CERT

Subscribe to CERT feed
Updated: 26 min 27 sec ago

Adobe Releases Security Updates

Mon, 10/16/2017 - 15:33
Original release date: October 16, 2017

Adobe has released security updates to address a vulnerability in Adobe Flash Player. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB17-32 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


CERT/CC Reports WPA2 Vulnerabilities

Mon, 10/16/2017 - 09:20
Original release date: October 16, 2017

CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC's VU #228519.

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-289: Vulnerability Summary for the Week of October 9, 2017

Mon, 10/16/2017 - 01:43
Original release date: October 16, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infophpbugtracker_project -- phpbugtrackerMultiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.2017-10-067.5CVE-2015-2146
MLIST
CONFIRMphpbugtracker_project -- phpbugtrackerMultiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.2017-10-067.5CVE-2015-2147
MISC
MLISTBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocozmoslabs -- profile_builderMultiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.2017-10-064.3CVE-2014-8492
MISC
MISCdocker -- dockerDocker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.2017-10-064.6CVE-2014-0047
MLIST
BID
CONFIRMformget -- easy_contact_form_solutionCross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php.2017-10-064.3CVE-2014-7240
MISC
MISCintelliants -- subrion_cmsThere are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.2017-10-066.8CVE-2017-15063
MISClame_project -- lameLAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.2017-10-064.3CVE-2017-15045
MISClame_project -- lameLAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.2017-10-064.3CVE-2017-15046
MISClibcsoap_project -- libcsoapnanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.2017-10-065.0CVE-2015-2297
MLISTphpbugtracker_project -- phpbugtrackerMultiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php.2017-10-066.0CVE-2015-2142
MLIST
CONFIRMphpbugtracker_project -- phpbugtrackerMultiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.2017-10-066.8CVE-2015-2143
MLISTqnap -- qts_helpdeskQNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.2017-10-065.0CVE-2017-13068
MISCrapid7 -- metasploitThe web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.2017-10-064.3CVE-2017-15084
CONFIRMtech-banker -- gallery_bankCross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php.2017-10-064.3CVE-2014-8758
MISC
MISCwpmudev -- smush_image_compression_and_optimizationThe Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.2017-10-065.0CVE-2017-15079
CONFIRM
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoopenkm -- openkmCross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.2017-10-063.5CVE-2014-8957
MISC
BID
MISCphpbugtracker_project -- phpbugtrackerMultiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php.2017-10-063.5CVE-2015-2144
MLIST
CONFIRMphpbugtracker_project -- phpbugtrackerMultiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.2017-10-063.5CVE-2015-2145
MLISTphpbugtracker_project -- phpbugtrackerMultiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.2017-10-063.5CVE-2015-2148
MLISTBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccellion -- file_transfer_appliance
 Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie.2017-10-10not yet calculatedCVE-2015-2856
MISCairtame -- airtame
 /bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change.2017-10-14not yet calculatedCVE-2017-15304
MISCapache -- gridgrain
 Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path.2017-10-09not yet calculatedCVE-2017-14614
MLISTapache -- nifi
 An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.2017-10-10not yet calculatedCVE-2017-12623
CONFIRMapache -- openmeetings
 Apache Openmeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.2017-10-12not yet calculatedCVE-2016-8736
MISC
BIDapache -- ranger
 In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.2017-10-13not yet calculatedCVE-2016-6815
BID
CONFIRMapache -- roller
 The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.2017-10-09not yet calculatedCVE-2014-0030
CONFIRM
MLISTapache -- solr
 Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this.2017-10-14not yet calculatedCVE-2017-12629
MISC
BID
MISC
MISC
MISCapache-- zookeeper
 Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later.2017-10-09not yet calculatedCVE-2017-5637
BID
CONFIRM
MLISTasterisk -- asterisk
 In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.2017-10-09not yet calculatedCVE-2017-14603
CONFIRM
DEBIAN
CONFIRMatlassian -- fisheye_and_crucible
 Various resources in Atlassian FishEye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter.2017-10-11not yet calculatedCVE-2017-14588
BID
MISC
MISCatlassian -- fisheye_and_crucible
 The administration user deletion resource in Atlassian FishEye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter.2017-10-11not yet calculatedCVE-2017-14587
MISC
MISCatutor -- lms
 Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.2017-10-10not yet calculatedCVE-2015-6521
MLIST
CONFIRMbamboo -- bamboo
 Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.2017-10-12not yet calculatedCVE-2017-9514
CONFIRMcacti -- cacti
 include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.2017-10-10not yet calculatedCVE-2017-15194
SECTRACK
CONFIRM
CONFIRMcisco -- firmware
 Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.2017-10-12not yet calculatedCVE-2015-6358
CISCO
CERT-VN
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACKcybozu -- office
 Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.2017-10-12not yet calculatedCVE-2017-10857
JVN
CONFIRMdotcms -- dotcms
 The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.2017-10-10not yet calculatedCVE-2017-15219
MISCdream -- multimedia_dreambox_devices
 There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.2017-10-12not yet calculatedCVE-2017-15287
MISC
EXPLOIT-DBemc -- network_configuration_manager
 EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-10-11not yet calculatedCVE-2017-8017
CONFIRM
BID
SECTRACKepson -- software
 The Epson "EasyMP" software (tested on version 2.86) is designed to remotely stream a user's computer to supporting projectors. These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming. In addition to the password, each projector (tested on PowerLite Pro G5650W and G6050W) has a hardcoded "backdoor" code (2270), which authenticates to all devices.2017-10-10not yet calculatedCVE-2017-12860
MISCepson -- software
 The Epson "EasyMP" software (tested on version 2.86) is designed to remotely stream a user's computer to supporting projectors. These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming. All Epson projectors (tested on PowerLite Pro G5650W and G6050W)supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device.2017-10-10not yet calculatedCVE-2017-12861
MISCeyesofnetwork -- eyesofnetwork
 A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php.2017-10-10not yet calculatedCVE-2017-15188
MISCflexense -- vx_search_enterprise
 Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.2017-10-11not yet calculatedCVE-2017-15220
EXPLOIT-DBflyspray -- flyspray
 Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.2017-10-10not yet calculatedCVE-2017-15214
MISC
MISC
MISCflyspray -- flyspray
 Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.2017-10-10not yet calculatedCVE-2017-15213
MISC
MISC
MISCfreebsd -- sys_amd64
 The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).2017-10-10not yet calculatedCVE-2015-5675
MISC
BUGTRAQ
BID
SECTRACK
FREEBSDgit -- git
 Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.2017-10-14not yet calculatedCVE-2017-15298
MISC
MISCgnu -- binutils
 _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.2017-10-10not yet calculatedCVE-2017-15225
CONFIRM
CONFIRMgnu -- libextractor
 In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.2017-10-11not yet calculatedCVE-2017-15267
MISC
MISC
MISCgnu -- libextractor
 In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.2017-10-11not yet calculatedCVE-2017-15266
MISC
MISC
MISCgnu -- mpfr
 Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.2017-10-09not yet calculatedCVE-2014-9474
FEDORA
FEDORA
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
MLIST
GENTOOgraphicsmagick -- graphicsmagick 
 ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.2017-10-10not yet calculatedCVE-2017-15238
CONFIRM
CONFIRM
CONFIRMgurunavi -- app_for_ios
 Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks.2017-10-10not yet calculatedCVE-2015-7778
JVN
JVNDB
BIDhitachi -- hibun_confidential_file_decryption
 Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865.2017-10-12not yet calculatedCVE-2017-10863
CONFIRM
JVNhitachi -- hibun_confidential_file_decryption
 Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863.2017-10-12not yet calculatedCVE-2017-10865
CONFIRM
JVNhitachi -- hibun_confidential_file_viewer
 Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-10-12not yet calculatedCVE-2017-10864
CONFIRM
JVNhorde -- groupware
 The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.2017-10-10not yet calculatedCVE-2017-15235
MISChpe -- intelligent_management_center
 The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.2017-10-11not yet calculatedCVE-2017-5791
BID
BID
SECTRACK
MISC
MISC
CONFIRMhpe -- operations_orchestration
 A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.2017-10-10not yet calculatedCVE-2017-8994
BID
CONFIRMhpe -- performance_center
 HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow.2017-10-11not yet calculatedCVE-2017-5789
BID
BID
SECTRACK
SECTRACK
MISC
MISC
CONFIRMhuawei -- fusionserver
 Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions.2017-10-09not yet calculatedCVE-2015-7842
BID
CONFIRMibm -- financial_transaction_manager_for_ach_services_for_multi-platform
 IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.2017-10-10not yet calculatedCVE-2017-1538
CONFIRM
BID
MISCibm -- websphere_application_server
 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578.2017-10-10not yet calculatedCVE-2017-1503
CONFIRM
BID
SECTRACK
MISCidenticard -- two-reader_controller_configuration_manager
 IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page).2017-10-09not yet calculatedCVE-2017-14973
MISCimagemagick -- imagemagick
 ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.2017-10-10not yet calculatedCVE-2017-15218
BID
CONFIRMimagemagick -- imagemagick
 ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.2017-10-10not yet calculatedCVE-2017-15217
BID
CONFIRMimagemagick -- imagemagick
 ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."2017-10-12not yet calculatedCVE-2017-15281
CONFIRMimagemagick_and_graphicsmagick -- imagemagick_and_graphicsmagick
 ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.2017-10-12not yet calculatedCVE-2017-15277
MISC
MISC
MISCinfocus -- mondopad
 Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim's NetNTLMv2 hash.2017-10-09not yet calculatedCVE-2017-14971
MISCinfocus -- mondopad
 InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file.2017-10-09not yet calculatedCVE-2017-14972
MISCintel -- nuc_firmware
 Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery.2017-10-10not yet calculatedCVE-2017-5701
BID
CONFIRMintel -- nuc_firmware

 Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.2017-10-10not yet calculatedCVE-2017-5722
BID
CONFIRMintel -- nuc_firmware
 Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.2017-10-10not yet calculatedCVE-2017-5721
CONFIRMintel -- nuc_firmware

 Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.2017-10-10not yet calculatedCVE-2017-5700
BID
CONFIRMipv6 -- ipv6
 Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on line card resets and lead to an extended service outage. This issue only affects E Series routers with IPv6 licensed and enabled. Routers not configured to process IPv6 traffic are unaffected by this vulnerability. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue.2017-10-13not yet calculatedCVE-2016-4925
BID
SECTRACK
CONFIRMirfanview -- irfanviewIrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x00000000000568a4."2017-10-11not yet calculatedCVE-2017-15243
MISCirfanview -- irfanviewIrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x0000000000057b35."2017-10-11not yet calculatedCVE-2017-15261
MISCirfanview -- irfanviewIrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a."2017-10-11not yet calculatedCVE-2017-15257
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb."2017-10-11not yet calculatedCVE-2017-15252
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2."2017-10-11not yet calculatedCVE-2017-15253
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5."2017-10-11not yet calculatedCVE-2017-15254
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5."2017-10-11not yet calculatedCVE-2017-15241
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c."2017-10-11not yet calculatedCVE-2017-15258
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59."2017-10-11not yet calculatedCVE-2017-15260
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x00000000000166c4."2017-10-11not yet calculatedCVE-2017-15263
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c."2017-10-11not yet calculatedCVE-2017-15262
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4."2017-10-11not yet calculatedCVE-2017-15264
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a."2017-10-11not yet calculatedCVE-2017-15259
MISCirfanview -- irfanview
 IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4."2017-10-11not yet calculatedCVE-2017-15239
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76."2017-10-11not yet calculatedCVE-2017-15245
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe."2017-10-11not yet calculatedCVE-2017-15242
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x0000000000019fc8."2017-10-11not yet calculatedCVE-2017-15256
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."2017-10-11not yet calculatedCVE-2017-15244
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19."2017-10-11not yet calculatedCVE-2017-15250
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef."2017-10-11not yet calculatedCVE-2017-15240
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6."2017-10-11not yet calculatedCVE-2017-15248
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b."2017-10-11not yet calculatedCVE-2017-15246
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000001168a1."2017-10-11not yet calculatedCVE-2017-15247
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0."2017-10-11not yet calculatedCVE-2017-15255
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6."2017-10-11not yet calculatedCVE-2017-15249
MISCirfanview -- irfanview
 IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x00000000000e7326."2017-10-11not yet calculatedCVE-2017-15251
MISCjantek -- jtc-200
 An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.2017-10-12not yet calculatedCVE-2016-5791
MISCjantek -- jtc-200
 A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.2017-10-12not yet calculatedCVE-2016-5789
MISCjavascript -- node
 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.2017-10-10not yet calculatedCVE-2015-7384
BID
CONFIRM
CONFIRMjuniper -- contrail
 The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).2017-10-13not yet calculatedCVE-2017-10616
CONFIRMjuniper -- contrail
 The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).2017-10-13not yet calculatedCVE-2017-10617
CONFIRMjuniper -- junos_os
 Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this issue can only be triggered by a packet sent directly to the IP address of the router. Repeated crashes of the rpd daemon can result in an extended denial of service condition. This issue only affects devices running Junos OS 16.1R1 and services releases based off of 16.1R1 (e.g. 16.1R1-S1, 16.1R1-S2, 16.1R1-S3). No prior versions of Junos OS are affected by this vulnerability, and this issue was resolved in Junos OS 16.2 prior to 16.2R1. No other Juniper Networks products or platforms are affected by this issue. This issue was found during internal product security testing.2017-10-13not yet calculatedCVE-2017-10607
CONFIRMjuniper -- junos_os
 Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.2017-10-13not yet calculatedCVE-2017-10623
CONFIRMjuniper -- junos_space
 A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.2017-10-13not yet calculatedCVE-2017-10612
BID
CONFIRMjuniper -- junos_space
 An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher.2017-10-13not yet calculatedCVE-2017-10622
BID
CONFIRMjuniper -- junos_space
 Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.2017-10-13not yet calculatedCVE-2017-10624
BID
CONFIRMjuniper -- srx_series_devices
 A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue.2017-10-13not yet calculatedCVE-2017-10615
CONFIRMjuniper -- srx_series_devices
 A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55; 12.3X48 prior to 12.3X48-D35; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue.2017-10-13not yet calculatedCVE-2017-10613
CONFIRMjuniper -- srx_series_devices
 A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D50; 14.1 prior to 14.1R8-S5, 14.1R9; 14.1X53 prior to 14.1X53-D50; 14.2 prior to 14.2R7-S9, 14.2R8; 15.1 prior to 15.1F2-S16, 15.1F5-S7, 15.1F6-S6, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D90; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R4-S1, 16.1R5; 16.2 prior to 16.2R1-S3, 16.2R2;2017-10-13not yet calculatedCVE-2017-10621
CONFIRMjuniper -- srx_series_devices
 A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47.2017-10-13not yet calculatedCVE-2017-10614
CONFIRMjuniper -- srx_series_devices
 Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue.2017-10-13not yet calculatedCVE-2017-10606
CONFIRMjuniper -- srx_series_devices
 On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D71, 12.3X48 prior to 12.3X48-D55, 15.1X49 prior to 15.1X49-D100 on SRX Series. No other Juniper Networks products or platforms are affected by this issue.2017-10-13not yet calculatedCVE-2017-10610
CONFIRM
MISCjuniper -- srx_series_devices
 If extended statistics are enabled via 'set chassis extended-statistics', when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart. Repeated crashes of PFE processing can result in an extended denial of service condition. This issue only affects the following platforms: (1) EX2200, EX3300, XRE200 (2) MX Series routers with MPC7E/8E/9E PFEs installed, and only if 'extended-statistics' are enabled under the [edit chassis] configuration. Affected releases are Juniper Networks Junos OS 14.1 prior to 14.1R8-S5, 14.1R9 on MX Series; 14.1X53 prior to 14.1X53-D46, 14.1X53-D50 on EX2200, EX3300, XRE200; 14.2 prior to 14.2R7-S9, 14.2R8 on MX Series; 15.1 prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S3, 15.1R6 on MX Series; 16.1 prior to 16.1R4-S5, 16.1R5, 16.1R6 on MX Series; 16.1X65 prior to 16.1X65-D45 on EX2200, EX3300, XRE200; 16.2 prior to 16.2R2-S1, 16.2R3 on MX Series; 17.1 prior to 17.1R2-S2, 17.1R3 on MX Series; 17.2 prior to 17.2R1-S3, 17.2R2 on MX Series; 17.2X75 prior to 17.2X75-D50 on MX Series; 17.3 prior to 17.3R1-S1, 17.3R2 on MX Series. No other Juniper Networks products or platforms are affected by this issue.2017-10-13not yet calculatedCVE-2017-10611
CONFIRMjuniper -- srx_series_devices
 When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster configuration mode, certain multicast packets might cause the flowd process to crash, halting or interrupting traffic from flowing through the device and triggering RG1+ (data-plane) fail-over to the secondary node. Repeated crashes of the flowd process may constitute an extended denial of service condition. This service is not enabled by default and is only supported in high-end SRX platforms. Affected releases are Juniper Networks Junos OS 12.3X48 prior to 12.3X48-D45, 15.1X49 prior to 15.1X49-D80 on SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800.2017-10-13not yet calculatedCVE-2017-10619
CONFIRMjuniper -- srx_series_devices
 When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have 'bgp-error-tolerance' configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6, 15.1R6-S2, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R5; 16.2 prior to 16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S2, 17.2R2; 17.2X75 prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.2017-10-13not yet calculatedCVE-2017-10618
CONFIRM
MISC
MISCjuniper -- srx_series_devices
 Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110;2017-10-13not yet calculatedCVE-2017-10620
CONFIRMjuniper -- srx_series_devices
 Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target. Repeated traffic in a cluster may cause repeated flip-flop failure operations or full failure to the flowd daemon halting traffic on all nodes. Only IPv6 traffic is affected by this issue. IPv4 traffic is unaffected. This issues is not seen with to-host traffic. This issue has no relation with HA services themselves, only the ALG service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55 on SRX; 12.1X47 prior to 12.1X47-D45 on SRX; 12.3X48 prior to 12.3X48-D32, 12.3X48-D35 on SRX; 15.1X49 prior to 15.1X49-D60 on SRX.2017-10-13not yet calculatedCVE-2017-10608
CONFIRMjuniper -- j-web
 J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS).2017-10-13not yet calculatedCVE-2016-1261
CONFIRMjuniper -- j-web
 Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D40; 12.1X47 prior to 12.1X47-D30; 12.3 prior to 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2X51 prior to 13.2X51-D39, 13.2X51-D40; 13.3 prior to 13.3R9; 14.1 prior to 14.1R6; 14.2 prior to 14.2R6; 15.1 prior to 15.1R3; 15.1X49 prior to 15.1X49-D20; 15.1X53 prior to 15.1X53-D57.2017-10-13not yet calculatedCVE-2016-4923
BID
CONFIRMjuniper -- junos_os
 An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R82017-10-13not yet calculatedCVE-2016-4924
BID
CONFIRMjuniper -- junos_os
 Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X46 prior to 12.1X46-D60; 12.1X47 prior to 12.1X47-D45; 12.3 prior to 12.3R12; 12.3X48 prior to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 prior to 13.3R4-S11, 13.3R9; 14.1 prior to 14.1R4-S12, 14.1R7; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70.2017-10-13not yet calculatedCVE-2016-4922
BID
SECTRACK
CONFIRMjuniper -- junos_os
 By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router. Transit traffic does not trigger the vulnerability. This issue only affects devices with IPv6 enabled and configured. Devices not configured to process IPv6 traffic are unaffected by this vulnerability. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.3 prior to 12.3R3-S4; 12.3X48 prior to 12.3X48-D30; 13.3 prior to 13.3R10, 13.3R4-S11; 14.1 prior to 14.1R2-S8, 14.1R4-S12, 14.1R8; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R6; 15.1 prior to 15.1F2-S5, 15.1F5-S2, 15.1F6, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70.2017-10-13not yet calculatedCVE-2016-4921
BID
SECTRACK
CONFIRMjuniper -- junos_space
 A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected.2017-10-13not yet calculatedCVE-2016-1265
CONFIRMjwt-scala -- jwt-scala
 jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token.2017-10-12not yet calculatedCVE-2017-10862
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.2017-10-10not yet calculatedCVE-2017-15210
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.2017-10-10not yet calculatedCVE-2017-15211
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.2017-10-10not yet calculatedCVE-2017-15206
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.2017-10-10not yet calculatedCVE-2017-15209
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.2017-10-10not yet calculatedCVE-2017-15212
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.2017-10-10not yet calculatedCVE-2017-15207
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.2017-10-10not yet calculatedCVE-2017-15204
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.2017-10-10not yet calculatedCVE-2017-15205
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.2017-10-10not yet calculatedCVE-2017-15203
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.2017-10-10not yet calculatedCVE-2017-15196
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.2017-10-10not yet calculatedCVE-2017-15195
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.2017-10-10not yet calculatedCVE-2017-15200
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.2017-10-10not yet calculatedCVE-2017-15208
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.2017-10-10not yet calculatedCVE-2017-15201
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.2017-10-10not yet calculatedCVE-2017-15202
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.2017-10-10not yet calculatedCVE-2017-15197
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.2017-10-10not yet calculatedCVE-2017-15198
MISC
MISC
MISC
MISCkanboard -- kanboard
 In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.2017-10-10not yet calculatedCVE-2017-15199
MISC
MISC
MISC
MISClansweeper -- lansweeper
 XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.2017-10-10not yet calculatedCVE-2017-13706
MISC
FULLDISC
CONFIRMlava -- ether-serial_link
 An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator.2017-10-11not yet calculatedCVE-2017-14003
BID
MISClibcurl -- libcurl
 libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.2017-10-06not yet calculatedCVE-2017-1000254
BID
SECTRACK
CONFIRM
CONFIRMlibjpeg-turbo -- libjpeg-turbo
 libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.2017-10-10not yet calculatedCVE-2017-15232
MISC
MISClibjpeg-turbo -- libjpeg-turbo
 libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker.2017-10-10not yet calculatedCVE-2014-9092
FEDORA
FEDORA
FEDORA
FEDORA
MISC
MLIST
BID
CONFIRM
MISClibmp3splt -- libmp3splt
 plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.2017-10-09not yet calculatedCVE-2017-15185
MISC
MISC
MISC
EXPLOIT-DBlibxfont -- libxfont
 In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server.2017-10-11not yet calculatedCVE-2017-13722
CONFIRM
CONFIRM
CONFIRM
CONFIRMlibxfont -- libxfont
 In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters.2017-10-11not yet calculatedCVE-2017-13720
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- code_aurora_forum_androidIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively. Android ID: A-36817548. References: QC-CR#2058447, QC-CR#2054770.2017-10-10not yet calculatedCVE-2017-11060
BID
CONFIRMlinux -- code_aurora_forum_androidIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address sanity check which may potentially lead to the use of an out-of-range pointer offset.2017-10-10not yet calculatedCVE-2017-11067
BID
CONFIRMlinux -- code_aurora_forum_androidIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively. Android ID: A-36815952. References: QC-CR#2054770, QC-CR#2058447, QC-CR#2066628, QC-CR#20877852017-10-10not yet calculatedCVE-2017-11064
BID
CONFIRMlinux -- code_aurora_forum_androidIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address.2017-10-10not yet calculatedCVE-2017-11057
BID
CONFIRMlinux -- code_aurora_forum_androidIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow.2017-10-10not yet calculatedCVE-2017-11059
BID
CONFIRMlinux -- code_aurora_forum_androidIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur.2017-10-10not yet calculatedCVE-2017-11052
BID
CONFIRMlinux -- code_aurora_forum_androidIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver.2017-10-10not yet calculatedCVE-2017-9706
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that controls ipa ipc log which will lead to the double-free in ipc_log_context_destroy(). Another issue is the Use-After-Free which can happen due to the race condition when the ipc log is deallocated via the debugfs call during a log print.2017-10-10not yet calculatedCVE-2017-9687
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.2017-10-10not yet calculatedCVE-2017-11054
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently attributes are not validated in __wlan_hdd_cfg80211_do_acs which can potentially lead to a buffer overread.2017-10-10not yet calculatedCVE-2017-11062
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when the pktlogconf tool gives a pktlog buffer of size less than the minimal possible source data size in the host driver, a buffer overflow can potentially occur.2017-10-10not yet calculatedCVE-2017-11050
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero.2017-10-10not yet calculatedCVE-2017-11051
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur.2017-10-10not yet calculatedCVE-2017-11063
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used.2017-10-10not yet calculatedCVE-2017-9686
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large.2017-10-10not yet calculatedCVE-2017-9683
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur.2017-10-10not yet calculatedCVE-2017-9715
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a buffer over-read can occur.2017-10-10not yet calculatedCVE-2017-11055
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qos map configure action frame, a buffer overflow can potentially occur in ConvertQosMapsetFrame().2017-10-10not yet calculatedCVE-2017-11053
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is directly accessed in kernel space potentially leading to a page fault.2017-10-10not yet calculatedCVE-2017-11056
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request.2017-10-10not yet calculatedCVE-2017-9714
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur.2017-10-10not yet calculatedCVE-2017-9717
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer over-read can occur.2017-10-10not yet calculatedCVE-2017-11061
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur.2017-10-10not yet calculatedCVE-2017-11046
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table.2017-10-10not yet calculatedCVE-2017-9697
BID
CONFIRMlinux -- code_aurora_forum_android
 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur.2017-10-10not yet calculatedCVE-2017-11048
BID
CONFIRMlinux -- kernel
 security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.2017-10-11not yet calculatedCVE-2017-15274
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.2017-10-14not yet calculatedCVE-2017-15299
MISC
MISC
MISC
MISClinux -- linux_kernel
 arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun."2017-10-11not yet calculatedCVE-2017-12188
BID
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel.2017-10-11not yet calculatedCVE-2017-12192
CONFIRM
MISCmicrosoft -- chakracoreChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11808
BID
SECTRACK
CONFIRMmicrosoft -- chakracoreChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11809
BID
SECTRACK
CONFIRMmicrosoft -- chakracoreChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11806
BID
SECTRACK
CONFIRMmicrosoft -- chakracoreChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11807
BID
SECTRACK
CONFIRMmicrosoft -- chakracore
 ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11797
BID
CONFIRMmicrosoft -- chakracore
 ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11811
BID
SECTRACK
CONFIRMmicrosoft -- chakracore
 ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11812
BID
SECTRACK
CONFIRMmicrosoft -- chakracore
 ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11796
BID
SECTRACK
CONFIRMmicrosoft -- chakracore
 ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11805
BID
SECTRACK
CONFIRMmicrosoft -- chakracore
 ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11799
BID
SECTRACK
CONFIRMmicrosoft -- chakracore
 ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11804
BID
SECTRACK
CONFIRMmicrosoft -- chakracore
 ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11802
BID
SECTRACK
CONFIRMmicrosoft -- chakracore
 ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11801
BID
CONFIRMmicrosoft -- chakracore
 ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812.2017-10-13not yet calculatedCVE-2017-11821
BID
SECTRACK
CONFIRMmicrosoft -- edgeMicrosoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11800
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11798
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8726 and CVE-2017-11803.2017-10-13not yet calculatedCVE-2017-11794
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".2017-10-13not yet calculatedCVE-2017-11790
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11813.2017-10-13not yet calculatedCVE-2017-11822
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11810
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11793
BID
SECTRACK
CONFIRMmicrosoft -- lync
 Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."2017-10-13not yet calculatedCVE-2017-11786
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.2017-10-13not yet calculatedCVE-2017-11826
BID
SECTRACK
CONFIRMmicrosoft -- office
 Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka "Microsoft Office Remote Code Execution Vulnerability".2017-10-13not yet calculatedCVE-2017-11825
BID
SECTRACK
CONFIRMmicrosoft -- outlook
 Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability."2017-10-13not yet calculatedCVE-2017-11776
BID
SECTRACK
CONFIRMmicrosoft -- outlook

 Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."2017-10-13not yet calculatedCVE-2017-11774
BID
SECTRACK
CONFIRMmicrosoft -- sharepoint

 Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820.2017-10-13not yet calculatedCVE-2017-11775
BID
SECTRACK
CONFIRMmicrosoft -- sharepoint
 Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777.2017-10-13not yet calculatedCVE-2017-11820
BID
SECTRACK
CONFIRMmicrosoft -- sharepoint
 Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11820.2017-10-13not yet calculatedCVE-2017-11777
BID
SECTRACK
CONFIRMmicrosoft -- windowsThe Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability".2017-10-13not yet calculatedCVE-2017-11824
BID
SECTRACK
CONFIRMmicrosoft -- windowsThe Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass".2017-10-13not yet calculatedCVE-2017-8715
BID
SECTRACK
CONFIRMmicrosoft -- windowsMicrosoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions.2017-10-13not yet calculatedCVE-2017-11829
BID
SECTRACK
CONFIRMmicrosoft -- windowsThe Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka "Windows Information Disclosure Vulnerability".2017-10-13not yet calculatedCVE-2017-11817
BID
SECTRACK
CONFIRMmicrosoft -- windowsThe Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability".2017-10-13not yet calculatedCVE-2017-8693
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows Elevation of Privilege Vulnerability".2017-10-13not yet calculatedCVE-2017-11783
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka "Windows SMB Remote Code Execution Vulnerability".2017-10-13not yet calculatedCVE-2017-11780
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".2017-10-13not yet calculatedCVE-2017-11779
BID
SECTRACK
CONFIRMmicrosoft -- windows

 The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka "TRIE Remote Code Execution Vulnerability".2017-10-13not yet calculatedCVE-2017-11769
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763.2017-10-13not yet calculatedCVE-2017-11762
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability".2017-10-13not yet calculatedCVE-2017-11771
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability".2017-10-13not yet calculatedCVE-2017-11815
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11814.2017-10-13not yet calculatedCVE-2017-11785
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability".2017-10-13not yet calculatedCVE-2017-11818
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11785, and CVE-2017-11814.2017-10-13not yet calculatedCVE-2017-11784
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785.2017-10-13not yet calculatedCVE-2017-11814
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Windows GDI Information Disclosure Vulnerability".2017-10-13not yet calculatedCVE-2017-11816
BID
SECTRACK
CONFIRMmicrosoft -- windows
 ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.2017-10-13not yet calculatedCVE-2017-11792
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8718.2017-10-13not yet calculatedCVE-2017-8717
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8717.2017-10-13not yet calculatedCVE-2017-8718
BID
SECTRACK
CONFIRMmicrosoft -- windows

 The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka "Microsoft Search Information Disclosure Vulnerability".2017-10-13not yet calculatedCVE-2017-11772
BID
SECTRACK
CONFIRMmicrosoft -- windows

 The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814.2017-10-13not yet calculatedCVE-2017-11765
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803.2017-10-13not yet calculatedCVE-2017-8726
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689.2017-10-13not yet calculatedCVE-2017-8694
BID
SECTRACK
CONFIRMmicrosoft -- windows

 The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763.2017-10-13not yet calculatedCVE-2017-11763
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8694.2017-10-13not yet calculatedCVE-2017-8689
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services Framework handles objects in memory, aka "Windows Shell Memory Corruption Vulnerability".2017-10-13not yet calculatedCVE-2017-8727
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".2017-10-13not yet calculatedCVE-2017-8703
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability".2017-10-13not yet calculatedCVE-2017-11819
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Elevation of Privilege Vulnerability".2017-10-13not yet calculatedCVE-2017-11782
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability".2017-10-13not yet calculatedCVE-2017-11781
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".2017-10-13not yet calculatedCVE-2017-11823
BID
SECTRACK
CONFIRMmirasys -- video_management_system
 Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality.2017-10-12not yet calculatedCVE-2017-15290
MISC
MISCmisp -- misp
 MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.2017-10-10not yet calculatedCVE-2017-15216
CONFIRM
CONFIRMnexusphp -- nexusphp
 XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.2017-10-14not yet calculatedCVE-2017-15305
MISC
MISCniconico -- app_for_iOS
 niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks.2017-10-10not yet calculatedCVE-2015-5639
MISC
JVN
JVNDB
BIDoctobercms -- octobercms
 Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.2017-10-12not yet calculatedCVE-2017-15284
MISC
EXPLOIT-DBopentext -- documentum_content_server
 OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem.2017-10-13not yet calculatedCVE-2017-15014
MISCopentext -- documentum_content_server
 OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.2017-10-13not yet calculatedCVE-2017-15013
MISCopentext -- documentum_content_server
 OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.2017-10-13not yet calculatedCVE-2017-15276
MISCopentext -- documentum_content_server
 OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.2017-10-13not yet calculatedCVE-2017-15012
MISCpiwigo -- piwigo
 Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.2017-10-10not yet calculatedCVE-2016-10513
CONFIRM
CONFIRM
CONFIRMpiwigo -- url_check_format
 url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring.2017-10-10not yet calculatedCVE-2016-10514
CONFIRM
CONFIRM
CONFIRMpure_storage -- purity
 Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen.2017-10-11not yet calculatedCVE-2017-7352
MISCqemu -- qemu
 Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.2017-10-12not yet calculatedCVE-2017-15268
CONFIRM
MLISTqemu -- qemu
 Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes.2017-10-09not yet calculatedCVE-2017-15038
MLIST
MLISTrakuten -- rakuten_card
 Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks.2017-10-10not yet calculatedCVE-2015-2988
JVN
JVNDB
BIDrsa_archer -- grc_platform
 RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.2017-10-11not yet calculatedCVE-2017-8016
CONFIRM
SECTRACKrsa_archer -- grc_platform
 RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records.2017-10-11not yet calculatedCVE-2017-14369
CONFIRM
BID
SECTRACKrsa_archer -- grc_platform
 RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.2017-10-11not yet calculatedCVE-2017-14370
CONFIRM
SECTRACKrsa_archer -- grc_platform
 RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.2017-10-11not yet calculatedCVE-2017-14372
CONFIRM
BID
SECTRACKrsa_archer -- grc_platform
 RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application.2017-10-11not yet calculatedCVE-2017-14371
CONFIRM
BID
SECTRACKrsa_archer -- grc_platform
 RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server.2017-10-11not yet calculatedCVE-2017-8025
CONFIRM
BID
SECTRACKrubygems -- rubygems
 RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.2017-10-11not yet calculatedCVE-2017-0903
MISC
MISC
MISC
MISCruckus_wireless -- zonedirector_controller
 Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system.2017-10-13not yet calculatedCVE-2017-6223
CONFIRMruckus_wireless -- zonedirector_controller
 Ruckus Wireless ZoneDirector Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request.2017-10-13not yet calculatedCVE-2017-6224
CONFIRMsalt -- salt
 salt before 2015.5.5 leaks git usernames and passwords to the log.2017-10-10not yet calculatedCVE-2015-6918
CONFIRM
CONFIRMsdl -- sdl
 An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.2017-10-11not yet calculatedCVE-2017-2888
BID
MISCsdl -- sdl
 An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.2017-10-11not yet calculatedCVE-2017-2887
BID
MISCseagate -- blackarmor_nas
 Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.2017-10-11not yet calculatedCVE-2013-6924
MISC
BID
XFshaarli -- shaarli
 Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.2017-10-10not yet calculatedCVE-2017-15215
MISC
MISC
MISCsilverstripe -- silverstripe _cms
 Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks.2017-10-12not yet calculatedCVE-2017-12849
CONFIRMsqlite -- sqlite
 SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.2017-10-12not yet calculatedCVE-2017-15286
MISCsudo-- sudoers_plugin
 The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.2017-10-10not yet calculatedCVE-2015-8239
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRMsymantec -- endpoint_encryption
 A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.2017-10-10not yet calculatedCVE-2017-13679
BID
CONFIRMsymantec -- endpoint_encryption
 A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.2017-10-10not yet calculatedCVE-2017-13675
BID
CONFIRMsync_breeze -- enterprise
 Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.2017-10-09not yet calculatedCVE-2017-14980
MISCteampass -- teampass
 Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.2017-10-12not yet calculatedCVE-2017-15278
CONFIRM
CONFIRM
CONFIRMtiandy -- ip_cameras
 Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.2017-10-10not yet calculatedCVE-2017-15236
MISCtrapeze -- transitmaster
 Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the "webwatch.(REDACTED).com" server mentioned in the reference.2017-10-10not yet calculatedCVE-2017-14943
MISCui-dialog -- ui-dialog
 UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.2017-10-10not yet calculatedCVE-2008-7315
MLIST
BID
CONFIRM
CONFIRM
CONFIRMumbraco_cms -- umbraco_cms
 XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.2017-10-12not yet calculatedCVE-2017-15280
CONFIRM
CONFIRMumbraco_cms -- umbraco_cms
 Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.2017-10-12not yet calculatedCVE-2017-15279
CONFIRM
CONFIRMwindows -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11822.2017-10-13not yet calculatedCVE-2017-11813
BID
SECTRACK
CONFIRMwireshark -- wiresharkIn Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.2017-10-10not yet calculatedCVE-2017-15191
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.2017-10-10not yet calculatedCVE-2017-15190
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.2017-10-10not yet calculatedCVE-2017-15193
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.2017-10-10not yet calculatedCVE-2017-15189
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMwireshark -- wireshark
 In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.2017-10-10not yet calculatedCVE-2017-15192
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMwordpress -- wordpress
 WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.2017-10-12not yet calculatedCVE-2016-9263
MISCwordpress -- wordpress
 The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.2017-10-06not yet calculatedCVE-2015-2673
MISCx-cart -- x-cart
 X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory.2017-10-12not yet calculatedCVE-2017-15285
MISCx.org_foundation -- x.org_server
 In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp.2017-10-09not yet calculatedCVE-2017-13723
MLIST
BID
CONFIRM
MLISTx.org_foundation -- x.org_server
 In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session.2017-10-09not yet calculatedCVE-2017-13721
MLIST
BID
CONFIRM
MLISTzend_framework -- zend_framework
 Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.2017-10-10not yet calculatedCVE-2015-7503
CONFIRM
CONFIRMzyxel -- zyxel
 Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.2017-10-10not yet calculatedCVE-2017-15226
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update

Wed, 10/11/2017 - 10:25
Original release date: October 11, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases October 2017 Security Updates

Tue, 10/10/2017 - 15:37
Original release date: October 10, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's October 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cybersecurity in the Workplace is Everyone’s Business

Tue, 10/10/2017 - 13:38
Original release date: October 10, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility shared among all employees. The National Institute of Standards and Technology (NIST) has published resources including standards, guidelines, and best practices to help organizations of all sizes to strengthen cyber resilience.

US-CERT encourages organizations and employees to review the following resources:

 

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-282: Vulnerability Summary for the Week of October 2, 2017

