Vulnerability Summary for the Week of May 22, 2017

Released
May 29, 2017
Document ID
SB17-149

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-05-227.6CVE-2017-2501
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.2017-05-227.5CVE-2017-2513
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-229.3CVE-2017-2494
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-229.3CVE-2017-2503
CONFIRM
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12.2017-05-237.5CVE-2017-9151
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41.2017-05-237.5CVE-2017-9152
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13.2017-05-237.5CVE-2017-9153
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12.2017-05-237.5CVE-2017-9160
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23.2017-05-237.5CVE-2017-9161
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2.2017-05-237.5CVE-2017-9162
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in pxl-outline.c:106:54.2017-05-237.5CVE-2017-9163
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11.2017-05-237.5CVE-2017-9164
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11.2017-05-237.5CVE-2017-9165
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11.2017-05-237.5CVE-2017-9166
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25.2017-05-237.5CVE-2017-9167
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25.2017-05-237.5CVE-2017-9168
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25.2017-05-237.5CVE-2017-9169
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25.2017-05-237.5CVE-2017-9170
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24.2017-05-237.5CVE-2017-9171
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:496:29.2017-05-237.5CVE-2017-9172
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29.2017-05-237.5CVE-2017-9173
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7.2017-05-237.5CVE-2017-9183
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7.2017-05-237.5CVE-2017-9184
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7.2017-05-237.5CVE-2017-9185
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17.2017-05-237.5CVE-2017-9186
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7.2017-05-237.5CVE-2017-9187
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63.2017-05-237.5CVE-2017-9188
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15.2017-05-237.5CVE-2017-9191
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7.2017-05-237.5CVE-2017-9192
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33.2017-05-237.5CVE-2017-9193
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.2017-05-237.5CVE-2017-9194
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.2017-05-237.5CVE-2017-9195
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7.2017-05-237.5CVE-2017-9196
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55.2017-05-237.5CVE-2017-9197
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18.2017-05-237.5CVE-2017-9198
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19.2017-05-237.5CVE-2017-9199
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63.2017-05-237.5CVE-2017-9200
MISC
cisco -- firepower_threat_defenseA vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072.2017-05-217.8CVE-2017-6632
BID
CONFIRM
dropbear_ssh_project -- dropbear_sshThe server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.2017-05-199.3CVE-2017-9078
CONFIRM
libtiff -- libtiffIn LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.2017-05-217.5CVE-2017-9117
MISC
BID
mimosa -- client_radiosAn issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user.2017-05-219.0CVE-2017-9133
MISC
mimosa -- client_radiosAn issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program like cURL. There is one test accessible via cURL that does not properly sanitize user input, allowing an attacker to execute shell commands as the root user.2017-05-219.0CVE-2017-9135
MISC
mimosa -- client_radiosAn issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device).2017-05-217.8CVE-2017-9136
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
allendisk_project -- allendiskreg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].2017-05-195.0CVE-2017-9090
CONFIRM
allendisk_project -- allendisk/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].2017-05-195.0CVE-2017-9091
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly interacts with the history menu.2017-05-224.3CVE-2017-2495
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-226.8CVE-2017-2496
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.2017-05-225.8CVE-2017-2497
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.2017-05-225.0CVE-2017-2498
BID
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to execute arbitrary unsigned code or cause a denial of service (memory corruption) via a crafted app.2017-05-226.8CVE-2017-2499
CONFIRM
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-05-224.3CVE-2017-2502
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands.2017-05-224.3CVE-2017-2504
CONFIRM
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-226.8CVE-2017-2505
CONFIRM
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-226.8CVE-2017-2506
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-226.8CVE-2017-2514
