonly target systems running older, unsupported versions of Microsoft operating systems. The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation. These actors have also used Adobe Flash player vulnerabilities to gain initial entry into users’ environments.

HIDDEN COBRA is known to use vulnerabilities affecting various applications. These vulnerabilities include:

  • CVE-2015-6585: Hangul Word Processor Vulnerability
  • CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability
  • CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
  • CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability
  • CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability

We recommend that organizations upgrade these applications to the latest version and patch level. If Adobe Flash or Microsoft Silverlight is no longer required, we recommend that those applications be removed from systems.

The indicators provided with this alert include IP addresses determined to be part of the HIDDEN COBRA botnet infrastructure, identified as DeltaCharlie. The DeltaCharlie DDoS bot was originally reported by Novetta in their 2016 Operation Blockbuster Malware Report. This malware has used the IP addresses identified in the accompanying .csv and .stix files as both source and destination IPs. In some instances, the malware may have been present on victims’ networks for a significant period.

Technical Details

DeltaCharlie is a DDoS tool used by HIDDEN COBRA actors, and is referenced and detailed in Novetta’s Operation Blockbuster Destructive Malware report. The information related to DeltaCharlie from the Operation Blockbuster Destructive Malware report should be viewed in conjunction with the IP addresses listed in the .csv and .stix files provided within this alert. DeltaCharlie is a DDoS tool capable of launching Domain Name System (DNS) attacks, Network Time Protocol (NTP) attacks, and Character Generation Protocol attacks. The malware operates on victims’ systems as a svchost-based service and is capable of downloading executables, changing its own configuration, updating its own binaries, terminating its own processes, and activating and terminating denial-of-service attacks. Further details on the malware can be found in Novetta’s report available at the following URL:

https://www.operationblockbuster.com/wp-content/uploads/2016/02/Operation-Blockbuster-Destructive-Malware-Report.pdf

Detection and Response

HIDDEN COBRA IOCs related to DeltaCharlie are provided within the accompanying .csv and .stix files of this alert. DHS and FBI recommend that network administrators review the IP addresses, file hashes, network signatures, and YARA rules provided, and add the IPs to their watchlist to determine whether malicious activity has been observed within their organization.

When reviewing network perimeter logs for the IP addresses, organizations may find numerous instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find that some traffic corresponds to malicious activity and some to legitimate activity. System owners are also advised to run the YARA tool on any system they suspect to have been targeted by HIDDEN COBRA actors. Additionally, the appendices of this report provide network signatures to aid in the detection and mitigation of HIDDEN COBRA activity.

Network Signatures and Host-Based Rules

This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.

Network Signatures

alert tcp any any -> any any (msg:"DPRK_HIDDEN_COBRA_DDoS_HANDSHAKE_SUCCESS"; dsize:6; flow:established,to_server; content:"|18 17 e9 e9 e9 e9|"; fast_pattern:only; sid:1; rev:1;)

________________________________________________________________

alert tcp any any -> any any (msg:"DPRK_HIDDEN_COBRA_Botnet_C2_Host_Beacon"; flow:established,to_server; content:"|1b 17 e9 e9 e9 e9|"; depth:6; fast_pattern; sid:1; rev:1;)

________________________________________________________________

YARA Rules

"strings:

$rsaKey = {7B 4E 1E A7 E9 3F 36 4C DE F4 F0 99 C4 D9 B7 94

A1 FF F2 97 D3 91 13 9D C0 12 02 E4 4C BB 6C 77

48 EE 6F 4B 9B 53 60 98 45 A5 28 65 8A 0B F8 39

73 D7 1A 44 13 B3 6A BB 61 44 AF 31 47 E7 87 C2

AE 7A A7 2C 3A D9 5C 2E 42 1A A6 78 FE 2C AD ED

39 3F FA D0 AD 3D D9 C5 3D 28 EF 3D 67 B1 E0 68

3F 58 A0 19 27 CC 27 C9 E8 D8 1E 7E EE 91 DD 13

B3 47 EF 57 1A CA FF 9A 60 E0 64 08 AA E2 92 D0}

condition: any of them"

________________________________________________________________

"strings:

$STR1 = "Wating" wide ascii

$STR2 = "Reamin" wide ascii

$STR3 = "laptos" wide ascii

condition: (uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uint16(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and 2 of them}"

________________________________________________________________

"strings:

$randomUrlBuilder = { 83 EC 48 53 55 56 57 8B 3D ?? ?? ?? ?? 33 C0 C7 44 24 28 B4 6F 41 00 C7 44 24 2C B0 6F 41 00 C7 44 24 30 AC 6F 41 00 C7 44 24 34 A8 6F 41 00 C7 44 24 38 A4 6F 41 00 C7 44 24 3C A0 6F 41 00 C7 44 24 40 9C 6F 41 00 C7 44 24 44 94 6F 41 00 C7 44 24 48 8C 6F 41 00 C7 44 24 4C 88 6F 41 00 C7 44 24 50 80 6F 41 00 89 44 24 54 C7 44 24 10 7C 6F 41 00 C7 44 24 14 78 6F 41 00 C7 44 24 18 74 6F 41 00 C7 44 24 1C 70 6F 41 00 C7 44 24 20 6C 6F 41 00 89 44 24 24 FF D7 99 B9 0B 00 00 00 F7 F9 8B 74 94 28 BA 9C 6F 41 00 66 8B 06 66 3B 02 74 34 8B FE 83 C9 FF 33 C0 8B 54 24 60 F2 AE 8B 6C 24 5C A1 ?? ?? ?? ?? F7 D1 49 89 45 00 8B FE 33 C0 8D 5C 11 05 83 C9 FF 03 DD F2 AE F7 D1 49 8B FE 8B D1 EB 78 FF D7 99 B9 05 00 00 00 8B 6C 24 5C F7 F9 83 C9 FF 33 C0 8B 74 94 10 8B 54 24 60 8B FE F2 AE F7 D1 49 BF 60 6F 41 00 8B D9 83 C9 FF F2 AE F7 D1 8B C2 49 03 C3 8B FE 8D 5C 01 05 8B 0D ?? ?? ?? ?? 89 4D 00 83 C9 FF 33 C0 03 DD F2 AE F7 D1 49 8D 7C 2A 05 8B D1 C1 E9 02 F3 A5 8B CA 83 E1 03 F3 A4 BF 60 6F 41 00 83 C9 FF F2 AE F7 D1 49 BE 60 6F 41 00 8B D1 8B FE 83 C9 FF 33 C0 F2 AE F7 D1 49 8B FB 2B F9 8B CA 8B C1 C1 E9 02 F3 A5 8B C8 83 E1 03 F3 A4 8B 7C 24 60 8D 75 04 57 56 E8 ?? ?? ?? ?? 83 C4 08 C6 04 3E 2E 8B C5 C6 03 00 5F 5E 5D 5B 83 C4 48 C3 }

condition: $randomUrlBuilder"

________________________________________________________________

 

[1] IBM. “Actor Lazarus Group- Blog Post by IBM X-Force Exchange”

[2] Alien Vault. “Operation Blockbuster Unveils the Actors Behind the Sony Attacks”

[3] Symantec. “Destover: Destructive Malware has links back to attacks on South Korea”

[4] Symantec. “Duuzer back door Trojan targets South Korea to take over computers”

[5] FireEye. “Zero-Day HWP Exploit”

[6] US-CERT. Alert (TA14-353A) Targeted Destructive Malware. Original Release Date: December 19, 2014. | Last revised: September 30, 2016.

[7] Novetta. “Operation Blockbuster Destructive Malware Report.”

[8] Novetta. “Operation Blockbuster Destructive Malware Report.”

[9] Novetta. “Operation Blockbuster Destructive Malware Report.”

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.
Solution Mitigation Strategies

Network administrators are encouraged to apply the following recommendations, which can prevent as many as 85 percent of targeted cyber intrusions. The mitigation strategies provided may seem like common sense. However, many organizations fail to use these basic security measures, leaving their systems open to compromise:

  1. Patch applications and operating systems – Most attackers target vulnerable applications and operating systems. Ensuring that applications and operating systems are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Use best practices when updating software and patches by only downloading updates from authenticated vendor sites.
  2. Use application whitelisting – Whitelisting is one of the best security strategies because it allows only specified programs to run while blocking all others, including malicious software.
  3. Restrict administrative privileges – Threat actors are increasingly focused on gaining control of legitimate credentials, especially credentials associated with highly privileged accounts. Reduce privileges to only those needed for a user’s duties. Separate administrators into privilege tiers with limited access to other tiers.
  4. Segment networks and segregate them into security zones – Segment networks into logical enclaves and restrict host-to-host communications paths. This helps protect sensitive information and critical services, and limits damage from network perimeter breaches.
  5. Validate input – Input validation is a method of sanitizing untrusted input provided by users of a web application. Implementing input validation can protect against the security flaws of web applications by significantly reducing the probability of successful exploitation. Types of attacks possibly averted include Structured Query Language (SQL) injection, cross-site scripting, and command injection.
  6. Use stringent file reputation settings – Tune the file reputation systems of your anti-virus software to the most aggressive setting possible. Some anti-virus products can limit execution to only the highest reputation files, stopping a wide range of untrustworthy code from gaining control.
  7. Understand firewalls – Firewalls provide security to make your network less susceptible to attack. They can be configured to block data and applications from certain locations (IP whitelisting), while allowing relevant and necessary data through.
Response to Unauthorized Network Access

Enforce your security incident response and business continuity plan. It may take time for your organization’s IT professionals to isolate and remove threats to your systems and restore normal operations. Meanwhile, you should take steps to maintain your organization’s essential functions according to your business continuity plan. Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.

Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistant, you are encouraged to contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), the FBI through a local field office, or the FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).

Protect Against SQL Injection and Other Attacks on Web Services

To protect against code injections and other attacks, system operators should routinely evaluate known and published vulnerabilities, periodically perform software updates and technology refreshes, and audit external-facing systems for known web application vulnerabilities. They should also take the following steps to harden both web applications and the servers hosting them to reduce the risk of network intrusion via this vector.

  • Use and configure available firewalls to block attacks.
  • Take steps to secure Windows systems, such as installing and configuring Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) and Microsoft AppLocker.
  • Monitor and remove any unauthorized code present in any www directories.
  • Disable, discontinue, or disallow the use of Internet Control Message Protocol (ICMP) and Simple Network Management Protocol (SNMP) as much as possible.
  • Remove unnecessary HTTP verbs from web servers. Typical web servers and applications only require GET, POST, and HEAD.
  • Where possible, minimize server fingerprinting by configuring web servers to avoid responding with banners identifying the server software and version number.
  • Secure both the operating system and the application.
  • Update and patch production servers regularly.
  • Disable potentially harmful SQL-stored procedure calls.
  • Sanitize and validate input to ensure that it is properly typed and does not contain escaped code.
  • Consider using type-safe stored procedures and prepared statements.
  • Audit transaction logs regularly for suspicious activity.
  • Perform penetration testing on web services.
  • Ensure error messages are generic and do not expose too much information.
Permissions, Privileges, and Access Controls

System operators should take the following steps to limit permissions, privileges, and access controls.