Mon, 10/09/2017 - 01:20
Original release date: October 09, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoersdata -- ers_data_systemERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.2017-09-297.5CVE-2017-14702
MISC
EXPLOIT-DBgnu -- binutilsMemory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-09-297.1CVE-2017-14930
CONFIRMhp -- application_performance_managementA potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.2017-09-2910.0CVE-2017-14350
BID
MISC
CONFIRMhp -- bsm_platform_application_performance_management_system_healthA directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.2017-09-299.0CVE-2017-13982
MISC
CONFIRM
AUSCERThp -- bsm_platform_application_performance_management_system_healthAn authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.2017-09-2910.0CVE-2017-13983
MISC
CONFIRM
AUSCERThp -- ucmdb_configuration_managerA potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.2017-09-297.5CVE-2017-14351
CONFIRMBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- geodeWhen a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.2017-09-294.0CVE-2017-9794
MLISTartifex -- gsviewArtifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068."2017-09-296.8CVE-2017-14945
CONFIRMartifex -- gsviewArtifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e."2017-09-296.8CVE-2017-14946
CONFIRMartifex -- gsviewArtifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."2017-09-296.8CVE-2017-14947
CONFIRMblogotext_project -- blogotextStored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog.2017-10-014.3CVE-2017-14957
MISC
MISC
MISC
MISCcfpaypal -- cp_contact_form_with_paypalThe cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.2017-09-296.8CVE-2015-9233
MISC
MISC
MISCcfpaypal -- cp_contact_form_with_paypalThe cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.2017-09-296.5CVE-2015-9234
MISC
MISC
MISCcheck_mk_project -- check_mkCheck_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.2017-10-014.3CVE-2017-14955
CONFIRM
CONFIRMegroupware -- egroupwareStored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.2017-09-294.3CVE-2017-14920
MISC
MISCfreedesktop -- popplerIn Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.2017-09-294.3CVE-2017-14926
CONFIRMfreedesktop -- popplerIn Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.2017-09-294.3CVE-2017-14927
CONFIRMfreedesktop -- popplerIn Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.2017-09-294.3CVE-2017-14928
CONFIRMfreedesktop -- popplerIn Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.2017-09-295.0CVE-2017-14929
CONFIRMfreedesktop -- popplerThe FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.2017-10-015.0CVE-2017-14975
CONFIRMfreedesktop -- popplerThe FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.2017-10-015.0CVE-2017-14976
CONFIRM
CONFIRMfreedesktop -- popplerThe FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.2017-10-015.0CVE-2017-14977
CONFIRMgnu -- binutilsdecode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.2017-09-294.3CVE-2017-14932
CONFIRM
CONFIRMgnu -- binutilsread_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.2017-09-294.3CVE-2017-14933
CONFIRM
CONFIRM
CONFIRMgnu -- binutilsprocess_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.2017-09-294.3CVE-2017-14934
CONFIRM
CONFIRMgnu -- binutils_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.2017-09-294.3CVE-2017-14938
MISC
MISC
MISCgnu -- binutilsdecode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.2017-09-294.3CVE-2017-14939
MISC
MISC
MISCgnu -- binutilsscan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.2017-09-294.3CVE-2017-14940
MISC
MISC
MISCgnu -- binutilsThe *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.2017-10-014.3CVE-2017-14974
CONFIRM
CONFIRMhp -- arcsight_enterprise_security_manager_expressA reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.2017-09-294.3CVE-2017-13986
BID
CONFIRMhp -- arcsight_enterprise_security_manager_expressAn insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.2017-09-294.0CVE-2017-13987
BID
CONFIRMhp -- arcsight_enterprise_security_manager_expressAn improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.2017-09-294.0CVE-2017-13988
BID
CONFIRMhp -- arcsight_enterprise_security_manager_expressAn improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.2017-09-295.5CVE-2017-13989
BID
CONFIRMhp -- arcsight_enterprise_security_manager_expressAn information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.2017-09-295.0CVE-2017-13990
BID
CONFIRMhp -- arcsight_enterprise_security_manager_expressAn information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.2017-09-295.0CVE-2017-13991
BID
CONFIRMhp -- bsm_platform_application_performance_management_system_healthAn authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.2017-09-295.5CVE-2017-13984
MISC
CONFIRM
AUSCERThp -- bsm_platform_application_performance_management_system_healthAn authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.2017-09-294.0CVE-2017-13985
MISC
CONFIRM
AUSCERThp -- ucmdb_configuration_managerA potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.2017-09-294.3CVE-2017-14352
BID
CONFIRMjaspersoft -- jasperreportsJaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.2017-10-014.0CVE-2017-14941
MISCopenexif_project -- openexifExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file.2017-09-294.3CVE-2017-14931
MISC
MISCopenvswitch -- openvswitchIn lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages.2017-10-015.0CVE-2017-14970
CONFIRM
CONFIRMpivotx -- pivotxlib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.2017-10-016.5CVE-2017-14958
CONFIRMpulsesecure -- pulse_one_on-premisePulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.2017-09-295.0CVE-2017-14935
CONFIRMtiki -- tikiwiki_cms/groupwareCross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.2017-09-296.0CVE-2017-14924
MISC
MISC
MISCtiki -- tikiwiki_cms/groupwareCross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.2017-09-296.0CVE-2017-14925
MISC
MISC
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infolinux -- linux_kernelThe waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.2017-10-012.1CVE-2017-14954
MISC
MISC
MISC
MISC
MISCtine20 -- tine_2.0Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-293.5CVE-2017-14921
MISC
MISC
MISC
MISC
MISCtine20 -- tine_2.0Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-293.5CVE-2017-14922
MISC
MISC
MISC
MISC
MISCtine20 -- tine_2.0Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-293.5CVE-2017-14923
MISC
MISC
MISC
MISC
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoakka -- akka
 Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service2017-10-04not yet calculatedCVE-2017-1000118
CONFIRMapache -- geode
 When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.2017-10-02not yet calculatedCVE-2017-9797
MLISTapache -- impala
 In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an "ALL" privilege at the server scope. This privilege requirement for "CREATE" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for "ALTER" commands that would make existing non-external Kudu tables external.2017-10-03not yet calculatedCVE-2017-9792
BID
CONFIRM
MLISTapache -- opennlp
 When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.2017-10-02not yet calculatedCVE-2017-12620
CONFIRMapache -- tomcat
 When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.2017-10-03not yet calculatedCVE-2017-12617
BID
MLISTapache -- wicket
 Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed.2017-10-02not yet calculatedCVE-2016-6806
MLISTapache -- wicket
 In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.2017-10-02not yet calculatedCVE-2014-0043
MLISTatutor -- atutor
 Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.2017-10-02not yet calculatedCVE-2017-14981
CONFIRM
CONFIRMbamboo -- bamdarwin
 Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.2017-10-02not yet calculatedCVE-2015-6576
MISC
BUGTRAQ
CONFIRM
CONFIRMbroadcom -- bcm4355c0_wi-fi_chips
 On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.2017-10-03not yet calculatedCVE-2017-11122
MISC
MISC
CONFIRM
CONFIRMcisco -- adaptive_security_applianceA vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products: ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, ISA 3000 Industrial Security Appliance. Cisco Bug IDs: CSCvd59063.2017-10-05not yet calculatedCVE-2017-12246
BID
SECTRACK
CONFIRMcisco -- adaptive_security_appliance
 A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka HREF XSS. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. The vulnerability exists in the Cisco Adaptive Security Appliance (ASA) Software when the WEBVPN feature is enabled. Cisco Bug IDs: CSCve91068.2017-10-05not yet calculatedCVE-2017-12265
BID
SECTRACK
CONFIRMcisco -- anyconnect_secure_mobility_client
 A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539.2017-10-05not yet calculatedCVE-2017-12268
BID
SECTRACK
CONFIRMcisco -- firepower_system_software
 A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly. The vulnerability is due to improper input validation of the fields in the IPv6 extension header packet. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability is specific to IPv6 traffic only. This vulnerability affects Cisco Firepower System Software Releases 6.0 and later when the software has one or more file action policies configured and is running on any of the following Cisco products: 3000 Series Industrial Security Appliances (ISR), Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Cisco Bug IDs: CSCvd34776.2017-10-05not yet calculatedCVE-2017-12244
BID
CONFIRMcisco -- firepower_threat_defense
 A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.0.1 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances. Cisco Bug IDs: CSCve02069.2017-10-05not yet calculatedCVE-2017-12245
BID
CONFIRMcisco -- ios_xr_software_for_cisco_network_convergence_system
 A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops. Cisco Bug IDs: CSCvb99388.2017-10-05not yet calculatedCVE-2017-12270
BID
SECTRACK
CONFIRMcisco -- license_manager
 A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577.2017-10-05not yet calculatedCVE-2017-12263
BID
CONFIRMcisco -- meeting_app_for_windows
 A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL files before they are loaded. An attacker could exploit this vulnerability by installing a crafted DLL file in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to those of Cisco Meeting App. The attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvd77907.2017-10-05not yet calculatedCVE-2017-12266
BID
CONFIRMcisco -- meeting_server
 A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A successful exploit could allow the attacker to cause a reload of the Web Admin Server. Cisco Bug IDs: CSCve89149.2017-10-05not yet calculatedCVE-2017-12264
BID
SECTRACK
CONFIRMcisco -- spark_messaging
 A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacker to retrieve sensitive information from the user. Cisco Bug IDs: CSCvf70587, CSCvf70592.2017-10-05not yet calculatedCVE-2017-12269
BID
CONFIRMcisco -- unified_communications_manager
 A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993.2017-10-05not yet calculatedCVE-2017-12258
BID
SECTRACK
CONFIRMcisco -- webex_meetings_server
 A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608.2017-10-05not yet calculatedCVE-2017-12257
BID
CONFIRMcisco -- wide_area_application_services
 A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457.2017-10-05not yet calculatedCVE-2017-12267
BID
CONFIRMcisco -- wide_area_application_services
 A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions. Cisco Bug IDs: CSCve82472.2017-10-05not yet calculatedCVE-2017-12256
BID
CONFIRMcloud_foundry_foundation -- capi-release
 In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.2017-10-03not yet calculatedCVE-2017-8048
CONFIRMcloud_foundry_foundation -- routing-release
 In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.2017-10-03not yet calculatedCVE-2017-8047
CONFIRMcomputerinsel -- photoline
 A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA file to trigger this vulnerability.2017-10-05not yet calculatedCVE-2017-12106
BID
MISCcomputerinsel -- photoline
 An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability.2017-10-05not yet calculatedCVE-2017-2880
BID
MISCctek -- skyrouter
 An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating.2017-10-04not yet calculatedCVE-2017-14000
BID
MISCcurl -- curl
 curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.2017-10-04not yet calculatedCVE-2017-1000101
BID
SECTRACK
CONFIRM
GENTOOcurl_and_libcurl -- curl_and_libcurl
 When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.2017-10-04not yet calculatedCVE-2017-1000100
BID
SECTRACK
CONFIRM
GENTOOcyassl -- cyassl
 CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.2017-10-06not yet calculatedCVE-2014-2903
SECUNIA
MLISTcybele -- thinfinity_remote_desktop_workstation
 Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter.2017-10-06not yet calculatedCVE-2015-1429
CONFIRM
MISCdarwin -- darwin
 On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.2017-10-04not yet calculatedCVE-2017-1000097
CONFIRM
CONFIRM
CONFIRM

dnsmasq -- dnsmasq

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.2017-10-02not yet calculatedCVE-2017-14493
CONFIRM
CONFIRM
BID
SECTRACK
MISC
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.2017-10-02not yet calculatedCVE-2017-14495
CONFIRM
CONFIRM
BID
SECTRACK
MISC
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.2017-10-03not yet calculatedCVE-2017-14491
CONFIRM
CONFIRM
BID
SECTRACK
MISC
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.2017-10-02not yet calculatedCVE-2017-14494
CONFIRM
CONFIRM
BID
SECTRACK
MISC
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.2017-10-02not yet calculatedCVE-2017-14492
CONFIRM
CONFIRM
BID
SECTRACK
MISC
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.2017-10-02not yet calculatedCVE-2017-14496
CONFIRM
CONFIRM
BID
SECTRACK
MISC
CONFIRM
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.2017-10-02not yet calculatedCVE-2017-13704
CONFIRM
CONFIRM
BID
SECTRACK
FEDORA
MISC
MLIST
MLISTdocker -- docker
 Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.2017-10-06not yet calculatedCVE-2014-0047
MLIST
BID
CONFIRMdrupal-- compass_rose
 Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."2017-10-02not yet calculatedCVE-2015-7980
MLIST
MLIST
BID
CONFIRM
MISCemc -- appsync
 EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-10-02not yet calculatedCVE-2017-8018
CONFIRM
BIDemc -- elastic_cloud_storage
 EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.2017-10-02not yet calculatedCVE-2017-8021
CONFIRM
BIDemtec -- pyrobatchftp
 EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).2017-10-05not yet calculatedCVE-2017-15035
MISC
CONFIRMeyesofnetwork -- eyesofnetwork
 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.2017-10-02not yet calculatedCVE-2017-14985
MISCeyesofnetwork -- eyesofnetwork
 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php.2017-10-02not yet calculatedCVE-2017-14984
MISCeyesofnetwork -- eyesofnetwork
 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php.2017-10-02not yet calculatedCVE-2017-14983
MISCfilerun -- filerun
 FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).2017-09-29not yet calculatedCVE-2017-14738
MISC
MISC
EXPLOIT-DBforeman -- foreman
 The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.2017-10-06not yet calculatedCVE-2015-5246
CONFIRM
CONFIRMfrappe.share.get_users -- frappe.share.get_users
 [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.2017-10-04not yet calculatedCVE-2017-1000120
MISCfreebsd -- freebsd
 In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.2017-10-05not yet calculatedCVE-2017-15037
BID
CONFIRM
CONFIRMge -- cimplicity
 A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.2017-10-05not yet calculatedCVE-2017-12732
BID
MISCgitmodules -- gitmodules
 A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.2017-10-04not yet calculatedCVE-2017-1000117
BID
SECTRACK
GENTOO
EXPLOIT-DB
MISCgnu -- binutils
 find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.2017-10-04not yet calculatedCVE-2017-15024
MISC
MISC
MISCgnu -- binutils
 decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.2017-10-04not yet calculatedCVE-2017-15025
MISC
MISC
MISCgnu -- binutils
 read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.2017-10-04not yet calculatedCVE-2017-15023
MISC
MISC
MISCgnu -- binutils
 bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.2017-10-04not yet calculatedCVE-2017-15021
MISC
MISC
MISCgnu -- binutils
 dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.2017-10-04not yet calculatedCVE-2017-15022
MISC
MISC
MISCgnu -- binutils
 dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.2017-10-04not yet calculatedCVE-2017-15020
MISC
MISC
MISCgo -- go
 An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.2017-10-05not yet calculatedCVE-2017-15042
CONFIRM
CONFIRM
CONFIRM
CONFIRMgo -- go
 Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."2017-10-05not yet calculatedCVE-2017-15041
CONFIRM
CONFIRM
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567.2017-10-03not yet calculatedCVE-2017-0815
BID
CONFIRM
CONFIRM

google -- android


 A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.2017-10-03not yet calculatedCVE-2017-0811
BID
CONFIRM
CONFIRM

google -- android


 An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.2017-10-03not yet calculatedCVE-2017-0807
BID
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.2017-10-03not yet calculatedCVE-2017-0806
BID
CONFIRM
CONFIRM

google -- android


 An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781.2017-10-03not yet calculatedCVE-2017-0826
CONFIRMgoogle -- android
 A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.2017-10-03not yet calculatedCVE-2017-0813
BID
CONFIRM
CONFIRM

google -- android


 A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128.2017-10-03not yet calculatedCVE-2017-0809
BID
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938.2017-10-03not yet calculatedCVE-2017-0816
BID
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.2017-10-03not yet calculatedCVE-2017-0829
CONFIRM

google -- android


 An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872.2017-10-03not yet calculatedCVE-2017-0827
BID
CONFIRM

google -- android


 An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722.2017-10-03not yet calculatedCVE-2017-0822
CONFIRM
CONFIRM

google -- android


 An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855.2017-10-03not yet calculatedCVE-2017-0828
CONFIRM

google -- android


 A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066.2017-10-03not yet calculatedCVE-2017-0810
BID
CONFIRM
CONFIRM

google -- android


 An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001.2017-10-03not yet calculatedCVE-2017-0824
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.2017-10-03not yet calculatedCVE-2017-0814
BID
CONFIRM
CONFIRM

google -- android


 An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002.2017-10-03not yet calculatedCVE-2017-0825
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.2017-10-03not yet calculatedCVE-2017-0819
BID
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231.2017-10-03not yet calculatedCVE-2017-0812
BID
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430.2017-10-03not yet calculatedCVE-2017-0817
BID
CONFIRM
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433.2017-10-03not yet calculatedCVE-2017-0820
BID
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.2017-10-03not yet calculatedCVE-2017-0823
CONFIRM
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.2017-10-03not yet calculatedCVE-2017-0818
BID
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183.2017-10-03not yet calculatedCVE-2017-0808
BID
CONFIRM
CONFIRMgoogle -- chrome
 Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.2017-10-06not yet calculatedCVE-2015-1206
CONFIRM
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagick
 GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.2017-10-03not yet calculatedCVE-2017-14997
CONFIRM
BID
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagick
 ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.2017-10-03not yet calculatedCVE-2017-14994
CONFIRM
BID
MISC
CONFIRMgxlcms -- gxlcms
 Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.2017-10-02not yet calculatedCVE-2017-14979
MISC