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-226.8CVE-2017-2515
CONFIRM
CONFIRM
CONFIRM
apple -- safariAn issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.2017-05-224.3CVE-2017-2500
CONFIRM
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11.2017-05-235.0CVE-2017-9154
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3.2017-05-235.0CVE-2017-9155
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12.2017-05-235.0CVE-2017-9156
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14.2017-05-235.0CVE-2017-9157
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11.2017-05-235.0CVE-2017-9158
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15.2017-05-235.0CVE-2017-9159
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23.2017-05-235.0CVE-2017-9174
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25.2017-05-235.0CVE-2017-9175
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25.2017-05-235.0CVE-2017-9176
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12.2017-05-235.0CVE-2017-9177
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11.2017-05-235.0CVE-2017-9178
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14.2017-05-235.0CVE-2017-9179
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14.2017-05-235.0CVE-2017-9180
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c.2017-05-235.0CVE-2017-9181
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11.2017-05-235.0CVE-2017-9182
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11.2017-05-235.0CVE-2017-9189
MISC
autotrace_project -- autotracelibautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5.2017-05-235.0CVE-2017-9190
MISC
dropbear_ssh_project -- dropbear_sshDropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed.2017-05-194.7CVE-2017-9079
CONFIRM
google -- androidInteger overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors.2017-05-235.0CVE-2015-1529
BID
CONFIRM
MISC
imagemagick -- imagemagickIn ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.2017-05-224.3CVE-2017-9141
BID
CONFIRM
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.2017-05-224.3CVE-2017-9142
CONFIRM
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.2017-05-224.3CVE-2017-9143
CONFIRM
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.2017-05-224.3CVE-2017-9144
BID
CONFIRM
imageworsener_project -- imageworsenerThe my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.2017-05-194.3CVE-2017-9093
CONFIRM
imageworsener_project -- imageworsenerThe lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.2017-05-194.3CVE-2017-9094
CONFIRM
libtiff -- libtiffLibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.2017-05-224.3CVE-2017-9147
MISC
BID
mimosa -- client_radiosAn issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka "unauthenticated remote command execution." This command can be re-sent endlessly to act as a DoS attack on the client.2017-05-215.0CVE-2017-9131
MISC
mimosa -- client_radiosA hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface.2017-05-215.0CVE-2017-9132
MISC
mimosa -- client_radiosAn information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant because there is another page (accessible without any authentication) that allows you to remotely factory reset the device simply by entering the serial number.2017-05-215.0CVE-2017-9134
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
linux -- linux_kernelThe do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.2017-05-222.1CVE-2017-9150
MISC
MISC
MISC
MISC
rsa -- adaptive_authentication_(on_premise)EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-05-193.5CVE-2017-4978
CONFIRM
BID

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
7_zip -- 7_zip_for_windowsUntrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-05-22not yet calculatedCVE-2016-7804
JVNDB
CONFIRM
JVN
alienvault -- ossimThe sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.2017-05-23not yet calculatedCVE-2015-4045
BID
MISC
CONFIRM
alienvault -- ossimThe asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.2017-05-23not yet calculatedCVE-2015-4046
BID
MISC
CONFIRM
apache -- archivaSeveral REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights).2017-05-22not yet calculatedCVE-2017-5657
CONFIRM
BID
apache -- knoxFor versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release.2017-05-26not yet calculatedCVE-2017-5646
MLIST
apple -- ios_macosAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-6991
CONFIRM
CONFIRM
apple -- ios_safariAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.2017-05-22not yet calculatedCVE-2017-2528
CONFIRM
CONFIRM
apple -- ios_safariAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-2526
CONFIRM
CONFIRM
apple -- ios_safariAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes.2017-05-22not yet calculatedCVE-2017-2508
CONFIRM
CONFIRM
apple -- ios_safariAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events.2017-05-22not yet calculatedCVE-2017-2510
CONFIRM
CONFIRM
apple -- ios_safariAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-2538
CONFIRM
CONFIRM
apple -- ios_safariAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-2547
CONFIRM
CONFIRM
apple -- ios_safariAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-2539
CONFIRM
CONFIRM