  • Reduce privileges to only those needed for a user’s duties.
  • Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Carefully consider the risks before granting administrative rights to users on their own machines.
  • Scrub and verify all administrator accounts regularly.
  • Configure Group Policy to restrict all users to only one login session, where possible.
  • Enforce secure network authentication, where possible.
  • Instruct administrators to use non-privileged accounts for standard functions such as web browsing or checking webmail.
  • Segment networks into logical enclaves and restrict host-to-host communication paths. Containment provided by enclaving also makes incident cleanup significantly less costly.
  • Configure firewalls to disallow Remote Desktop Protocol (RDP) traffic coming from outside of the network boundary, except for in specific configurations such as when tunneled through a secondary virtual private network (VPN) with lower privileges.
  • Audit existing firewall rules and close all ports that are not explicitly needed for business. Specifically, carefully consider which ports should be connecting outbound versus inbound.
  • Enforce a strict lockout policy for network users and closely monitor logs for failed login activity. Failed login activity can be indicative of failed intrusion activity.
  • If remote access between zones is an unavoidable business need, log and monitor these connections closely.
  • In environments with a high risk of interception or intrusion, organizations should consider supplementing password authentication with other forms of authentication such as challenge/response or multifactor authentication using biometric or physical tokens.
Logging Practices

System operators should follow these secure logging practices.

  • Ensure event logging, including applications, events, login activities, and security attributes, is turned on or monitored for identification of security issues.
  • Configure network logs to provide adequate information to assist in quickly developing an accurate determination of a security incident.
  • Upgrade PowerShell to new versions with enhanced logging features and monitor the logs to detect usage of PowerShell commands, which are often malware-related.
  • Secure logs in a centralized location and protect them from modification.
  • Prepare an incident response plan that can be rapidly administered in case of a cyber intrusion.

 

References Revision History
  • June 13, 2017: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.


TA17-163A: CrashOverride Malware

Mon, 06/12/2017 - 17:44
Original release date: June 12, 2017
Systems Affected

Industrial Controls Systems

Overview

The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine. As reported by ESET and Dragos, the CrashOverride malware is an extensible platform that could be used to target critical infrastructure sectors. NCCIC is working with its partners to validate the ESET and Dragos analysis, and develop a better understanding of the risk this new malware poses to the U.S. critical infrastructure.

Although this activity is still under investigation, NCCIC is sharing this report to provide organizations with detection and mitigation recommendations to help prevent future compromises within their critical infrastructure networks. NCCIC continues to work with interagency and international partners on this activity and will provide updates as information becomes available.

For a downloadable copy of IOCs, see:

To report activity related to this Incident Report Alert, please contact NCCIC at NCCICCustomerService@hq.dhs.gov or 1-888-282-0870.

Risk EvaluationNCCIC Cyber Incident Scoring System (NCISS) Rating Priority Level (Color)Yellow (Medium)A medium priority incident may affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.Details

There is no evidence to suggest this malware has affected U.S. critical infrastructure; however, the tactics, techniques, and procedures (TTPs) described as part of the CrashOverride malware could be modified to target U.S. critical information networks and systems.

Description Technical Analysis

CrashOverride malware represents a scalable, capable platform. The modules and capabilities publically reported appear to focus on organizations using ICS protocols IEC101, IEC104, and IEC61850, which are more commonly used outside the United States in electric power control systems. The platform fundamentally abuses a targeted ICS system’s legitimate control systems functionality to achieve its intended effect. While the known capabilities do not appear to be U.S.-focused, it is more important to recognize that the general TTPs used in CrashOverride could be leveraged with modified technical implementations to affect U.S.-based critical infrastructure. With further modification, CrashOverride or similar malware could have implications beyond electric power so all critical infrastructure organizations should be evaluating their systems to susceptibilities in the TTPs outlined. The malware has several reported capabilities:

  1. Issues valid commands directly to remote terminal units (RTUs) over ICS protocols. As reported by Dragos, one such command sequence toggles circuit breakers in a rapid open-close-open-close pattern. This could create conditions where individual utilities may island from infected parties, potentially resulting in a degradation of grid reliability.
  2. Denies service to local serial COM ports on windows devices, therefore preventing legitimate communications with field equipment over serial from the affected device.
  3. Scans and maps ICS environment using a variety of protocols, including Open Platform Communications (OPC). This significantly improves the payload’s probability of success.
  4. Could exploit Siemens relay denial-of-service (DoS) vulnerability, leading to a shutdown of the relay. In this instance, the relay would need to be manually reset to restore functionality.
  5. Includes a wiper module in the platform that renders windows systems inert, requiring a rebuild or backup restoration.
Detection

As CrashOverride is a second stage malware capability and has the ability to operate independent of initial C2, traditional methods of detection may not be sufficient to detect infections prior to the malware executing. As a result, organizations are encouraged to implement behavioral analysis techniques to attempt to identify pre-courser activity to CrashOverride. As additional information becomes available on stage one infection vectors and TTPs, this alert will be updated.

NCCIC is providing a compilation of indicators of compromise (IOCs) from a variety of sources to aid in the detection of this malware in the appendices. The sources provided do not constitute an exhaustive list and the U.S. Government does not endorse or support any particular product or vendor’s information referenced in this report. However, NCCIC has included this data to ensure wide distribution of the most comprehensive information available and will provide updates as warranted.

Signatures

import “pe”
import “hash”

rule dragos_crashoverride_exporting_dlls
{
meta:
description = “CRASHOVERRIDE v1 Suspicious Export”
author = “Dragos Inc”
condition:
pe.exports(“Crash”) & pe.characteristics
}

rule dragos_crashoverride_suspcious
{
meta:
description = “CRASHOVERRIDE v1 Wiper”
author = “Dragos Inc”
strings:
$s0 = “SYS_BASCON.COM” fullword nocase wide
$s1 = “.pcmp” fullword nocase wide
$s2 = “.pcmi” fullword nocase wide
$s3 = “.pcmt” fullword nocase wide
$s4 = “.cin” fullword nocase wide
condition:
pe.exports(“Crash”) and any of ($s*)
}

rule dragos_crashoverride_name_search {
meta:
description = “CRASHOVERRIDE v1 Suspicious Strings and Export”
author = “Dragos Inc”
strings:
$s0 = “101.dll” fullword nocase wide
$s1 = “Crash101.dll” fullword nocase wide
$s2 = “104.dll” fullword nocase wide
$s3 = “Crash104.dll” fullword nocase wide
$s4 = “61850.dll” fullword nocase wide
$s5 = “Crash61850.dll” fullword nocase wide
$s6 = “OPCClientDemo.dll” fullword nocase wide
$s7 = “OPC” fullword nocase wide
$s8 = “CrashOPCClientDemo.dll” fullword nocase wide
$s9 = “D2MultiCommService.exe” fullword nocase wide
$s10 = “CrashD2MultiCommService.exe” fullword nocase wide
$s11 = “61850.exe” fullword nocase wide
$s12 = “OPC.exe” fullword nocase wide
$s13 = “haslo.exe” fullword nocase wide
$s14 = “haslo.dat” fullword nocase wide
condition:
any of ($s*) and pe.exports(“Crash”)
}

rule dragos_crashoverride_hashes {
meta:
description = “CRASHOVERRIDE Malware Hashes”
author = “Dragos Inc”

condition:
filesize < 1MB and
hash.sha1(0, filesize) == “f6c21f8189ced6ae150f9ef2e82a3a57843b587d” or
hash.sha1(0, filesize) == “cccce62996d578b984984426a024d9b250237533” or
hash.sha1(0, filesize) == “8e39eca1e48240c01ee570631ae8f0c9a9637187” or
hash.sha1(0, filesize) == “2cb8230281b86fa944d3043ae906016c8b5984d9” or
hash.sha1(0, filesize) == “79ca89711cdaedb16b0ccccfdcfbd6aa7e57120a” or
hash.sha1(0, filesize) == “94488f214b165512d2fc0438a581f5c9e3bd4d4c” or
hash.sha1(0, filesize) == “5a5fafbc3fec8d36fd57b075ebf34119ba3bff04” or
hash.sha1(0, filesize) == “b92149f046f00bb69de329b8457d32c24726ee00” or
hash.sha1(0, filesize) == “b335163e6eb854df5e08e85026b2c3518891eda8”
}

rule dragos_crashoverride_moduleStrings {
meta:
description = “IEC-104 Interaction Module Program Strings”
author = “Dragos Inc”
strings:
$s1 = “IEC-104 client: ip=%s; port=%s; ASDU=%u” nocase wide ascii
$s2 = “ MSTR ->> SLV” nocase wide ascii
$s3 = “ MSTR <<- SLV” nocase wide ascii
$s4 = “Unknown APDU format !!!” nocase wide ascii
$s5 = “iec104.log” nocase wide ascii
condition:
any of ($s*)
}

rule dragos_crashoverride_configReader
{
meta:
description = “CRASHOVERRIDE v1 Config File Parsing”
author = “Dragos Inc”
strings:
$s0 = { 68 e8 ?? ?? ?? 6a 00 e8 a3 ?? ?? ?? 8b f8 83 c4 ?8 }
$s1 = { 8a 10 3a 11 75 ?? 84 d2 74 12 }
$s2 = { 33 c0 eb ?? 1b c0 83 c8 ?? }
$s3 = { 85 c0 75 ?? 8d 95 ?? ?? ?? ?? 8b cf ?? ?? }
condition:
all of them
}


rule dragos_crashoverride_configReader
{
meta:
description = “CRASHOVERRIDE v1 Config File Parsing”
author = “Dragos Inc”
strings:
$s0 = { 68 e8 ?? ?? ?? 6a 00 e8 a3 ?? ?? ?? 8b f8 83 c4 ?8 }
$s1 = { 8a 10 3a 11 75 ?? 84 d2 74 12 }
$s2 = { 33 c0 eb ?? 1b c0 83 c8 ?? }
$s3 = { 85 c0 75 ?? 8d 95 ?? ?? ?? ?? 8b cf ?? ?? }
condition:
all of them
}

rule dragos_crashoverride_weirdMutex
{
meta:
description = “Blank mutex creation assoicated with CRASHOVERRIDE”
author = “Dragos Inc”
strings:
$s1 = { 81 ec 08 02 00 00 57 33 ff 57 57 57 ff 15 ?? ?? 40 00 a3 ?? ?? ?? 00 85 c0 }
$s2 = { 8d 85 ?? ?? ?? ff 50 57 57 6a 2e 57 ff 15 ?? ?? ?? 00 68 ?? ?? 40 00}
condition:
all of them
}

rule dragos_crashoverride_serviceStomper
{
meta:
description = “Identify service hollowing and persistence setting”
author = “Dragos Inc”
strings:
$s0 = { 33 c9 51 51 51 51 51 51 ?? ?? ?? }
$s1 = { 6a ff 6a ff 6a ff 50 ff 15 24 ?? 40 00 ff ?? ?? ff 15 20 ?? 40 00 }
condition:
all of them
}

rule dragos_crashoverride_wiperModuleRegistry
{
meta:
description = “Registry Wiper functionality assoicated with CRASHOVERRIDE”
author = “Dragos Inc”
strings:
$s0 = { 8d 85 a0 ?? ?? ?? 46 50 8d 85 a0 ?? ?? ?? 68 68 0d ?? ?? 50 }
$s1 = { 6a 02 68 78 0b ?? ?? 6a 02 50 68 b4 0d ?? ?? ff b5 98 ?? ?? ?? ff 15 04 ?? ?? ?? }
$s2 = { 68 00 02 00 00 8d 85 a0 ?? ?? ?? 50 56 ff b5 9c ?? ?? ?? ff 15 00 ?? ?? ?? 85 c0 }
condition:
all of them
}

rule dragos_crashoverride_wiperFileManipulation
{
meta:
description = “File manipulation actions associated with CRASHOVERRIDE wip¬er”
author = “Dragos Inc”
strings:
$s0 = { 6a 00 68 80 00 00 00 6a 03 6a 00 6a 02 8b f9 68 00 00 00 40 57 ff 15 1c ?? ?? ?? 8b d8 }
$s2 = { 6a 00 50 57 56 53 ff 15 4c ?? ?? ?? 56 }
condition:
all of them
}

Impact

A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.
     