hp -- hpe_sitescope


 An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.2017-09-29not yet calculatedCVE-2017-14349
BID
CONFIRM
AUSCERThp -- ucmdb_foundation_software
 A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.2017-10-05not yet calculatedCVE-2017-14354
CONFIRM
AUSCERThp -- ucmdb_foundation_software
 A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.2017-10-05not yet calculatedCVE-2017-14353
CONFIRM
AUSCERThuawei -- fusionserver
 The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack.2017-10-02not yet calculatedCVE-2015-7843
BID
CONFIRMhuawei -- fusionserver
 The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command."2017-10-02not yet calculatedCVE-2015-7841
BID
CONFIRMi-sens -- smartlog_diabetes_management
 An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient.2017-10-04not yet calculatedCVE-2017-13993
BID
MISCibm -- aix_java_6_sdk
 A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.2017-10-03not yet calculatedCVE-2017-1541
CONFIRM
BID
BID
SECTRACK
MISCibm -- bigfix_compliance_analytics
 IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.2017-10-05not yet calculatedCVE-2017-1201
CONFIRM
MISCibm -- content_navigator_and_cmis
 IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832.2017-10-05not yet calculatedCVE-2017-1522
CONFIRM
MISCibm -- insights_foundation_for_energy
 IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.2017-10-02not yet calculatedCVE-2017-1311
CONFIRM
BID
MISCibm -- insights_foundation_for_energy
 IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460.2017-10-02not yet calculatedCVE-2017-1345
CONFIRM
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242.2017-10-02not yet calculatedCVE-2017-1334
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126686.2017-10-02not yet calculatedCVE-2017-1359
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862.2017-10-02not yet calculatedCVE-2017-1369
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243.2017-10-02not yet calculatedCVE-2017-1335
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975.2017-10-02not yet calculatedCVE-2017-1324
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126857.2017-10-02not yet calculatedCVE-2017-1364
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127587.2017-10-02not yet calculatedCVE-2017-1429
CONFIRM
BID
MISC

ibm -- spectrum_protect

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.2017-10-05not yet calculatedCVE-2017-1301
CONFIRM
BID
MISCibm -- spectrum_protect
 IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.2017-10-05not yet calculatedCVE-2017-1378
CONFIRM
MISCibm -- spectrum_protect
 IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.2017-10-05not yet calculatedCVE-2017-1339
CONFIRM
BID
SECTRACK
MISCibm -- tivoli_storage_manager
 The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.2017-10-05not yet calculatedCVE-2016-8937
CONFIRM
MISCibm -- websphere_commerce
 IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.2017-10-02not yet calculatedCVE-2017-1569
CONFIRM
BID
MISCibm -- websphere_message_broker
 IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.2017-10-03not yet calculatedCVE-2017-1126
CONFIRM
BID
MISCidm -- idm
 The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.2017-10-06not yet calculatedCVE-2017-9273
MISCidm -- idm
 The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.2017-10-06not yet calculatedCVE-2017-9272
MISCimagemagick -- imagemagick
 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.2017-10-04not yet calculatedCVE-2017-15015
CONFIRMimagemagick -- imagemagick
 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.2017-10-02not yet calculatedCVE-2017-14989
CONFIRMimagemagick -- imagemagick
 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.2017-10-04not yet calculatedCVE-2017-15016
CONFIRMimagemagick -- imagemagick
 ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.2017-10-05not yet calculatedCVE-2017-15033
CONFIRMimagemagick -- imagemagick
 ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.2017-10-05not yet calculatedCVE-2017-15032
CONFIRMimagemagick -- imagemagick
 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.2017-10-04not yet calculatedCVE-2017-15017
CONFIRMininet_solutions -- ininet_webserver
 An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables.2017-10-04not yet calculatedCVE-2017-13995
BID
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Hitron devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Hitron.2017-10-06not yet calculatedCVE-2017-15069
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on UPC branded Compal CH7465-LG devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15067. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from UPC.2017-10-06not yet calculatedCVE-2017-15077
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Quantenna devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Quantenna.2017-10-06not yet calculatedCVE-2017-15072
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Comcast branded devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Comcast.2017-10-06not yet calculatedCVE-2017-15068
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from ASUS.2017-10-06not yet calculatedCVE-2017-15065
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Linksys devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Linksys.2017-10-06not yet calculatedCVE-2017-15070
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Arris devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Arris.2017-10-06not yet calculatedCVE-2017-15064
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris TG2492 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15064. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Virgin Media.2017-10-06not yet calculatedCVE-2017-15078
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on Samsung Home Media Server devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Samsung.2017-10-06not yet calculatedCVE-2017-15073
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 ** DISPUTED ** The Intel Puma 5, 6, and 7 chips, as used on Telstra branded NETGEAR C6300BD devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Telstra. NOTE: NETGEAR states "This vulnerability does not affect the following products: C6300BD-Telstra."2017-10-06not yet calculatedCVE-2017-15076
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Technicolor (formerly branded as Cisco) devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Technicolor.2017-10-06not yet calculatedCVE-2017-15075
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Compal devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Compal.2017-10-06not yet calculatedCVE-2017-15067
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various AVM FRITZ!Box devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from AVM.2017-10-06not yet calculatedCVE-2017-15066
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300, CM400, CM700, and CMD31T devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from NETGEAR.2017-10-06not yet calculatedCVE-2017-15071
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from SMC.2017-10-06not yet calculatedCVE-2017-15074
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCipswitch -- imail_server
 Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED.2017-10-02not yet calculatedCVE-2017-12639
CONFIRMipswitch -- imail_server
 Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE.2017-10-02not yet calculatedCVE-2017-12638
CONFIRMissuetracker -- phpbugtracker
 Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.2017-10-06not yet calculatedCVE-2015-2143
MLISTissuetracker -- phpbugtracker
 Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.2017-10-06not yet calculatedCVE-2015-2148
MLISTissuetracker -- phpbugtracker
 Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.2017-10-06not yet calculatedCVE-2015-2145
MLISTissuetracker -- phpbugtracker
 Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.2017-10-06not yet calculatedCVE-2015-2146
MLIST
CONFIRMissuetracker -- phpbugtracker
 Multiple cross-site scriping (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php.2017-10-06not yet calculatedCVE-2015-2144
MLIST
CONFIRMissuetracker -- phpbugtracker
 Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.2017-10-06not yet calculatedCVE-2015-2147
MISC
MLISTissuetracker -- phpbugtracker
 Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php.2017-10-06not yet calculatedCVE-2015-2142
MLIST
CONFIRMjboss -- application_server
 In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.2017-10-04not yet calculatedCVE-2017-12149
BID
CONFIRMjenkins -- jenkins
 GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.2017-10-04not yet calculatedCVE-2017-1000087
CONFIRMjenkins -- jenkins
 The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form.2017-10-04not yet calculatedCVE-2017-1000114
BID
CONFIRMjenkins -- jenkins
 The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.2017-10-04not yet calculatedCVE-2017-1000113
CONFIRMjenkins -- jenkins
 Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.2017-10-04not yet calculatedCVE-2017-1000094
CONFIRMjenkins -- jenkins
 Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.2017-10-04not yet calculatedCVE-2017-1000107
CONFIRMjenkins -- jenkins
 GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.2017-10-04not yet calculatedCVE-2017-1000091
CONFIRMjenkins -- jenkins
 Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.2017-10-04not yet calculatedCVE-2017-1000096
BID
CONFIRMjenkins -- jenkins
 The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient permissions to configure the provided files, view the configuration of the folder in which the configuration files are defined, or have Job/Configure permissions to a job able to use these files.2017-10-04not yet calculatedCVE-2017-1000104
CONFIRMjenkins -- jenkins
 The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.2017-10-04not yet calculatedCVE-2017-1000088
CONFIRMjenkins -- jenkins
 The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.2017-10-04not yet calculatedCVE-2017-1000108
CONFIRMjenkins -- jenkins
 The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.2017-10-04not yet calculatedCVE-2017-1000105
CONFIRMjenkins -- jenkins
 Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.2017-10-04not yet calculatedCVE-2017-1000093
CONFIRMjenkins -- jenkins
 The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.2017-10-04not yet calculatedCVE-2017-1000086
BID
CONFIRMjenkins -- jenkins
 The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.2017-10-04not yet calculatedCVE-2017-1000109
BID
CONFIRMjenkins -- jenkins
 Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.2017-10-04not yet calculatedCVE-2017-1000090
CONFIRMjenkins -- jenkins
 Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.2017-10-04not yet calculatedCVE-2017-1000084
CONFIRMjenkins -- jenkins
 Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.2017-10-04not yet calculatedCVE-2017-1000092
BID
CONFIRMjenkins -- jenkins
 Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.2017-10-04not yet calculatedCVE-2017-1000089
CONFIRMjenkins -- jenkins
 Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks.2017-10-04not yet calculatedCVE-2017-1000085
BID
CONFIRMjenkins -- jenkins
 The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object).2017-10-04not yet calculatedCVE-2017-1000095
CONFIRMjenkins -- jenkins
 Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean.2017-10-04not yet calculatedCVE-2017-1000110
CONFIRMjenkins -- jenkins
 Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name.2017-10-04not yet calculatedCVE-2017-1000106
CONFIRMjenkins -- jenkins
 The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.2017-10-04not yet calculatedCVE-2017-1000102
BID
CONFIRMkoji -- koji
 Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.2017-10-06not yet calculatedCVE-2017-1002153
CONFIRMlame -- lame
 LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.2017-10-04not yet calculatedCVE-2017-15019
MISClame -- lame
 LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.2017-10-04not yet calculatedCVE-2017-15018
MISClame -- lame
 LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.2017-10-06not yet calculatedCVE-2017-15046
MISClame -- lame
 LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.2017-10-06not yet calculatedCVE-2017-15045
MISClenovo -- fingerprint_manager
 Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.2017-10-02not yet calculatedCVE-2015-3321
CONFIRMlenovo -- system-update
 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.2017-10-02not yet calculatedCVE-2015-6971
CONFIRM
MISClibcsoap  -- libcsoapnanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.2017-10-06not yet calculatedCVE-2015-2297
MLISTlibcurl -- libcurl
 libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.2017-10-06not yet calculatedCVE-2017-1000254
BID
SECTRACK
CONFIRMlibcurl -- libcurl
 When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.2017-10-04not yet calculatedCVE-2017-1000099
BID
SECTRACK
CONFIRM
GENTOOlibofx -- libofx
 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.2017-10-05not yet calculatedCVE-2017-2920
BID
MISClinux -- kernel
 The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.2017-10-03not yet calculatedCVE-2017-14991
CONFIRM
CONFIRM
BID
CONFIRMlinux -- kernel
 Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.2017-10-04not yet calculatedCVE-2017-1000111
BID
SECTRACK
CONFIRMlinux -- kernel
 Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.2017-10-04not yet calculatedCVE-2017-1000253
BID
SECTRACK
MISClinux -- kernel
 Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.2017-10-04not yet calculatedCVE-2017-1000112
MLIST
BID
SECTRACKloytec -- lvis-3me
 An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access.2017-10-05not yet calculatedCVE-2017-13998
BID
MISCloytec -- lvis-3me
 An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.2017-10-05not yet calculatedCVE-2017-13992
BID
MISCloytec_lvis-3me
 A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.2017-10-05not yet calculatedCVE-2017-13996
BID
MISCmercurial -- mercurial
 Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.2017-10-04not yet calculatedCVE-2017-1000116
BID
GENTOO
CONFIRMmercurial -- mercurial
 Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository2017-10-04not yet calculatedCVE-2017-1000115
BID
GENTOO
CONFIRMmyscada -- mypro
 An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.2017-10-06not yet calculatedCVE-2017-12730
BID
MISCnet/http -- net/http
 The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.2017-10-04not yet calculatedCVE-2017-1000098
CONFIRM
CONFIRM
CONFIRMnexusphp -- nexusphp
 Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.2017-10-02not yet calculatedCVE-2017-12792
MISCnode.js -- node.js
 A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.2017-10-03not yet calculatedCVE-2017-15010
BID
CONFIRM
CONFIRM
CONFIRMntdriver.c -- ntdriver.c
 The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.2017-10-02not yet calculatedCVE-2015-7359
MISC
MLIST
MLIST
MISC
CONFIRMoctober -- cms
 October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.2017-10-04not yet calculatedCVE-2017-1000119
CONFIRMopenexr -- openexr
 Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.2017-10-02not yet calculatedCVE-2017-14988
MISCopenkm -- openkm
 Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.2017-10-06not yet calculatedCVE-2014-8957
MISC
BID
MISCopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.2017-10-02not yet calculatedCVE-2017-14759
MISC
MISCopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.2017-10-02not yet calculatedCVE-2017-14755
MISC
MISCopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.2017-10-02not yet calculatedCVE-2017-14754
MISC
MISCopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.2017-10-02not yet calculatedCVE-2017-14757
MISC
MISC
EXPLOIT-DBopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.2017-10-02not yet calculatedCVE-2017-14758
MISC
MISC
EXPLOIT-DBopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).2017-10-02not yet calculatedCVE-2017-14756
MISC
MISCopenvpn -- openvpn
 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.2017-10-03not yet calculatedCVE-2017-12166
BID
SECTRACK
MISCphilips -- hue_bridge
 Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.2017-09-30not yet calculatedCVE-2017-14797
MISCphpcollab -- phpcollab
 Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.2017-10-02not yet calculatedCVE-2017-6090
MISC
EXPLOIT-DBphpcollab -- phpcollab
 SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php.2017-10-02not yet calculatedCVE-2017-6089
MISC
EXPLOIT-DBpngcrush -- pngcrush
 Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.2017-10-06not yet calculatedCVE-2015-2158
MLIST
BID
CONFIRM
CONFIRMprtg -- network_monitor
 PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.2017-10-03not yet calculatedCVE-2017-15008
MISCprtg -- network_monitor
 PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.2017-10-03not yet calculatedCVE-2017-15009
MISCqnap -- music_station
 QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.2017-10-06not yet calculatedCVE-2017-13069
CONFIRMqnap -- qnap
 QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.2017-10-06not yet calculatedCVE-2017-13068
MISCqt -- qt
 The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.2017-10-03not yet calculatedCVE-2017-15011
MISC
MISCrapid7 -- metasploit
 The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.2017-10-06not yet calculatedCVE-2017-15084
CONFIRMredis -- redis
 The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."2017-10-06not yet calculatedCVE-2017-15047
MISCruby -- ruby
 The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.2017-10-06not yet calculatedCVE-2015-1828
CONFIRM
CONFIRM
CONFIRMsaia_burgess -- pcd_controllers
 An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents.2017-10-04not yet calculatedCVE-2017-9628
BID
MISCschneider_electric -- indusoft_web_studio
 A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.2017-10-02not yet calculatedCVE-2017-13997
BID
MISCsentinel -- ldk_rte
 Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.2017-10-02not yet calculatedCVE-2017-11498
MISC
MISCsentinel -- ldk_rte
 Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.2017-10-03not yet calculatedCVE-2017-12820
MISCsentinel -- ldk_rte
 Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.2017-10-02not yet calculatedCVE-2017-11496
MISC
MISCsentinel -- ldk_rte
 Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.2017-10-02not yet calculatedCVE-2017-11497
MISC
MISCsentinel -- ldk_rte
 Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.2017-10-03not yet calculatedCVE-2017-12821
MISCsentinel -- ldk_rte
 Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.2017-10-03not yet calculatedCVE-2017-12822
MISCsentinel -- ldk_rte
 Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.2017-10-03not yet calculatedCVE-2017-12819
MISCsentinel -- ldk_rte
 Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.2017-10-03not yet calculatedCVE-2017-12818
MISCskybox -- manager_client_application
 Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.2017-10-02not yet calculatedCVE-2017-14772
BID
CONFIRMskybox_security -- skybox_manager_client_application
 Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application.2017-10-02not yet calculatedCVE-2017-14771
BID
CONFIRMskybox_security -- skybox_manager_client_application
 Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process.2017-10-02not yet calculatedCVE-2017-14770
BID
CONFIRMskybox_security -- skybox_manager_client_application
 Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker.2017-10-02not yet calculatedCVE-2017-14773
BID
CONFIRMsmarterstats -- smarterstats
 SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.2017-09-29not yet calculatedCVE-2017-14620
MISC
EXPLOIT-DBsolarwinds -- network_performance_monitor
 The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism.2017-10-02not yet calculatedCVE-2017-9538
BUGTRAQ
BIDsolarwinds -- network_performance_monitor
 Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.2017-10-02not yet calculatedCVE-2017-9537
BUGTRAQ
BIDspidercontrol -- scada_web_server
 An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.2017-10-04not yet calculatedCVE-2017-12728
BID
MISCstatic_analysis_utilities -- static_analysis_utilities
 The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.2017-10-04not yet calculatedCVE-2017-1000103
BID
CONFIRMsubrion -- cms
 There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.2017-10-06not yet calculatedCVE-2017-15063
MISCtexlive -- texlive
 The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.2017-10-06not yet calculatedCVE-2015-0296
FEDORA
FEDORA
MLIST
BID
CONFIRMtrend_micro -- officescan
 Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.2017-10-05not yet calculatedCVE-2017-14086
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtrend_micro -- officescan
 An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.2017-10-05not yet calculatedCVE-2017-14089
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtrend_micro -- officescan
 A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.2017-10-05not yet calculatedCVE-2017-14084
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtrend_micro -- officescan
 A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.2017-10-05not yet calculatedCVE-2017-14087
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtrend_micro -- officescan
 A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.2017-10-05not yet calculatedCVE-2017-14083
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtrend_micro -- officescan
 Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.2017-10-05not yet calculatedCVE-2017-14088
BID
SECTRACK
MISC
MISC
CONFIRMtrend_micro -- officescan
 Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.2017-10-05not yet calculatedCVE-2017-14085
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtruecrypt -- truecrypt
 The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.2017-10-02not yet calculatedCVE-2015-7358
MISC
MLIST
MLIST
MISC
CONFIRM
EXPLOIT-DBucopia -- wireless_appliance
 The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.2017-10-02not yet calculatedCVE-2017-11322
MISC
EXPLOIT-DBucopia -- wireless_appliance
 The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.2017-10-02not yet calculatedCVE-2017-11321
MISC
EXPLOIT-DBupx -- upx
 p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().2017-10-06not yet calculatedCVE-2017-15056
MISC