apple -- iosAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.2017-05-22not yet calculatedCVE-2017-6982
BID
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-2548
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes.2017-05-22not yet calculatedCVE-2017-6988
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-05-22not yet calculatedCVE-2017-6990
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6986
CONFIRM
apple -- macos
 
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6985
CONFIRM
apple -- macos
 
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6978
CONFIRM
apple -- macos
 
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-2546
CONFIRM
apple -- macos
 
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-2545
CONFIRM
apple -- macos
 
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-05-22not yet calculatedCVE-2017-2540
CONFIRM
apple -- macos
 
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6977
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-2544
CONFIRM
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-2542
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-2543
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Sandbox" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-2512
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app.2017-05-22not yet calculatedCVE-2017-2535
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-05-22not yet calculatedCVE-2017-2509
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks via a crafted app.2017-05-22not yet calculatedCVE-2017-2534
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-2541
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-2537
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-05-22not yet calculatedCVE-2017-2533
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data.2017-05-22not yet calculatedCVE-2017-2527
CONFIRM
apple -- macosAn issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-05-22not yet calculatedCVE-2017-2516
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.2017-05-22not yet calculatedCVE-2017-2520
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.2017-05-22not yet calculatedCVE-2017-2522
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_products
 
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-05-22not yet calculatedCVE-2017-6987
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.2017-05-22not yet calculatedCVE-2017-2523
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-2525
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-6980
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-6984
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.2017-05-22not yet calculatedCVE-2017-2524
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading.2017-05-22not yet calculatedCVE-2017-2549
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-05-22not yet calculatedCVE-2017-2507
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6999
BID
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.2017-05-22not yet calculatedCVE-2017-2519
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6996
BID
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-2536
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.2017-05-22not yet calculatedCVE-2017-2518
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6989
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_products
 
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-2530
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6997
BID
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-05-22not yet calculatedCVE-2017-6979
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6998
BID
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-2531
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6994
BID
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-2521
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- multiple_productsAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-05-22not yet calculatedCVE-2017-6995
BID
CONFIRM
CONFIRM
CONFIRM
apple -- safariAn issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.2017-05-22not yet calculatedCVE-2017-2511
CONFIRM
apple  -- ios_macosAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks.2017-05-22not yet calculatedCVE-2017-6981
CONFIRM
CONFIRM
apple  -- ios_macosAn issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-05-22not yet calculatedCVE-2017-6983
CONFIRM
CONFIRM
artifex -- ghostscriptGhostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.2017-05-23not yet calculatedCVE-2016-7979
CONFIRM
MLIST
BID
CONFIRM
artifex -- ghostscriptGhostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.2017-05-23not yet calculatedCVE-2016-7977
CONFIRM
MLIST
MLIST
BID
CONFIRM
CONFIRM
artifex -- ghostscriptUse-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.2017-05-23not yet calculatedCVE-2016-7978
MLIST
BID
CONFIRM
artifex -- jbig2declibjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file.2017-05-24not yet calculatedCVE-2017-9216
MISC
asp.net -- webforms_report_viewerCross-site scripting (XSS) vulnerability in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-22not yet calculatedCVE-2017-9140
CONFIRM
bitcoin_project -- bitcoinThe Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent.2017-05-24not yet calculatedCVE-2017-9230
MISC
BID
MISC
MISC
MISC
MISC
MISC