Solution

Properly implemented defensive techniques and common cyber hygiene practices increase the complexity of barriers that adversaries must overcome to gain unauthorized access to critical information networks and systems. In addition, malicious network activity should trigger detection and prevention mechanisms that enable organizations to contain and respond to intrusions more rapidly. There is no set of defensive techniques or programs that will completely avert all attacks however, layered cybersecurity defenses will aid in reducing an organization’s attack surface and will increase the likelihood of detection. This layered mitigation approach is known as defense-in-depth.
NCCIC has based its mitigations and recommendations on its analysis of the public reporting of this malware and will be provide updates as more information becomes available.
Critical infrastructure companies should to ensure that they are following best practices, which are detailed in such as those outlined in the Seven Steps to Effectively Defend Industrial Control Systems document produced jointly by DHS, NSA, and FBI.

Application Whitelisting

Application whitelisting (AWL) can detect and prevent attempted execution of malware uploaded by adversaries. Application whitelisting hardens operating systems and prevents the execution of unauthorized software. The static nature of some systems, such as database servers and human-machine interface (HMI) computers make these ideal candidates to run AWL. NCCIC encourages operators to work with their vendors to baseline and calibrate AWL deployments.
Operators may choose to implement directory whitelisting rather than trying to list every possible permutation of applications in an environment. Operators may implement application or application directory whitelisting through Microsoft Software Restriction Policy (SRP), AppLocker, or similar application whitelisting software. Safe defaults allow applications to run from PROGRAMFILES, PROGRAMFILES(X86), SYSTEM32, and any ICS software folders. All other locations should be disallowed unless an exception is granted.

Manage Authentication and Authorization

This malware exploits the lack of authentication and authorization in common ICS protocols to issue unauthorized commands to field devices. Asset owners/operators should implement authentication and authorization protocols to ensure field devices verify the authenticity of commands before they are actioned. In some instances, legacy hardware may not be capable of implementing these protections. In these cases, asset owners can either leverage ICS firewalls to do stateful inspection and authentication of commands, or upgrade their control field devices.

Adversaries are increasingly focused on gaining control of legitimate credentials, especially those associated with highly privileged accounts. Compromising these credentials allows adversaries to masquerade as legitimate users, leaving less evidence of compromise than more traditional attack options (i.e., exploiting vulnerabilities or uploading malware). For this reason, operators should implement multi-factor authentication where possible and reduce privileges to only those needed for a user’s duties. If passwords are necessary, operators should implement secure password policies, stressing length over complexity. For all accounts, including system and non-interactive accounts, operators should ensure credentials are unique, and changed, at a minimum, every 90 days.

NCCIC also recommends that operators require separate credentials for corporate and control network zones and store them in separate trust stores. Operators should never share Active Directory, RSA ACE servers, or other trust stores between corporate and control networks. Specifically, operators should:

  • Decrease a threat actor’s ability to access key network resources by implementing the principle of least privilege;
  • Limit the ability of a local administrator account to login from a local interactive session (e.g., “Deny access to this computer from the network”) and prevent access via a remote desktop protocol session;
  • Remove unnecessary accounts, groups, and restrict root access;
  • Control and limit local administration; and
  • Make use of the Protected Users Active Directory group in Windows Domains to further secure privileged user accounts against pass-the-hash attacks.
Handling Destructive Malware

Destructive malware continues to be a threat to both critical infrastructure and business systems. NCCIC encourages organizations to review the ICS-CERT destructive malware white paper for detailed mitigation guidance. It is important for organizations to maintain backups of key data, systems, and configurations such as:

  • Server gold images,
  • ICS Workstation gold configurations,
  • Engineering workstation images,
  • PLC/RTU configurations,
  • Passwords and configuration information, and
  • Offline copies of install media for operating systems and control applications.
Ensure Proper Configuration/Patch Management

Adversaries often target unpatched systems. A configuration/patch management program centered on the safe importation and implementation of trusted patches will help render control systems more secure.

Such a program will start with an accurate baseline and asset inventory to track what patches are needed. The program will prioritize patching and configuration management of “PC-architecture” machines used in HMI, database server, and engineering workstation roles, as current adversaries have significant cyber capabilities against these systems. Infected laptops are a significant malware vector. Such a program will limit the connection of external laptops to the control network and ideally supply vendors with known-good company laptops. The program will also encourage initial installation of any updates onto a test system that includes malware detection features before the updates are installed on operational systems.

NCCIC recommends that operators:

  • Use best practices when downloading software and patches destined for their control network;
  • Take measures to avoid watering hole attacks;
  • Use a web Domain Name System (DNS) reputation system;
  • Obtain and apply updates from authenticated vendor sites;
  • Validate the authenticity of downloads;
  • Insist that vendors digitally sign updates, and/or publish hashes via an out-of-bound communications path, and only use this path to authenticate;
  • Never load updates from unverified sources;
  • Reduce your attack surface area;
  • To the greatest extent possible, NCCIC recommends that operators:
    • Isolate ICS networks from any untrusted networks, especially the Internet;
    • Lock down all unused ports;
    • Turn off all unused services; and
    • Only allow real-time connectivity to external networks if there is a defined business requirement or control function.
      • If one-way communication can accomplish a task, operators should use optical separation (“data diode”).
      • If bidirectional communication is necessary, operators should use a single open port over a restricted network path.
Build a Defendable Environment

Building a defendable environment will help limit the impact from network perimeter breaches. NCCIC recommends operators segment networks into logical enclaves and restrict host-to-host communications paths. This can prevent adversaries from expanding their access, while allowing the normal system communications to continue operating. Enclaving limits possible damage, as threat actors cannot use compromised systems to reach and contaminate systems in other enclaves. Containment provided by enclaving also makes incident cleanup significantly less costly.

If one-way data transfer from a secure zone to a less secure zone is required, operators should consider using approved removable media instead of a network connection. If real-time data transfer is required, operators should consider using optical separation technologies. This allows replication of data without placing the control system at risk.

Additional details on effective strategies for building a defendable ICS network can be found in the ICS-CERT Defense-in-Depth Recommended Practice.

Implement Secure Remote Access

Some adversaries are effective at gaining remote access into control systems, finding obscure access vectors, even “hidden back doors” intentionally created by system operators. Operators should remove such accesses wherever possible, especially modems, as these are fundamentally insecure.
Operators should:

  • Limit any accesses that remain;
  • Where possible, implement “monitoring only” access enforced by data diodes, and not rely on “read only” access enforced by software configurations or permissions;
  • Not allow remote persistent vendor connections into the control network;
  • Require any remote access to be operator controlled, time limited, and procedurally similar to “lock out, tag out;
  • Use the same remote access paths for vendor and employee connections; do not allow double standards; and
  • Use two-factor authentication if possible, avoiding schemes where both tokens are similar and can be easily stolen (e.g., password and soft certificate).
Monitor and Respond

Defending a network against modern threats requires actively monitoring for adversarial penetration and quickly executing a prepared response. Operators should

  • Consider establishing monitoring programs in the following key places: at the Internet boundary; at the business to Control DMZ boundary; at the Control DMZ to control LAN boundary; and inside the Control LAN;
  • Watch IP traffic on ICS boundaries for abnormal or suspicious communications;
  • Monitor IP traffic within the control network for malicious connections or content;
  • Use host-based products to detect malicious software and attack attempts;
    • Use login analysis (e.g., time and place) to detect stolen credential usage or improper access, verifying all anomalies with quick phone calls;
    • Watch account and user administration actions to detect access control manipulation; and
  • Have a response plan for when adversarial activity is detected.
    • Such a plan may include disconnecting all Internet connections, running a properly scoped search for malware, disabling affected user accounts, isolating suspect systems, and immediately resetting 100 percent of passwords.
    • Such a plan may also define escalation triggers and actions, including incident response, investigation, and public affairs activities.
  • Have a restoration plan, including “gold disks” ready to restore systems to known good states.
     
References Revision History
  • July 12, 2017: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-163: Vulnerability Summary for the Week of June 5, 2017