wordpress -- wordpress

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).2017-10-02not yet calculatedCVE-2017-14990
MISCwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php.2017-10-06not yet calculatedCVE-2014-8758
MISC
MISCwordpress -- wordpress
 Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.2017-10-06not yet calculatedCVE-2014-8492
MISC
MISCwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php.2017-10-06not yet calculatedCVE-2014-7240
MISC
MISCwordpress -- wordpress
 The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for Wordpress allows remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.2017-10-06not yet calculatedCVE-2015-2673
MISCwordpress -- wordpress
 WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.2017-10-02not yet calculatedCVE-2017-14848
EXPLOIT-DBwordpress -- wordpress
 The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.2017-10-06not yet calculatedCVE-2017-15079
CONFIRM
CONFIRMwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>.2017-10-02not yet calculatedCVE-2015-7357
MISC
FULLDISC
CONFIRM
MISCwso2 -- wso2
 The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS.2017-10-03not yet calculatedCVE-2017-14995
CONFIRMzoho_site24x7 -- mobile_network_poller
 The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.2017-09-29not yet calculatedCVE-2017-14582
BID
MISC loytec -- lvis-3me
 A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.2017-10-05not yet calculatedCVE-2017-13994
BID
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Update for macOS High Sierra

Thu, 10/05/2017 - 17:00
Original release date: October 05, 2017

Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13. An attacker could exploit these vulnerabilities to obtain sensitive information.

US-CERT encourages users and administrators to review the Apple security page for macOS High Sierra 10.13 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 10/04/2017 - 15:30
Original release date: October 04, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Apache Releases Security Updates for Apache Tomcat

Tue, 10/03/2017 - 17:26
Original release date: October 03, 2017

The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server.

US-CERT encourages users and administrators to review the Apache security advisory for CVE-2017-12617 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Update for iOS

Tue, 10/03/2017 - 16:17
Original release date: October 03, 2017

Apple has released iOS 11.0.2 to address vulnerabilities in previous versions of iOS. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Apple security page for iOS 11.0.2 and apply the necessary update.

 

This product is provided subject to this Notification and this Privacy & Use policy.


Tragic Event-Related Scams

Tue, 10/03/2017 - 10:11
Original release date: October 03, 2017

In the wake of Sunday's tragic event in Las Vegas, US-CERT warns users to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from trusted sources. Event-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, fraudulent donation websites, and door-to-door solicitations relating to the recent tragic event.

To avoid becoming victims of fraudulent activity, users and administrators should consider taking the following preventive measures:

This product is provided subject to this Notification and this Privacy & Use policy.


National Cybersecurity Awareness Month: Simple Steps to Online Safety

Tue, 10/03/2017 - 07:30
Original release date: October 03, 2017

October is National Cybersecurity Awareness Month (NCSAM), an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance (NCSA) has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber crime—and protect your online activities.

US-CERT encourages users and administrators to review NCSA’s guidance for online safety basics and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.


Dnsmasq Contains Multiple Vulnerabilities

Tue, 10/03/2017 - 01:20
Original release date: October 03, 2017

Dnsmasq versions 2.77 and prior contain multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VUL Note VU#973527 for more information and update to dnsmasq version 2.78.

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-275: Vulnerability Summary for the Week of September 25, 2017