bmw -- 330i_2011The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.2017-05-23not yet calculatedCVE-2017-9212
MISC
bosh -- bosh_director_vmAn endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.2017-05-25not yet calculatedCVE-2016-4435
CONFIRM
canonical -- jujuJuju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.2017-05-27not yet calculatedCVE-2017-9232
CONFIRM
ceregon -- fibeair_ip-10_wireless_radiosCeragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device's settings. However, when using SSH, this gives an attacker access to a Linux shell.2017-05-21not yet calculatedCVE-2017-9137
MISC
cisco -- identity_services_engineA vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803.2017-05-21not yet calculatedCVE-2017-6653
BID
CONFIRM
cisco -- industrial_ethernet_1000_series_switchesA vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the Device Manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the Device Manager web interface and with the privileges of the user. Cisco Bug IDs: CSCvc88811.2017-05-21not yet calculatedCVE-2017-6634
BID
CONFIRM
cisco -- ip_phoneA vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795.2017-05-21not yet calculatedCVE-2017-6630
BID
CONFIRM
cisco -- nx-os_system_softwareA vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus 5000 Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771.2017-05-21not yet calculatedCVE-2017-6650
BID
CONFIRM
cisco -- nx-os_system_softwareA vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus 5000 Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787.2017-05-21not yet calculatedCVE-2017-6649
BID
CONFIRM
cisco -- prime_collaboration_provisioning_softwareA vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99597.2017-05-21not yet calculatedCVE-2017-6635
BID
CONFIRM
cisco -- prime_collaboration_provisioning_softwareA vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99618.2017-05-21not yet calculatedCVE-2017-6637
BID
CONFIRM
cisco -- prime_collaboration_provisioning_softwareA vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604.2017-05-21not yet calculatedCVE-2017-6636
BID
CONFIRM
cisco -- remote_expert_manager_softwareA vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856.2017-05-21not yet calculatedCVE-2017-6642
BID
CONFIRM
cisco -- remote_expert_manager_softwareA vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52858.2017-05-21not yet calculatedCVE-2017-6643
BID
CONFIRM
cisco -- remote_expert_manager_softwareA vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52861.2017-05-21not yet calculatedCVE-2017-6645
BID
CONFIRM
cisco -- remote_expert_manager_softwareA vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to a lack of rate-limiting functionality in the TCP Listen application of the affected software. An attacker could exploit this vulnerability by sending a crafted TCP traffic stream in which specific types of TCP packets are flooded to an affected device, for example a TCP packet stream in which the TCP FIN bit is set in all the TCP packets. A successful exploit could allow the attacker to cause certain TCP listening ports on the affected system to stop accepting incoming connections for a period of time or until the affected device is restarted, resulting in a DoS condition. In addition, system resources, such as CPU and memory, could be exhausted during the attack. Cisco Bug IDs: CSCva29806.2017-05-21not yet calculatedCVE-2017-6641
BID
CONFIRM
cisco -- remote_expert_manager_softwareA vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52860.2017-05-21not yet calculatedCVE-2017-6644
BID
CONFIRM
cisco -- remote_expert_manager_softwareA vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52875.2017-05-21not yet calculatedCVE-2017-6647
BID
CONFIRM
cisco -- remote_expert_manager_softwareA vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52866 CSCvc52868.2017-05-21not yet calculatedCVE-2017-6646
BID
CONFIRM
cisco -- secure_bytes_secure_cisco_auditorSecure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.2017-05-21not yet calculatedCVE-2017-9024
MISC
EXPLOIT-DB
cisco -- ucs_c-rack_serversA vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544.2017-05-21not yet calculatedCVE-2017-6633
BID
CONFIRM
cisco -- unified_communications_managerA vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608.2017-05-21not yet calculatedCVE-2017-6654
BID
CONFIRM
contao -- contaoDirectory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.2017-05-26not yet calculatedCVE-2015-0269
CONFIRM
CONFIRM
CONFIRM
contiki -- operating_systemAn issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing function. This resulted in a board crash, which can be used to perform denial of service.2017-05-27not yet calculatedCVE-2017-7295
MISC
contiki -- operating_systemAn issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection.2017-05-27not yet calculatedCVE-2017-7296
MISC
d-link -- dir-600mlogin.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.2017-05-21not yet calculatedCVE-2017-9100
MISC
EXPLOIT-DB
MISC
emperical_project_monitor-extended -- emperical_project_monitor-extendedCross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-22not yet calculatedCVE-2017-2173
JVNDB
JVN
CONFIRM
emperical_project_monitor-extended -- emperical_project_monitor-extendedCross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-22not yet calculatedCVE-2017-2174