Mon, 06/12/2017 - 08:46
Original release date: June 12, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- hadoopIn Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.2017-06-048.5CVE-2017-7669
BID
MLISTbigtreecms -- bigtree_cmsUnrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.2017-06-027.5CVE-2017-9364
CONFIRM
CONFIRMdolibarr -- dolibarrDolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).2017-06-057.5CVE-2017-9435
CONFIRM
CONFIRMgoogle -- androidIn NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.2017-06-069.3CVE-2014-9923
BID
CONFIRMgoogle -- androidIn 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.2017-06-069.3CVE-2014-9924
BID
CONFIRMgoogle -- androidIn HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.2017-06-069.3CVE-2014-9925
BID
CONFIRMgoogle -- androidIn GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.2017-06-069.3CVE-2014-9926
BID
CONFIRMgoogle -- androidIn UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.2017-06-069.3CVE-2014-9927
CONFIRMgoogle -- androidIn GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.2017-06-069.3CVE-2014-9928
BID
CONFIRMgoogle -- androidIn WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist.2017-06-069.3CVE-2014-9929
BID
CONFIRMgoogle -- androidIn WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.2017-06-069.3CVE-2014-9930
BID
CONFIRMgoogle -- androidIn the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.2017-06-067.6CVE-2014-9941
BID
CONFIRMgoogle -- androidIn Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.2017-06-069.3CVE-2014-9942
BID
CONFIRMgoogle -- androidIn Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist.2017-06-069.3CVE-2014-9943
BID
CONFIRMgoogle -- androidIn the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.2017-06-069.3CVE-2014-9944
BID
CONFIRMgoogle -- androidIn TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.2017-06-069.3CVE-2014-9945
BID
CONFIRMgoogle -- androidIn Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.2017-06-069.3CVE-2014-9946
BID
CONFIRMgoogle -- androidIn TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.2017-06-069.3CVE-2014-9948
BID
CONFIRMgoogle -- androidIn TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist.2017-06-069.3CVE-2014-9949
BID
CONFIRMgoogle -- androidIn Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.2017-06-069.3CVE-2014-9950
BID
CONFIRMgoogle -- androidIn the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.2017-06-069.3CVE-2014-9952
BID
CONFIRMgoogle -- androidIn TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.2017-06-069.3CVE-2015-9005
BID
CONFIRMgoogle -- androidIn Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.2017-06-069.3CVE-2015-9006
BID
CONFIRMgoogle -- androidIn TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.2017-06-069.3CVE-2015-9007
BID
CONFIRMgoogle -- androidIn TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.2017-06-069.3CVE-2016-10297
BID
CONFIRMlenovo -- lenovo_service_bridgeIn Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.2017-06-047.2CVE-2016-8228
CONFIRMmercurial -- mercurialIn Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.2017-06-069.0CVE-2017-9462
CONFIRM
CONFIRM
CONFIRMsoffid -- iamUntrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.2017-06-027.5CVE-2017-9363
CONFIRMtodd_miller -- sudoTodd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.2017-06-057.2CVE-2017-1000368
BID
CONFIRMwebsitebaker -- websitebakerWebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.2017-06-027.5CVE-2017-9360
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.2017-06-027.8CVE-2017-9345
BID
MISC
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.2017-06-027.8CVE-2017-9346
BID
MISC
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.2017-06-027.8CVE-2017-9349
BID
MISC
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.2017-06-027.8CVE-2017-9350
BID
MISC
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.2017-06-027.8CVE-2017-9352
BID
MISC
MISC
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoasterisk -- certified_asteriskA memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing a infinite loop and leading to memory exhaustion (by message logging in that loop).2017-06-025.0CVE-2017-9358
CONFIRM
BID
CONFIRMbigtreecms -- bigtree_cmsCSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.2017-06-026.8CVE-2017-9365
CONFIRM
CONFIRMbigtreecms -- bigtree_cmsBigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted.2017-06-024.0CVE-2017-9378
MISC
MISCbigtreecms -- bigtree_cmsMultiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.2017-06-026.8CVE-2017-9379
MISCbigtreecms -- bigtree_cmsSQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true.2017-06-046.5CVE-2017-9427
MISCbigtreecms -- bigtree_cmsA directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter.2017-06-045.0CVE-2017-9428
MISCbigtreecms -- bigtree_cms** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files."2017-06-056.5CVE-2017-9442
MISCbigtreecms -- bigtree_cms** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files."2017-06-056.5CVE-2017-9443
MISCcryptopp -- crypto++Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.2017-06-055.0CVE-2017-9434
CONFIRM
CONFIRM
CONFIRMfreedesktop -- popplerIn Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.2017-06-024.3CVE-2017-9406
CONFIRMfreedesktop -- popplerIn Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.2017-06-024.3CVE-2017-9408
CONFIRMgoogle -- androidIn TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist.2017-06-064.3CVE-2014-9947
BID
CONFIRMgoogle -- androidIn TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist.2017-06-064.3CVE-2014-9951
BID
CONFIRMgoogle -- androidThe stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.2017-06-064.3CVE-2015-3830
MISC
MISCimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.2017-06-024.3CVE-2017-9405
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-06-024.3CVE-2017-9407
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-06-024.3CVE-2017-9409
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.2017-06-054.3CVE-2017-9439
BID
CONFIRMimagemagick -- imagemagickIn ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.2017-06-054.3CVE-2017-9440
BID
CONFIRMjamroom -- jamroomCross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field.2017-06-044.3CVE-2012-6705
MISC
BIDlenovo -- lenovo_service_bridgeA cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.2017-06-046.8CVE-2016-8229
CONFIRMlenovo -- lenovo_service_bridgeIn Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.2017-06-045.0CVE-2016-8230
CONFIRMlenovo -- lenovo_service_bridgeIn Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.2017-06-045.0CVE-2016-8231
CONFIRMlibtiff -- libtiffIn LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.2017-06-024.3CVE-2017-9403
CONFIRMlibtiff -- libtiffIn LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.2017-06-024.3CVE-2017-9404
CONFIRModoo -- odooDirectory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.2017-06-044.0CVE-2017-9416
CONFIRMopen-emr -- openemrOpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.2017-06-026.5CVE-2017-9380
MISCtodd_miller -- sudoTodd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.2017-06-056.9CVE-2017-1000367
SUSE
SUSE
SUSE
MISC
FULLDISC
DEBIAN
MLIST
BID
SECTRACK
UBUNTU
REDHAT
FEDORA
GENTOO
CONFIRMvirustotal -- yaralibyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.2017-06-055.0CVE-2017-9438
CONFIRM
CONFIRMwebsitebaker -- websitebakerWebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.2017-06-024.3CVE-2017-9361
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.2017-06-025.0CVE-2017-9343
BID
MISC
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.2017-06-025.0CVE-2017-9344
BID
MISC
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.2017-06-025.0CVE-2017-9347
BID
MISC
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.2017-06-025.0CVE-2017-9348
BID
MISC
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.2017-06-025.0CVE-2017-9351
BID
MISC
MISC
MISC
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.2017-06-025.0CVE-2017-9353
BID
MISC
MISC
MISC
MISCwireshark -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.2017-06-025.0CVE-2017-9354
BID
MISC
MISC
MISC
MISCytnef_project -- ytnefIn ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.2017-06-074.3CVE-2017-9470
MISCytnef_project -- ytnefIn ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2017-06-074.3CVE-2017-9471
MISCytnef_project -- ytnefIn ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2017-06-074.3CVE-2017-9472
MISCytnef_project -- ytnefIn ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.2017-06-074.3CVE-2017-9473
MISCytnef_project -- ytnefIn ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2017-06-074.3CVE-2017-9474
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infopiwigo -- piwigoCross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.2017-06-063.5CVE-2017-9452
MISCtelaxus -- epesiTelaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.2017-06-023.5CVE-2017-9366
CONFIRM
CONFIRMBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacquisition_technology_&_logistics_agency --  installer_of_electronic_tendering_and_bid_opening_system
 Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2178
JVN
CONFIRMadblock -- adblock
 AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.2017-06-08not yet calculatedCVE-2015-2692
CONFIRM
MISCamd -- fglrx-driverAMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723.2017-06-07not yet calculatedCVE-2015-7724
MISC
FULLDISC
BUGTRAQ
BID
MISCamd -- fglrx-driverAMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack.2017-06-07not yet calculatedCVE-2015-7723
MISC
FULLDISC
BUGTRAQ
BID
MISC

apache -- archiva

The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.2017-06-06not yet calculatedCVE-2016-5004
MLIST
BID
SECTRACK
MISC
MISCapache -- cxf_fedizApplication plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.2017-06-07not yet calculatedCVE-2015-5175
MLIST
BID
CONFIRM
CONFIRM
MLISTapache -- java_servlet_specification
 The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.2017-06-06not yet calculatedCVE-2017-5664
BID
MLISTappcheck -- appcheck
 Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2214
JVNapple -- mac_sleipnir_4
 Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage.2017-06-09not yet calculatedCVE-2016-7831
JVNarm -- arm_trusted_firmware
 In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).2017-06-07not yet calculatedCVE-2017-7563
CONFIRMarm -- arm_trusted_firmware
 In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.2017-06-07not yet calculatedCVE-2017-7564
CONFIRM

arubanetworks -- clearpass_policy_manager

SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.2017-06-08not yet calculatedCVE-2016-2034
CONFIRMasterisk -- asterisk
 PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.2017-06-02not yet calculatedCVE-2017-9372
CONFIRM
BID
CONFIRMasterisk -- asterisk
 The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.2017-06-02not yet calculatedCVE-2017-9359
CONFIRM
BID
CONFIRM
CONFIRMatmail -- atmail
 atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.2017-06-08not yet calculatedCVE-2017-9517
CONFIRMatmail -- atmail
 atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.2017-06-08not yet calculatedCVE-2017-9519
CONFIRMatmail -- atmail
 atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.2017-06-08not yet calculatedCVE-2017-9518
CONFIRMbigtree -- bigtree_cms
 BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the index.php/admin/developer/upgrade/set-ftp-directory/ URI.2017-06-05not yet calculatedCVE-2017-9444
MISCbigtree -- bigtree_cms
 ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files."2017-06-05not yet calculatedCVE-2017-9441
MISCbigtree -- bigtree_cms
 SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name.2017-06-06not yet calculatedCVE-2017-9449
MISCbigtree -- bigtree_cms
 Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users.2017-06-06not yet calculatedCVE-2017-9448
MISC

blue_coat -- advanced_secure_gateway


 Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.2017-06-08not yet calculatedCVE-2016-6594
CONFIRM

bluez -- bluez


 Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.2017-06-09not yet calculatedCVE-2016-7837
CONFIRM
JVNbroadcom -- wi-fi_chip
 Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.2017-06-04not yet calculatedCVE-2017-9417
MISCbuffalo_inc -- wnc01wh_firmware
 Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7824
CONFIRM
JVNbuffalo_inc -- wnc01wh_firmware
 Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.2017-06-09not yet calculatedCVE-2016-7825
CONFIRM
JVNbuffalo_inc -- wnc01wh_firmware
 Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7822
CONFIRM
JVNbuffalo_inc -- wnc01wh_firmware
 Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.2017-06-09not yet calculatedCVE-2016-7826
CONFIRM
JVNbuffalo_inc -- wnc01wh_firmware
 Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7823
CONFIRM
JVN

buffalo_inc -- wnc01wh_firmware


 Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7821
CONFIRM
JVNcgi:irc -- irc.cgi
 irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.2017-06-06not yet calculatedCVE-2017-8920
CONFIRM
CONFIRMcisco -- anyconnect_secure_mobility_client_for_windows
 A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability. This vulnerability affects all Cisco AnyConnect Secure Mobility Client for Windows software versions prior to 4.4.02034. Cisco Bug IDs: CSCvc97928.2017-06-08not yet calculatedCVE-2017-6638
BID
CONFIRMcisco -- prime_data_center_network_manager
 A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346.2017-06-08not yet calculatedCVE-2017-6640
BID
CONFIRMcisco -- prime_data_center_network_manager
 A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961.2017-06-08not yet calculatedCVE-2017-6639
BID
CONFIRMcisco -- telepresence_codec_and_collaboration_endpoint_software
 A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002.2017-06-08not yet calculatedCVE-2017-6648
BID
CONFIRMcompulab -- intense_pc_and_mintbox_2_firmwareCompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.2017-06-06not yet calculatedCVE-2017-8083
MISC
MISC

corega -- cg-wlbargmh_firmware


 Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7808
CONFIRM
JVNcorega -- cg-wlr300nx_firmware
 Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7810
CONFIRM
JVNcorega -- cg-wlr300nx_firmware
 Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7809
CONFIRM
JVNcorega -- cg-wlr300nx_firmware
 Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7811
CONFIRM
JVNcraft_cms -- craft_cms
 Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.2017-06-08not yet calculatedCVE-2017-9516
MISC
MISC
MISCcybozu -- dezie
 Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7832
JVN
CONFIRMcybozu -- dezie
 Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7833
JVN
CONFIRMcybozu -- garoonCybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.2017-06-09not yet calculatedCVE-2016-4907
JVN
CONFIRM