Mon, 10/02/2017 - 06:38
Original release date: October 02, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infogoogle -- androiddrivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process.2017-09-257.6CVE-2016-5868
BID
CONFIRM
CONFIRMibm -- business_process_managerIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.2017-09-267.5CVE-2017-1527
CONFIRM
BID
MISCnvidia -- gpu_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.2017-09-227.2CVE-2017-6268
CONFIRM
BIDnvidia -- gpu_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.2017-09-227.2CVE-2017-6269
CONFIRM
BIDnvidia -- gpu_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.2017-09-227.2CVE-2017-6277
CONFIRM
BIDsam2p_project -- sam2pBecause of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element.2017-09-227.5CVE-2017-14636
MISCsam2p_project -- sam2pIn sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address.2017-09-227.5CVE-2017-14637
MISCschneider-electric -- u.motion_builderA SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.2017-09-257.5CVE-2017-7973
CONFIRM
BIDschneider-electric -- u.motion_builderA path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.2017-09-257.5CVE-2017-7974
CONFIRM
BIDschneider-electric -- u.motion_builderAn authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass2017-09-257.5CVE-2017-9956
CONFIRM
BIDschneider-electric -- u.motion_builderA vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.2017-09-257.5CVE-2017-9957
CONFIRM
BIDschneider-electric -- u.motion_builderAn improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.2017-09-257.2CVE-2017-9958
CONFIRM
BIDtrendmicro -- mobile_securitySQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.2017-09-2210.0CVE-2017-14078
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRMtrendmicro -- mobile_securityAuthentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.2017-09-227.5CVE-2017-14080
MISC
CONFIRMtrendmicro -- web_security_virtual_applianceVulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.2017-09-229.0CVE-2017-11396
CONFIRMxceedium -- xsuiteMultiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0.2017-09-257.5CVE-2015-4667
MISC
BUGTRAQ
EXPLOIT-DBxceedium -- xsuiteThe MySQL "root" user in Xsuite 2.3.0 and 2.4.3.0 does not have a password set, which allows local users to access databases on the system.2017-09-257.2CVE-2015-4669
MISC
BUGTRAQ
EXPLOIT-DBBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- strutsCross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.2017-09-254.3CVE-2015-5169
JVN
JVNDB
BID
CONFIRM
CONFIRMartifex -- mupdfArtifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.2017-09-226.8CVE-2017-14685
MISC
MISC
MISCartifex -- mupdfArtifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.2017-09-226.8CVE-2017-14686
MISC
MISC
MISCartifex -- mupdfArtifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.2017-09-226.8CVE-2017-14687
MISC
MISC
MISCfoxitsoftware -- foxit_readerFoxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f."2017-09-224.6CVE-2017-14694
BID
MISCgeminabox_project -- geminaboxgeminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.2017-09-256.8CVE-2017-14683
MISC
MISCgenixcms -- genixcmsIn GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.2017-09-274.3CVE-2017-14761
MISCgenixcms -- genixcmsIn GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.2017-09-274.3CVE-2017-14762
MISCgenixcms -- genixcmsIn the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.2017-09-276.5CVE-2017-14763
MISCgenixcms -- genixcmsIn the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.2017-09-276.5CVE-2017-14764
MISCgenixcms -- genixcmsIn GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.2017-09-274.3CVE-2017-14765
MISCgnu -- binutilsThe *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.2017-09-256.8CVE-2017-14729
MISC
MISC
MISC
MISCgnu -- binutilsThe *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.2017-09-266.8CVE-2017-14745
CONFIRMgraphicsmagick -- graphicsmagickReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2017-09-254.3CVE-2017-14733
CONFIRM
CONFIRMibm -- business_process_managerIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.2017-09-266.5CVE-2017-1539
CONFIRM
BID
MISCibm -- websphere_mqIBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.2017-09-254.0CVE-2017-1235
CONFIRM
BID
MISCimagemagick -- imagemagickThe AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.2017-09-255.0CVE-2017-14739
CONFIRMimagemagick -- imagemagickThe ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.2017-09-254.3CVE-2017-14741
CONFIRMirfanview -- irfanviewIrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613."2017-09-224.6CVE-2017-14693
MISClibbpg_project -- libbpgThe build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1.2017-09-256.8CVE-2017-14734
MISClibbpg_project -- libbpgThe hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.2017-09-276.8CVE-2017-14795
MISClibbpg_project -- libbpgThe hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.2017-09-276.8CVE-2017-14796
MISClibofx_project -- libofxofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.2017-09-254.3CVE-2017-14731
MISCnvidia -- gpu_driverNVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.2017-09-224.9CVE-2017-6266
CONFIRM
BIDnvidia -- gpu_driverNVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.2017-09-224.9CVE-2017-6267
CONFIRM
BIDnvidia -- gpu_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service.2017-09-224.9CVE-2017-6270
CONFIRM
BIDnvidia -- gpu_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service.2017-09-224.9CVE-2017-6271
CONFIRM
BIDschneider-electric -- citect_anywhereA cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.2017-09-256.8CVE-2017-7969
CONFIRM
BID
CONFIRMschneider-electric -- citect_anywhereA vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.2017-09-254.0CVE-2017-7971
CONFIRM
BID
CONFIRMschneider-electric -- citect_anywhereA vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.2017-09-255.2CVE-2017-7972
CONFIRM
BID
CONFIRMschneider-electric -- u.motion_builderA vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.2017-09-254.9CVE-2017-9959
CONFIRM
BIDschneider-electric -- u.motion_builderAn information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.2017-09-255.0CVE-2017-9960
CONFIRM
BIDstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."2017-09-224.4CVE-2017-14688
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e."2017-09-224.6CVE-2017-14689
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7."2017-09-224.6CVE-2017-14690
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a."2017-09-224.6CVE-2017-14691
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."2017-09-224.4CVE-2017-14692
MISCtheforeman -- foremanCross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.2017-09-254.3CVE-2015-5282
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRMtrendmicro -- mobile_securityUnrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.2017-09-226.5CVE-2017-14079
BID
MISC
MISC
MISC
MISC
CONFIRMtrendmicro -- mobile_securityProxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.2017-09-226.5CVE-2017-14081
BID
MISC
MISC
CONFIRMtrendmicro -- smart_protection_serverCommand injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.2017-09-226.5CVE-2017-11395
MISC
BID
CONFIRMweechat -- loggerlogger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.2017-09-235.0CVE-2017-14727
BID
CONFIRM
CONFIRM
CONFIRMwordpress -- wordpressBefore version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.2017-09-234.3CVE-2017-14718
BID
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.2017-09-235.0CVE-2017-14719
BID
MISC
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.2017-09-234.3CVE-2017-14720
BID
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.2017-09-234.3CVE-2017-14721
BID
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.2017-09-235.0CVE-2017-14722
BID
MISC
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.2017-09-234.3CVE-2017-14724
BID
MISC
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.2017-09-234.3CVE-2017-14726
BID
MISC
MISC
MISCxceedium -- xsuiteOpen redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.2017-09-255.8CVE-2015-4668
MISC
BUGTRAQ
EXPLOIT-DBBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infogeminabox_project -- geminaboxgeminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.2017-09-253.5CVE-2017-14506
MISC
MISCibm -- business_process_managerIBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.2017-09-251.9CVE-2017-1346
CONFIRM
BID
MISCibm -- business_process_managerIBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477.2017-09-253.5CVE-2017-1424
CONFIRM
BID
MISCibm -- business_process_managerIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409.2017-09-263.5CVE-2017-1530
CONFIRM
BID
MISCibm -- business_process_managerIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.2017-09-263.5CVE-2017-1531
CONFIRM
BID
MISCibm -- security_identity_managerIBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.2017-09-252.1CVE-2017-1362
CONFIRM
BID
MISClinux -- linux_kernelThe KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.2017-09-262.1CVE-2017-1000252
CONFIRM
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernelThe prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.2017-09-263.6CVE-2017-12154
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMschneider-electric -- citect_anywhereA vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.2017-09-253.3CVE-2017-7970
CONFIRM
BID
CONFIRMtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.2017-09-223.5CVE-2017-14712
MISCtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.2017-09-223.5CVE-2017-14713
MISCtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.2017-09-223.5CVE-2017-14714
MISCtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.2017-09-223.5CVE-2017-14715
MISCtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.2017-09-223.5CVE-2017-14716
MISCtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.2017-09-223.5CVE-2017-14717
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoantisamy_project -- antisamy
 OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.2017-09-25not yet calculatedCVE-2017-14735
CONFIRMapache -- geode
 When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.2017-09-29not yet calculatedCVE-2017-9794
MLISTapache -- mesos
 When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.2017-09-28not yet calculatedCVE-2017-9790
BID
MLISTapache -- mesos
 When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.2017-09-28not yet calculatedCVE-2017-7687
BID
MLISTapache -- tika
 Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.2017-09-29not yet calculatedCVE-2016-4434
BUGTRAQ
MLISTapache -- xerces
 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.2017-09-27not yet calculatedCVE-2017-12621
BID
SECTRACK
CONFIRM
MLISTappstudio -- appstudio
 The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.2017-09-28not yet calculatedCVE-2017-7553
CONFIRMarcsight -- arcsight_esm
 An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.2017-09-29not yet calculatedCVE-2017-13988
BID
CONFIRMarcsight -- arcsight_esm
 An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.2017-09-29not yet calculatedCVE-2017-13990
BID
CONFIRMarcsight -- arcsight_esm
 An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.2017-09-29not yet calculatedCVE-2017-13989
BID
CONFIRMarcsight -- arcsight_esm
 A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.2017-09-29not yet calculatedCVE-2017-13986
BID
CONFIRMarcsight -- arcsight_esm
 An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.2017-09-29not yet calculatedCVE-2017-13991
BID
CONFIRMarcsight -- arcsight_esm
 An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.2017-09-29not yet calculatedCVE-2017-13987
BID
CONFIRMartifex -- gsview
 Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068."2017-09-29not yet calculatedCVE-2017-14945
CONFIRMartifex -- gsview
 Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e."2017-09-29not yet calculatedCVE-2017-14946
CONFIRMartifex -- gsview
 Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."2017-09-29not yet calculatedCVE-2017-14947
CONFIRMblizzard -- overwatch
 Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match.2017-09-26not yet calculatedCVE-2017-14748
MISC
MISCbotan -- botan
 A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.2017-09-25not yet calculatedCVE-2017-14737
MISC
MISCbranagh_information_group -- ers_data_system
 ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.2017-09-29not yet calculatedCVE-2017-14702
MISCbroadcom -- bcm4355c0_wi-fi_chips
 On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.2017-09-27not yet calculatedCVE-2017-11121
MISC
BID
MISC
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRMbroadcom -- bcm4355c0_wi-fi_chips
 On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.2017-09-27not yet calculatedCVE-2017-11120
MISC
BID
MISC
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBcash_back_comparison_script -- cash_back_comparison_script
 SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.2017-09-26not yet calculatedCVE-2017-14703
EXPLOIT-DBcisco -- ios
 A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179.2017-09-28not yet calculatedCVE-2017-12235
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277.2017-09-28not yet calculatedCVE-2017-12237
BID
SECTRACK
CONFIRMcisco -- ios
 The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.2017-09-28not yet calculatedCVE-2017-12240
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMcisco -- ios
 Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334.2017-09-28not yet calculatedCVE-2017-12233
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809.2017-09-28not yet calculatedCVE-2017-12232
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132.2017-09-28not yet calculatedCVE-2017-12239
BID
SECTRACK
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217.2017-09-28not yet calculatedCVE-2017-12231
BID
SECTRACK
CONFIRMcisco -- ios
 Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).2017-09-25not yet calculatedCVE-2010-3050
CISCOcisco -- ios
 A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008.2017-09-28not yet calculatedCVE-2017-12236
BID
SECTRACK
CONFIRMcisco -- ios
 Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.2017-09-28not yet calculatedCVE-2017-12234
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069.2017-09-28not yet calculatedCVE-2017-12222
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuz46036.2017-09-28not yet calculatedCVE-2017-12229
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062.2017-09-28not yet calculatedCVE-2017-12230
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.2017-09-28not yet calculatedCVE-2017-12238
BID
SECTRACK
CONFIRMcisco -- ios
 Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).2017-09-25not yet calculatedCVE-2010-3049
CISCOcisco -- ios
 The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions.2017-09-25not yet calculatedCVE-2011-4667
CISCO
CISCOcisco -- ios
 A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device. This vulnerability affects the following Cisco products if they are running Cisco IOS XE Software Release 3.7.0E, 3.7.1E, 3.7.2E, 3.7.3E, 3.7.4E, or 3.7.5E: Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, Cisco New Generation Wireless Controllers (NGWC) 3850. Cisco Bug IDs: CSCvd73746.2017-09-28not yet calculatedCVE-2017-12226
BID
SECTRACK
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171.2017-09-28not yet calculatedCVE-2017-12228
SECTRACK
CONFIRMcitrix -- citrix_web_interface
 Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter.2017-09-27not yet calculatedCVE-2015-7349
MISC
CONFIRM
CONFIRMcitrix -- netscaler_application_delivery_controller_and_netscaler_gateway
 A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.2017-09-26not yet calculatedCVE-2017-14602
BID
CONFIRMclaydip -- laravel_airbnb_clone
 Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.2017-09-26not yet calculatedCVE-2017-14704
EXPLOIT-DBcomicsmart -- ganma!
 GANMA! App for iOS does not verify SSL certificates.2017-09-25not yet calculatedCVE-2015-7785
JVN
JVNDBcyberlink -- labelprint
 Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.2017-09-23not yet calculatedCVE-2017-14627
MISC
EXPLOIT-DBdebian -- fso
 The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.2017-09-25not yet calculatedCVE-2014-8156
MLIST
BID
XFdebian -- inspircd
 inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.2017-09-25not yet calculatedCVE-2012-6696
DEBIAN
MLIST
CONFIRMdevscripts -- devscripts
 scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.2017-09-25not yet calculatedCVE-2015-5704
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
CONFIRMdigium -- asterisk_gui
 An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.2017-09-25not yet calculatedCVE-2017-14001
BID
MISCegroupware -- egroupware _community_edition
 Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.2017-09-29not yet calculatedCVE-2017-14920
MISC
MISCelastic -- x-pack_security
 An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.2017-09-28not yet calculatedCVE-2017-8447
MISCelasticsearch -- elastic_cloud_enterprise
 The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.2017-09-28not yet calculatedCVE-2017-8444
MISCelasticsearch -- kibana
 Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.2017-09-28not yet calculatedCVE-2017-11479
MISCelasticsearch -- x-pack_alerting
 An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges.2017-09-28not yet calculatedCVE-2017-8448
MISCexiv2 -- exiv2
 An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2017-09-28not yet calculatedCVE-2017-14862
MISCexiv2 -- exiv2
 There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.2017-09-28not yet calculatedCVE-2017-14858
MISCexiv2 -- exiv2
 There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.2017-09-28not yet calculatedCVE-2017-14866
MISCexiv2 -- exiv2
 A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2017-09-28not yet calculatedCVE-2017-14863
MISCexiv2 -- exiv2
 There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.2017-09-28not yet calculatedCVE-2017-14860
MISCexiv2 -- exiv2
 There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.2017-09-28not yet calculatedCVE-2017-14861
MISCexiv2 -- exiv2
 An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2017-09-28not yet calculatedCVE-2017-14864
MISCexiv2 -- exiv2
 An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2017-09-28not yet calculatedCVE-2017-14859
MISCexiv2 -- exiv2
 There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.2017-09-28not yet calculatedCVE-2017-14865
MISCexiv2 -- exiv2
 In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.2017-09-28not yet calculatedCVE-2017-14857
MISCeyesofnetwork -- eyesofnetwork_web_interface
 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.2017-09-26not yet calculatedCVE-2017-14753
BID
MISCfaleemi -- wireless-ip-camera
 Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.2017-09-26not yet calculatedCVE-2017-14743
MISCffmpeg -- ffmpeg
 The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.2017-09-27not yet calculatedCVE-2017-14767
BID
CONFIRMfilerun -- filerun
 FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).2017-09-29not yet calculatedCVE-2017-14738
MISC
MISC
EXPLOIT-DBfreeipa -- freeipa
 FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session.2017-09-27not yet calculatedCVE-2017-11191
MISCgentoo -- gentoo
 The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.2017-09-25not yet calculatedCVE-2017-14730
CONFIRM
CONFIRM
CONFIRM
CONFIRMgit -- git
 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.2017-09-28not yet calculatedCVE-2017-14867
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMgnu -- binutils
 decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.2017-09-29not yet calculatedCVE-2017-14932
CONFIRM
CONFIRMgnu -- binutils
 Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-09-29not yet calculatedCVE-2017-14930
CONFIRMgnu -- binutils
 _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.2017-09-29not yet calculatedCVE-2017-14938
MISC
MISC
MISCgnu -- binutils
 process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.2017-09-29not yet calculatedCVE-2017-14934
CONFIRM
CONFIRMgnu -- binutils
 decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.2017-09-29not yet calculatedCVE-2017-14939
MISC
MISC
MISCgnu -- binutils
 read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.2017-09-29not yet calculatedCVE-2017-14933
CONFIRM
CONFIRM
CONFIRMgnu -- binutils
 scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.2017-09-29not yet calculatedCVE-2017-14940
MISC
MISC
MISCgoogle -- android
 Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.2017-09-25not yet calculatedCVE-2014-8889
MISC
FULLDISC
BUGTRAQ
BID
MISCgoogle -- android
 WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.2017-09-25not yet calculatedCVE-2014-0997
MISC
FULLDISC
BUGTRAQ
BID
MISC
EXPLOIT-DBgoogle -- android
 The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.2017-09-29not yet calculatedCVE-2017-14582
MISCgoogle -- android
 Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.2017-09-27not yet calculatedCVE-2015-1537
BID
CONFIRM
MISCgoogle -- android
 ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.2017-09-25not yet calculatedCVE-2015-5666
JVN
JVNDB
BIDgoogle -- android
 The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.2017-09-27not yet calculatedCVE-2015-1526
BID
MISCgoogle -- googlemaps
 The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428.2017-09-27not yet calculatedCVE-2014-9686
FULLDISC
MISC
MLISThp -- hpe_sitescope
 An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.2017-09-29not yet calculatedCVE-2017-14349
BID
CONFIRMhpe -- application_performance_management_platformAn authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.2017-09-29not yet calculatedCVE-2017-13983
CONFIRMhpe -- application_performance_management_platform
 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.2017-09-29not yet calculatedCVE-2017-13985
CONFIRMhpe -- application_performance_management_platform
 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.2017-09-29not yet calculatedCVE-2017-13984
CONFIRMhpe -- application_performance_management_platform
 A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.2017-09-29not yet calculatedCVE-2017-13982
CONFIRMhpe -- application_performance_management_platform
 A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.2017-09-29not yet calculatedCVE-2017-14350
BID
CONFIRMhpe -- hp_ucmdb_configuration_manager
 A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.2017-09-29not yet calculatedCVE-2017-14351
CONFIRMhpe -- hp_ucmdb_configuration_manager
 A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.2017-09-29not yet calculatedCVE-2017-14352
CONFIRMhuawei -- s7700_and_s9700_and_s9300
 Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.2017-09-25not yet calculatedCVE-2015-7846
BID
CONFIRMhuawei -- uap2105
 Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.2017-09-25not yet calculatedCVE-2015-6592
BID
CONFIRMibm -- api_connect
 IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.2017-09-25not yet calculatedCVE-2017-1555
CONFIRM
BID
MISCibm -- api_connect
 IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.2017-09-25not yet calculatedCVE-2017-1551
CONFIRM
MISCibm -- business_process_manager
 IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.2017-09-26not yet calculatedCVE-2017-1425
CONFIRM
BID
MISCibm -- security_identity_manager_adapters
 IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.2017-09-27not yet calculatedCVE-2017-1483
CONFIRM
BID
MISCibm -- security_identity_manager_virtual_appliance
 IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394.2017-09-27not yet calculatedCVE-2017-1407
CONFIRM
BID
MISCibm -- websphere_datapower_appliances
 IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2017-09-27not yet calculatedCVE-2017-1591
CONFIRM
BID
MISCibm -- websphere_portal
 IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.2017-09-27not yet calculatedCVE-2017-1577
CONFIRM
BID
SECTRACK
MISCinedo -- proget
 Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.2017-09-29not yet calculatedCVE-2017-14944
CONFIRMintelbras -- wireless_router
 Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.2017-09-29not yet calculatedCVE-2017-14942
MISC
EXPLOIT-DBjerryscript -- jerryscript
 JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.2017-09-26not yet calculatedCVE-2017-14749
MISCjsoup -- jsoup
 Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.2017-09-25not yet calculatedCVE-2015-6748
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMkde -- kmail
 KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.2017-09-27not yet calculatedCVE-2014-8878
MLIST
BID
CONFIRM
CONFIRMkupu -- kupu
 Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.2017-09-25not yet calculatedCVE-2015-7317
MLIST
CONFIRM
CONFIRM
CONFIRMlaravel -- laravel
 Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.2017-09-27not yet calculatedCVE-2017-14775
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.2017-09-25not yet calculatedCVE-2015-5327
MLIST
CONFIRM
CONFIRMmagento -- magento
 Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.2017-09-25not yet calculatedCVE-2015-8707
CONFIRMmahara -- mahara
 Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.2017-09-25not yet calculatedCVE-2017-9551
CONFIRM
CONFIRMman-db -- man-db
 The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.2017-09-27not yet calculatedCVE-2015-1336
MISC
MISC
MISC
MLIST
BID
CONFIRM
MISC
GENTOOmicrosoft -- windows_app_studio
 It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.2017-09-28not yet calculatedCVE-2017-7554
CONFIRMmillicore -- millicore
 The file editor in millicore allows files to be executed, as well as created. An attacker could use this flaw to compromise other users, or teams projects stored in source control management of the RHMAP Core installation.2017-09-28not yet calculatedCVE-2017-7552
CONFIRMmojoomla -- annual_maintenance_contract_(amc)_management_system
 Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.2017-09-27not yet calculatedCVE-2017-14841
EXPLOIT-DBmultitech_faxfinder -- multitech_faxfinder
 MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext.2017-09-29not yet calculatedCVE-2016-10512
MISCnode.js -- node.js
 Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.2017-09-27not yet calculatedCVE-2017-14849
BID
CONFIRM
CONFIRMnorton -- remove_and_reinstall
 Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability.2017-09-27not yet calculatedCVE-2017-13676
BID
CONFIRMnvidia -- gpu_display_driver
 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.2017-09-22not yet calculatedCVE-2017-6272
CONFIRM
BIDoctober_cms -- october_cms
 Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.2017-09-27not yet calculatedCVE-2015-5613
MLIST
CONFIRM
CONFIRMogaki_kyoritsu_bank -- smartphone_passbook
 Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.2017-09-26not yet calculatedCVE-2015-0874
JVN
JVNDB
BIDopenexif -- openexif
 ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file.2017-09-29not yet calculatedCVE-2017-14931
MISC
MISCopenhpi -- openhpi
 openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).2017-09-26not yet calculatedCVE-2015-3248
FEDORA
CONFIRM
CONFIRMopentext -- documentum_administrator
 Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.2017-09-27not yet calculatedCVE-2017-14524
FULLDISC
CONFIRMopentext -- documentum_administrator
 Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.2017-09-27not yet calculatedCVE-2017-14526
FULLDISC
CONFIRMopentext -- documentum_webtop
 Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.2017-09-27not yet calculatedCVE-2017-14527
FULLDISC
CONFIRMopentext -- documentum_webtop
 Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.2017-09-27not yet calculatedCVE-2017-14525
FULLDISC
CONFIRMpercona -- percona_toolkit
 The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.2017-09-28not yet calculatedCVE-2015-1027
CONFIRM
CONFIRMpercona -- percona_toolkit
 The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.2017-09-28not yet calculatedCVE-2014-2029
MLIST
CONFIRM
CONFIRMperl -- perl
 Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.2017-09-27not yet calculatedCVE-2017-12814
BID
CONFIRM
CONFIRM
CONFIRMphilips -- hue_bridge
 Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.2017-09-30not yet calculatedCVE-2017-14797
MISCphp-fusion_9 -- php-fusion_9
 Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.2017-09-25not yet calculatedCVE-2015-8375
MISC
MLIST
CONFIRM
CONFIRMplone -- plone
 Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.2017-09-25not yet calculatedCVE-2015-7318
MLIST
CONFIRM
CONFIRM
CONFIRMplone -- plone
 Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.2017-09-25not yet calculatedCVE-2015-7315
MLIST
CONFIRM
CONFIRM
CONFIRMplone -- plone
 Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.2017-09-25not yet calculatedCVE-2015-7316
MLIST
CONFIRM
MISC
CONFIRMpoppler -- poppler
 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.2017-09-29not yet calculatedCVE-2017-14926
CONFIRMpoppler -- poppler
 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.2017-09-29not yet calculatedCVE-2017-14928
CONFIRMpoppler -- poppler
 In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.2017-09-29not yet calculatedCVE-2017-14927
CONFIRMpoppler -- poppler
 In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.2017-09-29not yet calculatedCVE-2017-14929
CONFIRMprotobuf -- protobuf
 protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.2017-09-25not yet calculatedCVE-2015-5237
MLIST
CONFIRM
CONFIRMpulp -- pulp-consumer-client
 pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.2017-09-25not yet calculatedCVE-2015-5263
MISC
MLIST
CONFIRM
CONFIRMpulse_secure -- pulse_one_on-premise
 Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.2017-09-29not yet calculatedCVE-2017-14935
CONFIRMred_hat -- enterprise_virtualization
 redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.2017-09-25not yet calculatedCVE-2015-7544
CONFIRM
REDHATred_hat -- enterprise_virtualization
 ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.2017-09-25not yet calculatedCVE-2014-8170
CONFIRM
MISCred_hat -- jboss_a-mqThe Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.2017-09-25not yet calculatedCVE-2015-5183
CONFIRMred_hat -- jboss_a-mq
 The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.2017-09-25not yet calculatedCVE-2015-5181
REDHAT
CONFIRM
REDHATred_hat -- jboss_a-mq
 The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact.2017-09-25not yet calculatedCVE-2015-5184
CONFIRMred_hat -- jboss_a-mq
 Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.2017-09-25not yet calculatedCVE-2015-5182
CONFIRM