JVNDB
JVN
CONFIRM
emperical_project_monitor-extended -- emperical_project_monitor-extendedUntrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-05-22not yet calculatedCVE-2017-2175
JVNDB
JVN
CONFIRM
etax -- etax_softwareUntrusted search path vulnerability in The installer of eTax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-05-22not yet calculatedCVE-2016-4901
JVNDB
MISC
BID
JVN
evernote -- evernoteUntrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-05-22not yet calculatedCVE-2016-4900
JVNDB
BID
CONFIRM
JVN
exiv2 -- exiv2An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file.2017-05-26not yet calculatedCVE-2017-9239
MISC
MISC
f5 -- big-ipIn some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.2017-05-23not yet calculatedCVE-2017-6131
CONFIRM
fortinet -- fortianlyzer_fortimanagerAn Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.2017-05-26not yet calculatedCVE-2017-3126
CONFIRM
fortinet -- fortiosAn escalation of privilege vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.3 and below allows an attacker to gain root privilege via the subproc file.2017-05-26not yet calculatedCVE-2016-8497
CONFIRM
fortinet -- fortiosA potential execution of unauthorized code or commands vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.2 and below allows attacker to potentially overwrite an existing file via the FortiClient log file.2017-05-26not yet calculatedCVE-2016-8496
CONFIRM
fortinet -- fortiosA stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter.2017-05-23not yet calculatedCVE-2017-3128
BID
CONFIRM
fortinet -- fortiportalAn open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.2017-05-26not yet calculatedCVE-2017-7343
CONFIRM
fortinet -- fortiportalAn improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.2017-05-26not yet calculatedCVE-2017-7337
CONFIRM
fortinet -- fortiportalA Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.2017-05-26not yet calculatedCVE-2017-7339
CONFIRM
fortinet -- fortiportalA password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.2017-05-26not yet calculatedCVE-2017-7338
CONFIRM
fortinet -- fortiportalA weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.2017-05-26not yet calculatedCVE-2017-7731
CONFIRM
fortinet -- fortiwlc-sdAn escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.2017-05-26not yet calculatedCVE-2017-3134
CONFIRM
fortinet -- fortiwebA Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.2017-05-26not yet calculatedCVE-2017-3129
CONFIRM
gajim -- gajimGajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.2017-05-27not yet calculatedCVE-2016-10376
MISC
MISC
MISC
MISC
gntls_libtasn1 -- gntls_libtasn1Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.2017-05-22not yet calculatedCVE-2017-6891
CONFIRM
MISC
MISC
google -- chromeUse-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.2017-05-23not yet calculatedCVE-2016-5177
SUSE
SUSE
REDHAT
DEBIAN
BID
SECTRACK
CONFIRM
CONFIRM
FEDORA
FEDORA
google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.2017-05-23not yet calculatedCVE-2016-5178
SUSE
SUSE
REDHAT
DEBIAN
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
hancom -- thinkfree_office_neoAn exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.2017-05-24not yet calculatedCVE-2017-2819
MISC
huawei -- p7_phonesThe GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application.2017-05-23not yet calculatedCVE-2015-8089
CONFIRM
huawei -- wlan_devicesThe mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network.2017-05-23not yet calculatedCVE-2015-6586
BID
CONFIRM
ibm -- business_process_managerIBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891.2017-05-22not yet calculatedCVE-2017-1159
CONFIRM
BID
ibm -- content_navigator_cmisIBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760.2017-05-22not yet calculatedCVE-2017-1282
CONFIRM
BID
ibm -- informix_open_admin_toolIBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.2017-05-22not yet calculatedCVE-2017-1092
CONFIRM
ibm -- inotesIBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.2017-05-26not yet calculatedCVE-2017-1325
CONFIRM
MISC
ibm -- marketing_platformIBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282.2017-05-22not yet calculatedCVE-2016-6112
CONFIRM
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.2017-05-26not yet calculatedCVE-2017-1292
CONFIRM
MISC
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.2017-05-26not yet calculatedCVE-2017-1291
CONFIRM
MISC
ibm -- sdkIBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.2017-05-22not yet calculatedCVE-2017-1289
BID
CONFIRM
ibm -- tivoli_federated_identity_managerIBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732.2017-05-22not yet calculatedCVE-2017-1320
CONFIRM
imagemagick -- imagemagick_graphicsmagickImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.2017-05-19not yet calculatedCVE-2017-9098
MISC
BID
MISC
MISC
imageworsener -- imageworsenerThe iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.2017-05-23not yet calculatedCVE-2017-9204
MISC
MISC
imageworsener -- imageworsenerThe iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.2017-05-23not yet calculatedCVE-2017-9207
MISC
MISC
imageworsener -- imageworsenerimagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.2017-05-23not yet calculatedCVE-2017-9202