cybozu -- garoon

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.2017-06-09not yet calculatedCVE-2016-4906
JVN
CONFIRMcybozu -- garoon
 Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.2017-06-09not yet calculatedCVE-2016-4908
JVN
CONFIRMcybozu -- garoon
 SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.2017-06-09not yet calculatedCVE-2016-7803
JVN
CONFIRMcybozu -- garoon
 Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7801
JVN
CONFIRMcybozu -- garoon
 Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.2017-06-09not yet calculatedCVE-2016-4910
JVN
CONFIRMcybozu -- garoon
 Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7802
JVN
CONFIRMcybozu -- garoon
 Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.2017-06-09not yet calculatedCVE-2016-4909
JVN
CONFIRMcybozu -- kintone
 The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-09not yet calculatedCVE-2016-7816
JVN
CONFIRMderaemon-cms -- deraemon-cms
 Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username.2017-06-09not yet calculatedCVE-2016-7813
CONFIRM
JVNdocument_liberation_project -- libmwaw
 Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.2017-06-04not yet calculatedCVE-2017-9433
MISC
MISCdocument_liberation_project -- libstaroffice
 Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx.2017-06-04not yet calculatedCVE-2017-9432
MISC
MISCelastic -- kibana
 Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.2017-06-05not yet calculatedCVE-2017-8440
CONFIRM
CONFIRM
CONFIRMelastic -- kibana
 Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users.2017-06-05not yet calculatedCVE-2017-8439
CONFIRM
CONFIRM
CONFIRMelastic -- x-pack
 Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias.2017-06-05not yet calculatedCVE-2017-8441
CONFIRM
CONFIRM
CONFIRMelastic -- x-pack
 Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user specified does not exist, the transition will not happen.2017-06-05not yet calculatedCVE-2017-8438
CONFIRM
CONFIRM
CONFIRMemc -- multiple_products
 EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.2017-06-09not yet calculatedCVE-2017-5004
CONFIRMemc -- multiple_products
 EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.2017-06-09not yet calculatedCVE-2017-5003
CONFIRMf5 -- big-ip_enterprise_manager
 Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors.2017-06-08not yet calculatedCVE-2014-6031
CONFIRMf5 -- multiple_productsA stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.2017-06-09not yet calculatedCVE-2016-7469
CONFIRMflatcore -- flatcore
 Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.2017-06-06not yet calculatedCVE-2017-9451
MISCgame-music-emu -- game-music-emu
 game-music-emu before 0.6.1 mishandles unspecified integer values.2017-06-06not yet calculatedCVE-2016-9961
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISCgame-music-emu -- game-music-emu
 game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).2017-06-06not yet calculatedCVE-2016-9960
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
FEDORA
MISCgoogle -- android
 b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).2017-06-08not yet calculatedCVE-2014-7919
CONFIRM
CONFIRM
CONFIRMgoogle -- android
 Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.2017-06-08not yet calculatedCVE-2016-5648
MISC
FULLDISC
BUGTRAQ
CERT-VNgoogle -- android
 The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.2017-06-09not yet calculatedCVE-2016-7805
JVNgoogle -- chrome
 Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.2017-06-06not yet calculatedCVE-2015-1207
CONFIRM
CONFIRMgoogle -- grpc
 Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.2017-06-04not yet calculatedCVE-2017-9431
MISC
MISCgroup_sessions -- group_sessionsGroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors.2017-06-09not yet calculatedCVE-2017-2165
JVN

h2o_project -- h2o

Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.2017-06-09not yet calculatedCVE-2016-7835
CONFIRM
JVNhoukokusyo -- sakusei_shien_tool
 Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2209
CONFIRM
CONFIRM
MISC
JVNhuawei -- ar1220_firmware
 Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.2017-06-08not yet calculatedCVE-2015-2255
CONFIRMhuawei -- campus_firmware
 The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.2017-06-08not yet calculatedCVE-2015-2800
CONFIRM
BIDhuawei -- campus_firmware
 The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.2017-06-08not yet calculatedCVE-2015-3913
CONFIRMhuawei -- oceanstor_firmware
 The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.2017-06-08not yet calculatedCVE-2015-2253
CONFIRMhuawei -- oceanstor_firmware
 Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.2017-06-08not yet calculatedCVE-2015-2252
CONFIRMhuawei -- oceanstor_firmware
 The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.2017-06-08not yet calculatedCVE-2015-2251
CONFIRMibm -- bigfix_compliance_analytics
 IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.2017-06-08not yet calculatedCVE-2017-1179
CONFIRM
BID
MISCibm -- bigfix_compliance_analytics
 IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671.2017-06-07not yet calculatedCVE-2017-1196
CONFIRM
BID
MISCibm -- business_process_manager
 IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2017-06-08not yet calculatedCVE-2017-1140
CONFIRM
BID
MISCibm -- cognos_analytics
 IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.2017-06-07not yet calculatedCVE-2017-1125
CONFIRM
BID
MISCibm -- cognos_business_intelligence
 IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563.2017-06-07not yet calculatedCVE-2016-0254
CONFIRM
MISCibm -- curam_social_program_management
 Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL.2017-06-08not yet calculatedCVE-2014-4843
CONFIRM
BIDibm -- domino
 IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.2017-06-07not yet calculatedCVE-2016-6087
CONFIRM
BID
MISCibm -- doors_next_generation
 IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459.2017-06-07not yet calculatedCVE-2017-1305
CONFIRM
BID
MISCibm -- endpoint_manager_for_security_and_compliance
 IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430.2017-06-07not yet calculatedCVE-2017-1178
CONFIRM
BID
MISCibm -- maximo_asset_management
 IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.2017-06-07not yet calculatedCVE-2016-9977
CONFIRM
BID
MISCibm -- maximo_asset_management
 IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.2017-06-08not yet calculatedCVE-2016-8987
CONFIRM
BID
MISCibm -- predictive_solutions_foundation
 IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618.2017-06-07not yet calculatedCVE-2016-9710
CONFIRM
MISCibm -- rhapsody_dm
 IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960.2017-06-08not yet calculatedCVE-2016-9698
CONFIRM
CONFIRM
BID
MISCibm -- security_access_manager_9.0
 IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.2017-06-07not yet calculatedCVE-2016-3019
CONFIRM
BID
MISCibm -- security_access_manager_9.0
 IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.2017-06-07not yet calculatedCVE-2016-3051
CONFIRM
BID
MISCibm -- security_privileged_identity_manager
 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136.2017-06-07not yet calculatedCVE-2016-5959
CONFIRM
BID
MISCibm -- security_privileged_identity_manager
 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171.2017-06-07not yet calculatedCVE-2016-5960
CONFIRM
BID
MISCibm -- sterling_order_management
 IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.2017-06-08not yet calculatedCVE-2016-9991
CONFIRM
BID
MISCibm -- tivoli key lifecycle manager
 IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.2017-06-08not yet calculatedCVE-2016-6098
CONFIRM
BID
MISCibm -- tivoli key lifecycle manager
 IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.2017-06-08not yet calculatedCVE-2016-6093
CONFIRM
BID
MISCibm -- tivoli_federated_identity_manager
 IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731.2017-06-08not yet calculatedCVE-2017-1319
CONFIRM
MISCibm -- tivoli_storage_manager
 IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.2017-06-07not yet calculatedCVE-2016-8939
CONFIRM
BID
MISCibm -- websphere_application_server
 IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.2017-06-08not yet calculatedCVE-2016-9736
CONFIRM
CONFIRM
BID
MISCibm -- websphere_mq
 IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.2017-06-07not yet calculatedCVE-2016-6089
CONFIRM
BID
MISCimagemagick -- imagemagick
 In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.2017-06-07not yet calculatedCVE-2017-9500
BID
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.2017-06-07not yet calculatedCVE-2017-9501
BID
CONFIRM
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.2017-06-07not yet calculatedCVE-2017-9499
BID
CONFIRM
CONFIRMintel -- omni_path_architectureRace conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.2017-06-07not yet calculatedCVE-2015-5232
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRMintellect_design_arena -- intellect_coreCross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software.2017-06-07not yet calculatedCVE-2015-6540
MISC
BUGTRAQiodata -- ts-wrlp_firmware
 I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7814
CONFIRM
JVNiodata -- ts-wrlp_firmware
 Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7820
CONFIRM
JVNiodata -- ts-wrlp_firmware
 I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7819
CONFIRM
JVN

iodata -- wfs-sr01_firmware


 I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7806
CONFIRM
JVNiodata -- wfs-sr01_firmware
 I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7807
CONFIRM
JVN

ipa -- appgoat


 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.2017-06-09not yet calculatedCVE-2017-2179
JVN

ipa -- appgoat


 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.2017-06-09not yet calculatedCVE-2017-2181
JVN

ipa -- appgoat


 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.2017-06-09not yet calculatedCVE-2017-2182
JVN

ipa -- appgoat


 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors.2017-06-09not yet calculatedCVE-2017-2180
JVNirssi -- irssi
 In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash.2017-06-06not yet calculatedCVE-2017-9469
CONFIRM
CONFIRMirssi -- irssi
 In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash.2017-06-06not yet calculatedCVE-2017-9468
CONFIRM
CONFIRMlemons_php -- simple_keitai_chat_2.0
 Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7817
JVNlenovo -- active_protection_system
 In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.2017-06-04not yet calculatedCVE-2017-3740
CONFIRMlenovo -- power_management_driverIn the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation.2017-06-04not yet calculatedCVE-2017-3741
CONFIRM

libdwarf -- libdwarf

dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).2017-06-07not yet calculatedCVE-2015-8538
MLIST
CONFIRMlibgcrypt -- libgcrypt
 In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.2017-06-10not yet calculatedCVE-2017-9526
CONFIRM
CONFIRM
CONFIRMlinux-- qemu_emulator
 QEMU (aka Quick Emulator), when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value.2017-06-08not yet calculatedCVE-2017-9330
CONFIRM
MLIST
BID
CONFIRMlynis -- lynis
 Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.2017-06-08not yet calculatedCVE-2017-8108
CONFIRM
CONFIRM
FEDORA
FEDORAmarkdown-it -- markdown-it
 markdown-it before 4.1.0 does not block data: URLs.2017-06-07not yet calculatedCVE-2015-3295
MLIST
BID
CONFIRMmavetju -- mavetju
 Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.2017-06-05not yet calculatedCVE-2017-9430
MISC
MISC
EXPLOIT-DBmicrosoft -- windows_7
 Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2191
JVNmicrosoft -- windows_7
 Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2190
JVNmicrosoft -- windows_7
 Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2189
JVNmicrosoft -- windows_7
 Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2192
JVN