red_hat -- openshift_enterprise_2
 


 selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.2017-09-25not yet calculatedCVE-2015-0238
CONFIRM
CONFIRMred_hat -- openshift
 The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.2017-09-27not yet calculatedCVE-2015-8249
MISC
MISC
MISC
EXPLOIT-DBsaltstack -- salt
 Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.2017-09-26not yet calculatedCVE-2017-5200
CONFIRM
CONFIRM
CONFIRMsaltstack -- salt
 When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.2017-09-26not yet calculatedCVE-2017-5192
CONFIRM
CONFIRM
CONFIRMsap -- enterprise_portal
 Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.2017-09-28not yet calculatedCVE-2017-10701
BID
BID
BID
MISCschneider_electric -- clearscada
 Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.2017-09-25not yet calculatedCVE-2017-9962
CONFIRMschneider_electric -- pro-face_gp_pro_ex
 A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process.2017-09-25not yet calculatedCVE-2017-9961
CONFIRM
BIDsmarterstats -- smarterstats
 SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.2017-09-29not yet calculatedCVE-2017-14620
MISCsystemd -- systemd
 Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.2017-09-25not yet calculatedCVE-2015-7510
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdump
 print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).2017-09-27not yet calculatedCVE-2015-3138
SUSE
CONFIRM
CONFIRM
CONFIRMteamwork -- job_links
 TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.2017-09-27not yet calculatedCVE-2017-14838
EXPLOIT-DBteamwork -- photo_fusionTeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.2017-09-27not yet calculatedCVE-2017-14839
EXPLOIT-DBteamwork -- ticketplus
 TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.2017-09-27not yet calculatedCVE-2017-14840
EXPLOIT-DBtestlink -- testlink
 SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.2017-09-26not yet calculatedCVE-2015-7390
BUGTRAQtestlink -- testlink
 Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php.2017-09-26not yet calculatedCVE-2015-7391
BUGTRAQtiki -- tiki
 Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.2017-09-29not yet calculatedCVE-2017-14924
MISC
MISC
MISCtiki -- tiki
 Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.2017-09-29not yet calculatedCVE-2017-14925
MISC
MISC
MISCtine -- tine
 Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-29not yet calculatedCVE-2017-14921
MISC
MISC
MISC
MISC
MISCtine -- tine
 Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-29not yet calculatedCVE-2017-14922
MISC
MISC
MISC
MISC
MISCtine -- tine
 Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-29not yet calculatedCVE-2017-14923
MISC
MISC
MISC
MISC
MISCubuntu -- ubuntu
 usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.2017-09-27not yet calculatedCVE-2015-3643
MLIST
MLIST
BID
MISC
UBUNTU
UBUNTU
EXPLOIT-DBueditor -- ueditor
 UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.2017-09-26not yet calculatedCVE-2017-14744
MISCunify -- openstage_and_openscape_desk_phones
 OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys.2017-09-25not yet calculatedCVE-2015-8251
CERT-VN
CONFIRM
CONFIRM
CONFIRMunisys -- libra
 Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption.2017-09-29not yet calculatedCVE-2017-13684
CONFIRMvebto -- pixie_image_editor
 Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.2017-09-25not yet calculatedCVE-2017-12905
FULLDISCwesnoth -- battle_for_wesnoth
 The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.2017-09-26not yet calculatedCVE-2015-5069
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISCwesnoth -- battle_for_wesnoth
 The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.2017-09-26not yet calculatedCVE-2015-5070
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISCwordpress -- wordpress
 The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.2017-09-26not yet calculatedCVE-2017-14751
MISC
BID
MISCwordpress -- wordpress
 The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.2017-09-29not yet calculatedCVE-2015-9233
MISC
MISC
MISCwordpress -- wordpress
 Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14844
EXPLOIT-DBwordpress -- wordpress
 The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.2017-09-29not yet calculatedCVE-2015-9234
MISC
MISC
MISCwordpress -- wordpress
 SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.2017-09-25not yet calculatedCVE-2017-14125
FULLDISC
MISCwordpress -- wordpress
 Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14847
EXPLOIT-DBwordpress -- wordpress
 Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14845
EXPLOIT-DBwordpress -- wordpress
 Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14842
EXPLOIT-DBwordpress -- wordpress
 Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14843
EXPLOIT-DBwordpress -- wordpress
 SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.2017-09-27not yet calculatedCVE-2017-14760
MISCwordpress -- wordpress
 Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.2017-09-27not yet calculatedCVE-2017-14622
BID
MISC
CONFIRMwordpress -- wordpress
 Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14846
EXPLOIT-DBwordpress -- wordpress
 Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.2017-09-27not yet calculatedCVE-2017-2551
MISC
CONFIRMwordpress -- wordpress
 Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.2017-09-23not yet calculatedCVE-2017-14725
BID
MISC
MISC
MISCwordpress -- wordpress
 Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.2017-09-28not yet calculatedCVE-2017-14507
EXPLOIT-DBwordpress -- wordpress
 The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.2017-09-27not yet calculatedCVE-2017-14766
MISC
MISC
MISCwordpress -- wordpress
 Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.2017-09-23not yet calculatedCVE-2017-14723
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISCwordpress -- wordpress
 Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.2017-09-26not yet calculatedCVE-2015-7670
BUGTRAQ
CONFIRM
MISCzkteco -- zktime_web
 Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.2017-09-26not yet calculatedCVE-2017-13129
BUGTRAQ
FULLDISCzope_and_plone -- zope_and_plone
 Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.2017-09-25not yet calculatedCVE-2015-7293
MISC
CONFIRM
CONFIRM
EXPLOIT-DBzte -- microwave_nr8000_series_products
 All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.2017-09-27not yet calculatedCVE-2017-10932
CONFIRMzyxel -- multiple_products
 ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.2017-09-27not yet calculatedCVE-2015-7256
CERT-VN
CONFIRMBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


October is National Cybersecurity Awareness Month

Sun, 10/01/2017 - 14:55
Original release date: October 01, 2017

October is National Cybersecurity Awareness Month (NCSAM). NSCAM is a collaborative effort between DHS and its public and private partners-including the National Cyber Security Alliance (NCSA)-to raise awareness about the vital role cybersecurity plays in the lives of U.S. citizens. US-CERT will be participating in NCSAM through weekly posts in the Current Activity section of the US-CERT website. Over the course of the month, these will touch on

  • basic online safety,
  • cybersecurity at work,
  • protecting personal information,
  • careers in cybersecurity, and
  • cybersecurity and critical infrastructure.

Users and administrators are encouraged to review the Stay Safe Online NCSAM page and the Stay Safe Online NCSAM Events page for additional information and details on NCSA events.

This product is provided subject to this Notification and this Privacy & Use policy.


DNSSEC Key Signing Key Rollover Postponed

Fri, 09/29/2017 - 12:29
Original release date: September 29, 2017

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced that the change to the Root Zone Key Signing Key (KSK) scheduled for October 11, 2017, has been postponed. A new date for the Key Roll has not yet been determined.

DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate. Maintaining an up-to-date Root KSK as a trust anchor is essential to ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector. Systems of organizations that do not use DNSSEC validation will be unaffected by the rollover.

Users and administrators are encouraged to review ICAAN announcement KSK Rollover Postponed and the US-CERT Current Activity on DNSSEC Key Signing Key Rollover for more information.

US-CERT will provide additional information as it becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Updates

Thu, 09/28/2017 - 13:52
Original release date: September 28, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 52.4 and Firefox 56. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 52.4 and Firefox 56 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 09/27/2017 - 17:30
Original release date: September 27, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Update for iOS

Tue, 09/26/2017 - 15:41
Original release date: September 26, 2017

Apple has released iOS 11.0.1 to address vulnerabilities in previous versions of iOS. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Apple security page for iOS 11.0.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Pages