MISC
MISC
imageworsener -- imageworsenerThe iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.2017-05-23not yet calculatedCVE-2017-9206
MISC
MISC
imageworsener -- imageworsenerThe iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.2017-05-23not yet calculatedCVE-2017-9205
MISC
MISC
imageworsener -- imageworsenerimagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.2017-05-23not yet calculatedCVE-2017-9201
MISC
MISC
imageworsener -- imageworsenerimagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c.2017-05-23not yet calculatedCVE-2017-9203
MISC
MISC
jasypt -- jasyptjasypt before 1.9.2 allows a timing attack against the password hash comparison.2017-05-21not yet calculatedCVE-2014-9970
CONFIRM
lenovo -- lenovo_solution_centerThe backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.2017-05-23not yet calculatedCVE-2016-1876
CONFIRM
libconfig-model-perl -- libconfig-model-perlThe gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.2017-05-23not yet calculatedCVE-2017-0373
CONFIRM
CONFIRM
CONFIRM
libconfig-model-perl -- libconfig-model-perllib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array.2017-05-23not yet calculatedCVE-2017-0374
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelThe crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.2017-05-23not yet calculatedCVE-2017-9211
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernelThe __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.2017-05-26not yet calculatedCVE-2017-9242
CONFIRM
CONFIRM
CONFIRM
linux -- linuxIn Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.2017-05-23not yet calculatedCVE-2017-9214
CONFIRM
linux  -- linux_kernelThe tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.2017-05-19not yet calculatedCVE-2017-9077
CONFIRM
BID
CONFIRM
CONFIRM
linux  -- linux_kernelThe IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.2017-05-19not yet calculatedCVE-2017-9074
CONFIRM
BID
CONFIRM
CONFIRM
linux  -- linux_kernelThe sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.2017-05-19not yet calculatedCVE-2017-9075
CONFIRM
BID
CONFIRM
CONFIRM
linux  -- linux_kernelThe dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.2017-05-19not yet calculatedCVE-2017-9076
CONFIRM
BID
CONFIRM
CONFIRM
mantisbt -- mantisbtMantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI.2017-05-21not yet calculatedCVE-2017-7620
MISC
CONFIRM
CONFIRM
EXPLOIT-DB
marklogic -- marklogicAn exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6.2017-05-23not yet calculatedCVE-2017-2797
MISC
marklogic -- marklogicAn exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.2017-05-23not yet calculatedCVE-2017-2793
MISC
marklogic -- marklogicAn exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious xls file to trigger this vulnerability.2017-05-23not yet calculatedCVE-2017-2783
MISC
marklogic -- marklogicAn exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability.2017-05-23not yet calculatedCVE-2017-2794
MISC
marklogic -- marklogicAn exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.2017-05-24not yet calculatedCVE-2017-2798
MISC
marklogic -- marklogicAn exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.2017-05-24not yet calculatedCVE-2017-2799
MISC
metadata_anonymisation_toolkit -- metadata_anonymisation_toolkitMetadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted.2017-05-22not yet calculatedCVE-2017-9149
MISC
MISC
MISC
MISC
microsoft -- multiple_productsThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.2017-05-26not yet calculatedCVE-2017-8542
CONFIRM
microsoft -- multiple_productsThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540.2017-05-26not yet calculatedCVE-2017-8541
CONFIRM
microsoft -- multiple_productsThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8536
CONFIRM
microsoft -- multiple_productsThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8535
CONFIRM
microsoft -- multiple_productsThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.2017-05-26not yet calculatedCVE-2017-8540
CONFIRM
microsoft -- multiple_productsThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8539
CONFIRM
microsoft -- multiple_productsThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.2017-05-26not yet calculatedCVE-2017-8537
CONFIRM
microsoft -- multiple_productsThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.2017-05-26not yet calculatedCVE-2017-8538
CONFIRM
netapp -- oncommand_unified_manager_core_packageSQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2017-05-25not yet calculatedCVE-2017-7236
CONFIRM
netapp -- oncommand_unified_manager_core_packageNetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages.2017-05-25not yet calculatedCVE-2017-7439
CONFIRM
netcar -- wnr2000_devicesNETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.2017-05-26not yet calculatedCVE-2017-6862
CONFIRM
ntt_docomo -- l-04dCross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.2017-05-22not yet calculatedCVE-2016-4854
JVNDB
BID
JVN
oniguruma -- onigurumaAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.2017-05-24not yet calculatedCVE-2017-9229
CONFIRM
CONFIRM
oniguruma -- onigurumaAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.2017-05-24not yet calculatedCVE-2017-9226
CONFIRM
CONFIRM
CONFIRM