microsoft -- windows_vista


 Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2016-4902
JVNmilton -- milton_webdavXML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3.2017-06-07not yet calculatedCVE-2015-7326
MISC
BUGTRAQ
BID
CONFIRM
CONFIRM
CONFIRMmulti_feed_reader -- multi_feed_reader
 SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.2017-06-09not yet calculatedCVE-2017-2195
JVN
CONFIRMnagios -- fedora_nagios
 The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.2017-06-06not yet calculatedCVE-2016-0726
CONFIRMnet_monitor -- net_monitor_for_employeesNet Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.2017-06-08not yet calculatedCVE-2017-7180
EXPLOIT-DBopen-xchange -- open-xchange_appsuite
 Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.2017-06-08not yet calculatedCVE-2015-1588
MISC
BUGTRAQ
BID
SECTRACKopenbravo -- openbravo_business_suite
 Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.2017-06-05not yet calculatedCVE-2017-9437
MISCopenstack -- ironicOpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.2017-06-07not yet calculatedCVE-2015-7514
MLIST
CONFIRM
CONFIRM
CONFIRMpatchjgd -- patchjgd
 Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2211
JVN
CONFIRMpatchjgd -- patchjgd
 Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2210
JVN
CONFIRMpeplink -- balance_router
 Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter.2017-06-05not yet calculatedCVE-2017-8841
MISC
MISCpeplink -- balance_router
 SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.2017-06-05not yet calculatedCVE-2017-8835
MISC
MISCpeplink -- balance_router
 Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid.2017-06-05not yet calculatedCVE-2017-8840
MISC
MISCpeplink -- balance_router
 Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.2017-06-05not yet calculatedCVE-2017-8837
MISC
MISCpeplink -- balance_router
 CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.2017-06-05not yet calculatedCVE-2017-8836
MISC
MISCpeplink -- balance_router
 XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.2017-06-05not yet calculatedCVE-2017-8839
MISC
MISCpeplink -- balance_router
 XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.2017-06-05not yet calculatedCVE-2017-8838
MISC
MISCperl -- perlThe IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.2017-06-07not yet calculatedCVE-2015-8326
MLIST
CONFIRM
CONFIRM
CONFIRMpersonify360 -- personify360_e-business
 An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).2017-06-07not yet calculatedCVE-2017-7312
MISCpersonify360 -- personify360_e-business
 An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required.2017-06-07not yet calculatedCVE-2017-7313
MISCpersonify360 -- personify360_e-business
 An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.2017-06-07not yet calculatedCVE-2017-7314
MISCphoenix -- broadband_poweragent_sc3_bmsA Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.2017-06-02not yet calculatedCVE-2017-6039
BID
MISCpivotx -- pivotx
 The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.2017-06-06not yet calculatedCVE-2017-9332
MISCpoppler -- poppler
 poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.2017-06-06not yet calculatedCVE-2017-7515
CONFIRM

postgresql -- postgresql

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.2017-06-06not yet calculatedCVE-2016-0768
CONFIRM

postgresql -- postgresql

PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath.2017-06-06not yet calculatedCVE-2016-0767
CONFIRMpostgresql -- postgresql
 PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own.2017-06-06not yet calculatedCVE-2016-2192
CONFIRMqemu -- qemu_emulator
 QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.2017-06-08not yet calculatedCVE-2017-9310
CONFIRM
MLIST
BID
CONFIRMradare -- radare2
 The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.2017-06-08not yet calculatedCVE-2017-9520
CONFIRM
CONFIRMrapid7 -- nexpose
 The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.2017-06-06not yet calculatedCVE-2017-5243
CONFIRMred5 -- media_server
 The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.2017-06-08not yet calculatedCVE-2017-5878
MLIST
MISCred_hat -- ansibleThe chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.2017-06-07not yet calculatedCVE-2015-6240
MLIST
CONFIRM
CONFIRM
CONFIRMred_hat -- ansible
 The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.2017-06-08not yet calculatedCVE-2014-3498
CONFIRM
CONFIRMred_hat -- satellite_6
 MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.2017-06-06not yet calculatedCVE-2014-8180
CONFIRM
CONFIRMred_hat -- satellite_6
 Red Hat Satellite 6 allows remote authenticated users with privileged access on a content host to authenticate to the capsule broker or server broker.2017-06-07not yet calculatedCVE-2015-5202
CONFIRMredhat -- 389_directory_server
 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.2017-06-08not yet calculatedCVE-2016-4992
REDHAT
REDHAT
CONFIRMredhat -- 389_directory_server
 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.2017-06-08not yet calculatedCVE-2016-5405
REDHAT
REDHAT
BID
CONFIRMredhat -- 389_directory_server
 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.2017-06-08not yet calculatedCVE-2016-5416
REDHAT
REDHAT
CONFIRMredhat -- cloud_foundry_diego
 Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.2017-06-08not yet calculatedCVE-2016-3091
MLISTredhat -- cloudforms
 ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.2017-06-08not yet calculatedCVE-2016-4471
CONFIRM
CONFIRMredhat -- cloudforms
 CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.2017-06-08not yet calculatedCVE-2016-4457
CONFIRMredhat -- gnu_compiler_collection
 Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.2017-06-07not yet calculatedCVE-2016-4973
MLIST
BID
CONFIRMredhat -- jboss_eap
 The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.2017-06-08not yet calculatedCVE-2016-3690
CONFIRM
MISC
CONFIRMredhat -- mod_ns
 mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.2017-06-08not yet calculatedCVE-2016-3099
FEDORA
FEDORA
FEDORA
REDHAT
CONFIRMredhat -- ovirt
 The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.2017-06-06not yet calculatedCVE-2016-3077
CONFIRMredhat -- php
 /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.2017-06-08not yet calculatedCVE-2016-4473
SUSE
REDHAT
CONFIRMredhat -- pulpserver/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.2017-06-08not yet calculatedCVE-2016-3095
FEDORA
MLIST
MLIST
CONFIRM
CONFIRMredhat -- pulp
 The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.2017-06-08not yet calculatedCVE-2016-3108
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRMredhat -- pulp
 pulp.spec in Pulp 2.8.3 allows local users to read generated RSA keys.2017-06-08not yet calculatedCVE-2016-3111
MISC
MISC
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMredhat -- pulp
 The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.2017-06-08not yet calculatedCVE-2016-3107
MLIST
CONFIRM
CONFIRM
CONFIRMredhat -- pulp
 client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable.2017-06-08not yet calculatedCVE-2016-3112
MLIST
CONFIRM
CONFIRM
CONFIRM

redhat -- resteasy


 SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.2017-06-08not yet calculatedCVE-2016-7050
REDHAT
CONFIRMredhat -- spice-gtk
 The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.2017-06-06not yet calculatedCVE-2016-3066
CONFIRMsaat -- netizen
 Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2206
JVN
CONFIRMsaat -- personal
 Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2207
JVN
CONFIRMsamba -- samba
 smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.2017-06-06not yet calculatedCVE-2017-9461
CONFIRM
CONFIRM
CONFIRM

samsung -- samsung_mobile

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.2017-06-07not yet calculatedCVE-2015-7888
MISC
BID
MISCschneider_electric – somachine_hvac
 A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.2017-06-07not yet calculatedCVE-2017-7966
CONFIRM
BIDschneider_electric – somachine_hvac
 A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.2017-06-07not yet calculatedCVE-2017-7965
CONFIRM
BIDscreensaver_installers -- N/A screensaver_installers
 Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2176
JVN
CONFIRMseagate -- business_nas
 Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.2017-06-08not yet calculatedCVE-2014-8687
MISC
MISC
BID
MISC
EXPLOIT-DB
EXPLOIT-DBsemidynaexe -- semidynaexe
 Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2213
JVN
CONFIRMshogyo_touki_denshi_ninsho -- shogyo_touki_denshi_ninsho
 Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2177
JVN
CONFIRMsimeji -- simeji
 Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2219
JVNskysea -- skysea
 SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.2017-06-09not yet calculatedCVE-2016-7836
CONFIRM
JVN
CONFIRMsocat -- socat
 The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).2017-06-08not yet calculatedCVE-2015-1379
CONFIRM
MLIST
MLIST
BID
CONFIRMsony -- video_conference_firmware
 Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.2017-06-09not yet calculatedCVE-2016-7830
JVN
CONFIRMsophos -- cyberoam_firmware
 An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp.2017-06-07not yet calculatedCVE-2016-9834
MISCsophos -- sophos_web_appliance
 The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.2017-06-08not yet calculatedCVE-2017-9523
CONFIRMspiffy -- spiffyDirectory traversal vulnerability in Spiffy before 5.4.2017-06-07not yet calculatedCVE-2015-8235
CONFIRM
MLIST
BID
MLISTstrongswan -- strongswan
 The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.2017-06-08not yet calculatedCVE-2017-9023
DEBIAN
BID
UBUNTU
CONFIRMstrongswan -- strongswan
 The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.2017-06-08not yet calculatedCVE-2017-9022
DEBIAN
BID
UBUNTU
CONFIRMsubsonic -- subsonic
 XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.2017-06-07not yet calculatedCVE-2017-9355
MISC
MISC

symantec -- rar


 Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.2017-06-04not yet calculatedCVE-2014-9983
CONFIRMteampass -- teampass
 TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.2017-06-05not yet calculatedCVE-2017-9436
CONFIRMtera_term -- tera_termUntrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2193
JVN
CONFIRM

tky2jgd -- tky2jgd

Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. 1.3.79 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2017-2212
JVN
CONFIRMtodokesho -- todokesho
 Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-06-09not yet calculatedCVE-2016-7818
CONFIRM
CONFIRM
CONFIRM
CONFIRM
JVN

torproject -- tor

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.2017-06-09not yet calculatedCVE-2017-0376
CONFIRM
CONFIRM
CONFIRM

torproject -- tor

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.2017-06-09not yet calculatedCVE-2017-0375
CONFIRM
CONFIRM
CONFIRMubuntu -- debian
 In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.2017-06-09not yet calculatedCVE-2017-9525
MISC
MISCvindula -- vindula
 Cross-site scripting (XSS) vulnerability in Vindula 1.9.2017-06-07not yet calculatedCVE-2015-6959
MISCvmware -- esxi
 VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.2017-06-07not yet calculatedCVE-2017-4903
BID
CONFIRMvmware -- esxi
 The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.2017-06-07not yet calculatedCVE-2017-4904
BID
CONFIRMvmware -- esxi
 VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.2017-06-07not yet calculatedCVE-2017-4902
BID
CONFIRMvmware -- esxi
 VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.2017-06-07not yet calculatedCVE-2017-4905
BID
CONFIRMvmware -- horizon_view_clientVMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.2017-06-08not yet calculatedCVE-2017-4918
CONFIRMvmware -- unified_access_gateway
 VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.2017-06-08not yet calculatedCVE-2017-4907
BID
CONFIRMvmware -- vsphere_data_protection
 VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.2017-06-07not yet calculatedCVE-2017-4914
BID
CONFIRMvmware -- vsphere_data_protection
 VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained.2017-06-07not yet calculatedCVE-2017-4917
BID
CONFIRMvmware -- workstation
 VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.2017-06-07not yet calculatedCVE-2017-4900
BID
CONFIRMvmware -- workstation
 VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.2017-06-08not yet calculatedCVE-2017-4910
BID
CONFIRMvmware -- workstation
 The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.2017-06-08not yet calculatedCVE-2017-4901
BID
CONFIRMvmware -- workstation
 VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed.2017-06-07not yet calculatedCVE-2017-4898
BID
CONFIRMvmware -- workstation
 VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed.2017-06-07not yet calculatedCVE-2017-4899
BID
CONFIRMvmware -- workstation
 VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.2017-06-08not yet calculatedCVE-2017-4912
BID
CONFIRMvmware -- workstation
 VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.2017-06-08not yet calculatedCVE-2017-4908
BID
CONFIRMvmware -- workstation
 VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.2017-06-08not yet calculatedCVE-2017-4911
BID
CONFIRMvmware -- workstation
 VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.2017-06-08not yet calculatedCVE-2017-4909
BID
CONFIRMvmware -- workstation
 VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.2017-06-08not yet calculatedCVE-2017-4913
BID
CONFIRMwinsparkle -- winsparkle
 Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-06-09not yet calculatedCVE-2016-7838
CONFIRM
JVN
JVN
CONFIRMwordpress -- live_chat_support
 Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-06-09not yet calculatedCVE-2017-2187
JVN
CONFIRMwordpress -- slideshowThe SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.2017-06-08not yet calculatedCVE-2015-3634
MLIST
BID
CONFIRM
CONFIRMwordpress -- spiffy_calendar
 Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.2017-06-05not yet calculatedCVE-2017-9420
MISC
MISC
BIDwordpress -- wordpress_backup_to_dropbox
 Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress.2017-06-07not yet calculatedCVE-2014-9310
BID
MISC
CONFIRMyara -- yara
 The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.2017-06-06not yet calculatedCVE-2017-9465
CONFIRM
CONFIRM

zencherry -- zcms

SQL injection vulnerability in ZCMS 1.1.2017-06-07not yet calculatedCVE-2015-7346
MISC
MISC
EXPLOIT-DBzend -- zend_framework
 Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.2017-06-08not yet calculatedCVE-2015-1786
CONFIRM
CONFIRM

zulip -- zulip_server

Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.2017-06-02not yet calculatedCVE-2017-0896
MISC
MLIST
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Recommends Steps to Protect Against Mobile Phone Theft

Thu, 06/08/2017 - 19:43
Original release date: June 08, 2017

The Federal Trade Commission (FTC) has released an alert about the theft of mobile phones and the best way to prepare for and recover from this kind of theft. Precautionary steps include regularly backing up the data on the phone, using strong passwords, and using two-factor authentication on any accounts on the phone.

US-CERT encourages users and administrators to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 06/07/2017 - 15:26
Original release date: June 07, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

Wed, 06/07/2017 - 11:27
Original release date: June 07, 2017

VMware has released security updates to address vulnerabilities in vSphere Data Protection. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0010 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Tue, 06/06/2017 - 06:39
Original release date: June 06, 2017

Google has released Chrome version 59.0.3071.86 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


TA17-156A: Reducing the Risk of SNMP Abuse

Mon, 06/05/2017 - 20:11
Original release date: June 05, 2017
Systems Affected

SNMP enabled devices

Overview

The Simple Network Management Protocol (SNMP) may be abused to gain unauthorized access to network devices. SNMP provides a standardized framework for a common language that is used for monitoring and managing devices in a network.

This Alert provides information on SNMP best practices, along with prevention and mitigation recommendations.

Description

SNMP depends on secure strings (or “community strings”) that grant access to portions of devices’ management planes. Abuse of SNMP could allow an unauthorized third party to gain access to a network device. 

SNMPv3 should be the only version of SNMP employed because SNMPv3 has the ability to authenticate and encrypt payloads. When either SNMPv1 or SNMPv2 are employed, an adversary could sniff network traffic to determine the community string. This compromise could enable a man-in-the-middle or replay attack.

Although SNMPv1 and SNMPv2 have similar characteristics, 64-bit counters were added to SNMPv2 so it could support faster interfaces. SNMPv3 replaces the simple/clear text password sharing used in SNMPv2 with more securely encoded parameters. All versions run over the User Datagram Protocol (UDP).

Simply using SNMPv3 is not enough to prevent abuse of the protocol. A safer approach is to combine SNMPv3 with management information base (MIB) whitelisting using SNMP views. This technique ensures that even with exposed credentials, information cannot be read from or written to the device unless the information is needed for monitoring or normal device re-configuration. The majority of devices that support SNMP contain a generic set of MIBs that are vendor agnostic. This approach allows the object identifier (OID) to be applied to devices regardless of manufacturer.

Impact

A remote attacker may abuse SNMP-enabled network devices to access an organization’s network infrastructure.

Solution

A fundamental way to enhance network infrastructure security is to safeguard networking devices with secure configurations. US-CERT recommends that administrators:

  • Configure SNMPv3 to use the highest level of security available on the device; this would be authPriv on most devices. authPriv includes authentication and encryption features, and employing both features enhances overall network security. Some older images may not contain the cryptographic feature set, in which case authNoPriv needs to be used. However, if the device does not support Version 3 authPriv, it should be upgraded.
  • Ensure administrative credentials are properly configured with different passwords for authentication and encryption. In configuring accounts, follow the principle of least privilege. Role separation between polling/receiving traps (reading) and configuring users or groups (writing) is imperative because many SNMP managers require login credentials to be stored on disk in order to receive traps.
  • Refer to your vendor’s guidance for implementing SNMP views. SNMP view is a command that can be used to limit the available OIDs. When OIDs are included in the view, all other MIB trees are inherently denied. The SNMP view command must be used in conjunction with a predefined list of MIB objects.
  • Apply extended access control lists (ACLs) to block unauthorized computers from accessing the device. Access to devices with read and/or write SNMP permission should be strictly controlled. If monitoring and change management are done through separate software, then they should be on separate devices.
  • Segregate SNMP traffic onto a separate management network. Management network traffic should be out-of-band; however, if device management must coincide with standard network activity, all communication occurring over that network should use some encryption capability. If the network device has a dedicated management port, it should be the sole link for services like SNMP, Secure Shell (SSH), etc.
  • Keep system images and software up-to-date.
References Revision History
  • June 5, 2017: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-156: Vulnerability Summary for the Week of May 29, 2017

Mon, 06/05/2017 - 06:24
Original release date: June 05, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- hiveApache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through.2017-05-305.0CVE-2016-3083
BID
MLISTfortinet -- fortiportalAn improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.2017-05-266.4CVE-2017-7337
CONFIRMfortinet -- fortiportalA password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.2017-05-265.0CVE-2017-7338
CONFIRMfortinet -- fortiportalA Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.2017-05-264.3CVE-2017-7339
CONFIRMfortinet -- fortiportalAn open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.2017-05-265.8CVE-2017-7343
CONFIRMfortinet -- fortiportalA weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.2017-05-265.0CVE-2017-7731
CONFIRMfortinet -- fortiwebA Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.2017-05-264.3CVE-2017-3129
BID
CONFIRMibm -- inotesIBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.2017-05-264.3CVE-2017-1325
CONFIRM
MISCibm -- maximo_asset_management_essentialsIBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.2017-05-265.0CVE-2017-1292
CONFIRM
MISClinux -- linux_kernelThe __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.2017-05-264.9CVE-2017-9242
CONFIRM
BID
CONFIRM
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoibm -- maximo_asset_management_essentialsIBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.2017-05-263.5CVE-2017-1291
CONFIRM
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoallen_disk -- allen_disk
 SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.2017-05-31not yet calculatedCVE-2017-9307
MISCallen_disk -- allen_disk
 Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATH_INFO to readfile.php.2017-05-28not yet calculatedCVE-2017-9249
BID
MISCandrzuk/finecms -- andrzuk/finecmsandrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.2017-05-28not yet calculatedCVE-2017-9252
MISCandrzuk/finecms -- andrzuk/finecms
 andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.2017-05-28not yet calculatedCVE-2017-9251
MISCapache -- knox
 For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release.2017-05-26not yet calculatedCVE-2017-5646
MLIST
BIDapache -- open_vswitchIn Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.2017-05-29not yet calculatedCVE-2017-9265
CONFIRMapache -- open_vswitch
 In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.2017-05-29not yet calculatedCVE-2016-10377
CONFIRMapache -- open_vswitch
 In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.2017-05-29not yet calculatedCVE-2017-9263
CONFIRMapache -- open_vswitch
 In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.2017-05-29not yet calculatedCVE-2017-9264
CONFIRMaries -- qwr-1104_wireless-n_router
 Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.2017-05-28not yet calculatedCVE-2017-9243
MISC
EXPLOIT-DBatlassian -- eucalyptus
 Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors.2017-06-01not yet calculatedCVE-2017-7999
CONFIRMbigtree -- bigtree
 Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.2017-06-02not yet calculatedCVE-2017-9364
CONFIRM
CONFIRMbigtree -- bigtree
 CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.2017-06-02not yet calculatedCVE-2017-9365
CONFIRM
CONFIRMbigtree -- bigtree
 BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted.2017-06-02not yet calculatedCVE-2017-9378
MISC
MISCbigtree -- bigtree
 Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.2017-06-02not yet calculatedCVE-2017-9379
MISCbram_korsten_note -- bram_korsten_note
 Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter).2017-05-29not yet calculatedCVE-2017-9289
CONFIRMcanonical -- juju
 Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.2017-05-27not yet calculatedCVE-2017-9232
BID
CONFIRMceragon -- fibeair_ip-10
 Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.2017-06-01not yet calculatedCVE-2015-0936
MISC
MISC
FULLDISC
BID
MISC
MISCchicken_scheme -- chicken_scheme
 An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.2017-06-01not yet calculatedCVE-2017-9334
CONFIRM
CONFIRMcygnux.org -- syspass

 inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.2017-05-31not yet calculatedCVE-2017-9306
MISCdigium -- asterisk
 The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.2017-06-02not yet calculatedCVE-2017-9359
CONFIRM
CONFIRM
CONFIRMdigium -- asterisk
 A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing a infinite loop and leading to memory exhaustion (by message logging in that loop).2017-06-02not yet calculatedCVE-2017-9358
CONFIRM
CONFIRMdigium -- asterisk
 PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.2017-06-02not yet calculatedCVE-2017-9372
CONFIRM
CONFIRMe107 -- e107
 e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.2017-05-29not yet calculatedCVE-2016-10378
MISCexiv2 -- exiv2
 An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.2017-05-26not yet calculatedCVE-2017-9239
MISC
BID
MISCflipbuilder -- flipbuilder
 Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter.2017-06-01not yet calculatedCVE-2017-7384
MISCforinet -- fortiwlc-sd
 An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.2017-05-26not yet calculatedCVE-2017-3134
BID
CONFIRMfortinet -- forticlient
 A potential execution of unauthorized code or commands vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.2 and below allows attacker to potentially overwrite an existing file via the FortiClient log file.2017-05-26not yet calculatedCVE-2016-8496
BID
CONFIRMfortinet -- forticlient
 An escalation of privilege vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.3 and below allows an attacker to gain root privilege via the subproc file.2017-05-26not yet calculatedCVE-2016-8497
BID
CONFIRMfortinet -- fortigate
 A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.2017-06-01not yet calculatedCVE-2017-3127
BID
CONFIRMfortinet -- fortinet_fortianalyzer
 An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.2017-05-26not yet calculatedCVE-2017-3126
BID
CONFIRMfreeradius -- freeradius
 The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.2017-05-29not yet calculatedCVE-2017-9148
MISC
MISC
BIDgit -- git-shell
 git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.2017-06-01not yet calculatedCVE-2017-8386
SUSE
MLIST
DEBIAN
BID
SECTRACK
UBUNTU
MISC
CONFIRM
FEDORA
FEDORA
FEDORAhitachi -- device_manager
 XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.2017-05-29not yet calculatedCVE-2017-9295
CONFIRM
BIDhitachi -- device_manager
 Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.2017-05-29not yet calculatedCVE-2017-9298
CONFIRMhitachi -- device_manager
 Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.2017-05-29not yet calculatedCVE-2017-9297
CONFIRM
BIDhitachi -- device_manager
 Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.2017-05-29not yet calculatedCVE-2017-9296
CONFIRM
BIDhitachi -- device_manager
 RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.2017-05-29not yet calculatedCVE-2017-9294
CONFIRM
BIDimagemagick -- imagemagick
 In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-06-02not yet calculatedCVE-2017-9409
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-06-02not yet calculatedCVE-2017-9407
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.2017-06-02not yet calculatedCVE-2017-9405
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-05-29not yet calculatedCVE-2017-9262
BID
CONFIRMimagemagick -- imagemagick
 In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.2017-05-29not yet calculatedCVE-2017-9261
BID
CONFIRMintel -- solid_state
 There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.2017-05-31not yet calculatedCVE-2017-5688
BID
CONFIRMjerryscript -- jerryscript
 The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.2017-05-28not yet calculatedCVE-2017-9250
CONFIRM
CONFIRM
CONFIRMjoomla -- joomla
 The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.2017-05-29not yet calculatedCVE-2016-10379
MISC
BIDjuniper_networks -- junos_os

 On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R6, 15.1 prior to 15.1F2 or 15.1R1, 15.1X49 prior to 15.1X49-D20 where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, a network based attacker can cause the Junos OS rpd daemon to crash and restart. Repeated crashes of the rpd daemon can result in an extended denial of service condition.2017-05-30not yet calculatedCVE-2017-2302
BID
CONFIRMjuniper_networks -- junos_os

 On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R5, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D30 or 15.1X49-D40, 15.1X53 prior to 15.1X53-D35, and where RIP is enabled, certain RIP advertisements received by the router may cause the RPD daemon to crash resulting in a denial of service condition.2017-05-30not yet calculatedCVE-2017-2303
BID
CONFIRMjuniper_networks -- junos_os
 On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts. Repeated crashes of the jdhcpd process may constitute an extended denial of service condition for subscribers attempting to obtain IPv6 addresses.2017-05-30not yet calculatedCVE-2017-2301
BID
CONFIRMjuniper_networks -- junos_os

 Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'2017-05-30not yet calculatedCVE-2017-2304
BID
CONFIRMjuniper_networks -- junos_space

 On Juniper Networks Junos Space versions prior to 16.1R1, an unauthenticated remote attacker with network access to Junos space device can easily create a denial of service condition.2017-05-30not yet calculatedCVE-2017-2311
BID
CONFIRMjuniper_networks -- junos_space
 An XML External Entity Injection vulnerability in Juniper Networks Junos Space versions prior to 16.1R1 may allow an authenticated user to read arbitrary files on the device.2017-05-30not yet calculatedCVE-2017-2308
BID
CONFIRMjuniper_networks -- junos_space

 On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. This represents an information leak risk.2017-05-30not yet calculatedCVE-2017-2309
BID
CONFIRMjuniper_networks -- junos_space
 A firewall bypass vulnerability in the host based firewall of Juniper Networks Junos Space versions prior to 16.1R1 may permit certain crafted packets, representing a network integrity risk.2017-05-30not yet calculatedCVE-2017-2310
BID
CONFIRMjuniper_networks -- junos_space

 A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.2017-05-30not yet calculatedCVE-2017-2307
BID
CONFIRMjuniper_networks -- junos_space
 On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.2017-05-30not yet calculatedCVE-2017-2305
BID
CONFIRMjuniper_networks -- junos_space

 On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.2017-05-30not yet calculatedCVE-2017-2306
BID
CONFIRMjuniper_networks -- srx_series_services_gateways
 On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets.2017-05-30not yet calculatedCVE-2017-2300
BID
CONFIRMlansweeper -- lansweeper
 Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.2017-05-29not yet calculatedCVE-2017-9292
CONFIRMlaravel -- laravel
 Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.2017-05-29not yet calculatedCVE-2017-9303
BID
CONFIRMlibming -- libming
 The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error.2017-05-31not yet calculatedCVE-2017-8782
MISClibtiff -- libtiff
 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.2017-06-02not yet calculatedCVE-2017-9403
CONFIRMlibtiff -- libtiff
 In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.2017-06-02not yet calculatedCVE-2017-9404
CONFIRMmicrosoft -- malware_protection_engineThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8537
BID
CONFIRMmicrosoft -- malware_protection_engine
 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.2017-05-26not yet calculatedCVE-2017-8538
BID
CONFIRMmicrosoft -- malware_protection_engine
 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.2017-05-26not yet calculatedCVE-2017-8540
BID
CONFIRMmicrosoft -- malware_protection_engine
 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540.2017-05-26not yet calculatedCVE-2017-8541
BID
CONFIRMmicrosoft -- malware_protection_engine
 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8539
BID
CONFIRMmicrosoft -- malware_protection_engine
 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8535
BID
CONFIRMmicrosoft -- malware_protection_engine
 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8536
BID
CONFIRMmicrosoft -- malware_protection_engine
 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.2017-05-26not yet calculatedCVE-2017-8542
BID
CONFIRMmoxa -- oncell
 A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext.2017-05-29not yet calculatedCVE-2017-7913
MISCmoxa -- oncell
 A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device.2017-05-29not yet calculatedCVE-2017-7917
MISCmoxa -- oncell
 An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication.2017-05-29not yet calculatedCVE-2017-7915
MISCnetgear -- wnr2000_devices
 NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.2017-05-26not yet calculatedCVE-2017-6862
BID
CONFIRMnss -- nss
 Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.2017-05-30not yet calculatedCVE-2017-7502
BID
CONFIRMopen_ticket_request_system -- open_ticket_request_system
 Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks.2017-05-29not yet calculatedCVE-2017-9299
MISCopenemr -- openemr
 OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.2017-06-02not yet calculatedCVE-2017-9380
MISCopenldap -- openldap
 servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.2017-05-29not yet calculatedCVE-2017-9287
CONFIRM
BID
CONFIRMpalo_alto_networks -- panorama_vm_appliance
 Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.2017-06-01not yet calculatedCVE-2015-6531
BID
MISCperl -- perl
 Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.2017-06-01not yet calculatedCVE-2017-6512
CONFIRM
CONFIRMphoenix_broadband_technologies -- poweragent_sc3_bms
 A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.2017-06-02not yet calculatedCVE-2017-6039
MISCpivotx -- pivotx
 PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.2017-05-31not yet calculatedCVE-2017-8402
MISCpoppler -- poppler
 In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.2017-06-02not yet calculatedCVE-2017-9408
CONFIRMpoppler -- poppler
 In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.2017-06-02not yet calculatedCVE-2017-9406
CONFIRMpoppler -- poppler
 poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.2017-05-30not yet calculatedCVE-2017-7511
CONFIRMqemu -- qemu
 Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of "VIRTIO_GPU_CMD_SET_SCANOUT:" commands.2017-06-01not yet calculatedCVE-2017-9060
CONFIRM
MLIST
MISCrealnetworks -- realplayer
 RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.2017-05-29not yet calculatedCVE-2017-9302
MISC
BIDsamba -- samba
 Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.2017-05-30not yet calculatedCVE-2017-7494
BID
CONFIRMsamsung -- syncthru_admin_6
 Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.2017-06-01not yet calculatedCVE-2015-5473
BID
MISC
MISC
MISC
MISC
MISC
MISCsoffid -- soffid_iam
 Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.2017-06-02not yet calculatedCVE-2017-9363
CONFIRMtelaxus -- epesi
 The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter.2017-06-01not yet calculatedCVE-2017-9331
CONFIRM
CONFIRMtelaxus -- epesi
 Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.2017-06-02not yet calculatedCVE-2017-9366
CONFIRM
CONFIRMthe_foreman -- the_foreman
 Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.2017-05-26not yet calculatedCVE-2017-7505
CONFIRM
BID
CONFIRMtiki_software -- tiki_wiki_cms_groupware
 lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.2017-05-31not yet calculatedCVE-2017-9305
MISC
MISCvideolan_organization -- videolan_vlc_media_player
 plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.2017-05-29not yet calculatedCVE-2017-9301
MISC
BIDvideolan_organization -- videolan_vlc_media_player
 plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.2017-05-29not yet calculatedCVE-2017-9300
MISC
BIDvmware -- horizon_daas
 VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.2017-05-31not yet calculatedCVE-2017-4897
BID
CONFIRMwebsitebaker -- websitebaker
 WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.2017-06-02not yet calculatedCVE-2017-9361
MISCwebsitebaker -- websitebaker
 WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.2017-06-02not yet calculatedCVE-2017-9360
MISCwireshark_foundation -- wiresharkIn Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.2017-06-02not yet calculatedCVE-2017-9350
MISC
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.2017-06-02not yet calculatedCVE-2017-9345
MISC
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.2017-06-02not yet calculatedCVE-2017-9344
MISC
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.2017-06-02not yet calculatedCVE-2017-9343
MISC
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.2017-06-02not yet calculatedCVE-2017-9352
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.2017-06-02not yet calculatedCVE-2017-9346
MISC
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.2017-06-02not yet calculatedCVE-2017-9353
MISC
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.2017-06-02not yet calculatedCVE-2017-9347
MISC
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.2017-06-02not yet calculatedCVE-2017-9354
MISC
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.2017-06-02not yet calculatedCVE-2017-9349
MISC
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.2017-06-02not yet calculatedCVE-2017-9348
MISC
MISC
MISC
MISCwireshark_foundation -- wireshark
 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.2017-06-02not yet calculatedCVE-2017-9351
MISC
MISC
MISC
MISC
MISC
MISCwordpress -- wordpress
 The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).2017-05-29not yet calculatedCVE-2017-9288
MISC
MISC
MISCwordpress -- wordpress
 The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.2017-06-01not yet calculatedCVE-2017-9336
MISCwordpress -- wordpress
 The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.2017-06-01not yet calculatedCVE-2017-9337
MISCyara -- yara
 libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.2017-05-31not yet calculatedCVE-2017-9304
CONFIRM
CONFIRMzulip -- zulip_server
 Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this.2017-06-02not yet calculatedCVE-2017-0896
MISC
MLIST
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Pages