oniguruma -- onigurumaAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.2017-05-24not yet calculatedCVE-2017-9228
CONFIRM
CONFIRM
oniguruma -- onigurumaAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.2017-05-24not yet calculatedCVE-2017-9224
CONFIRM
CONFIRM
oniguruma -- onigurumaAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.2017-05-24not yet calculatedCVE-2017-9225
CONFIRM
CONFIRM
oniguruma -- onigurumaAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.2017-05-24not yet calculatedCVE-2017-9227
CONFIRM
CONFIRM
open_source_solutions -- vimbadminMultiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password.2017-05-23not yet calculatedCVE-2017-5870
MLIST
MISC
open_vpn -- access_serverCRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/.2017-05-25not yet calculatedCVE-2017-5868
MLIST
SECTRACK
MISC
openexr -- openexrIn OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.2017-05-21not yet calculatedCVE-2017-9114
MISC
openexr -- openexrIn OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.2017-05-21not yet calculatedCVE-2017-9110
MISC
openexr -- openexrIn OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.2017-05-21not yet calculatedCVE-2017-9112
MISC
openexr -- openexrIn OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.2017-05-21not yet calculatedCVE-2017-9111
MISC
openexr -- openexrIn OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.2017-05-21not yet calculatedCVE-2017-9115
MISC
openexr -- openexrIn OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.2017-05-21not yet calculatedCVE-2017-9116
MISC
openexr -- openexrIn OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.2017-05-21not yet calculatedCVE-2017-9113
MISC
pegasus_mail -- pegasus_mailwinpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack.2017-05-21not yet calculatedCVE-2017-9046
MISC
pgbouncer -- pgbouncerPgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.2017-05-23not yet calculatedCVE-2015-6817
MISC
MLIST
CONFIRM
CONFIRM
CONFIRM
GENTOO
pgbouncer -- pgbouncerPgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.2017-05-23not yet calculatedCVE-2015-4054
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
GENTOO
php -- phpThe i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.2017-05-21not yet calculatedCVE-2017-9119
BID
MISC
picocom -- picocompicocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.2017-05-27not yet calculatedCVE-2015-9059
CONFIRM
pivotal -- cloud_foundryA path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.2017-05-25not yet calculatedCVE-2015-1834
CONFIRM
pivotal -- cloud_foundryIt was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications.2017-05-25not yet calculatedCVE-2016-0780
CONFIRM
pivotal -- cloud_foundryWith Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.2017-05-25not yet calculatedCVE-2015-3190
CONFIRM
pivotal -- cloud_foundryCloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.2017-05-25not yet calculatedCVE-2016-0761
CONFIRM
pivotal -- cloud_foundryThe UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions.2017-05-25not yet calculatedCVE-2016-0781
CONFIRM
pivotal -- cloud_foundryWith Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.2017-05-25not yet calculatedCVE-2015-3191
CONFIRM
pivotal -- cloud_foundryWith Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.2017-05-25not yet calculatedCVE-2015-3189
CONFIRM
pivotal -- spring_frameworkUnder some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response.2017-05-25not yet calculatedCVE-2015-5211
CONFIRM
MISC
pivotal -- spring_frameworkWhen processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.2017-05-25not yet calculatedCVE-2014-0225
CONFIRM
pivotal -- spring_securityWhen processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.2017-05-25not yet calculatedCVE-2016-4977
CONFIRM
pivotal -- spring_securityBoth Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.2017-05-25not yet calculatedCVE-2016-5007
BID
CONFIRM
pivotal -- spring_securityThe ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.2017-05-25not yet calculatedCVE-2014-0097
CONFIRM
pivotal -- spring_securityWhen using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.2017-05-25not yet calculatedCVE-2014-3527
CONFIRM
pivotal  -- cloud_foundryThe UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.2017-05-25not yet calculatedCVE-2016-3084
CONFIRM
pivotal  -- cloud_foundryThe Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response.2017-05-25not yet calculatedCVE-2016-2165
CONFIRM
playsms -- playsmsimport.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.2017-05-21not yet calculatedCVE-2017-9101
EXPLOIT-DB
pngquant -- pngquantInteger overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow.2017-05-23not yet calculatedCVE-2016-5735
MISC
CONFIRM
power_software -- powerisoA use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability.2017-05-24not yet calculatedCVE-2017-2823
MISC
power_software -- powerisoA stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability.2017-05-24not yet calculatedCVE-2017-2817
MISC
qemu -- qemuMemory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events.2017-05-23not yet calculatedCVE-2017-8379
MLIST
BID
MLIST
qemu -- qemuMemory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture.2017-05-23not yet calculatedCVE-2017-8309
BID
MLIST
qpdf -- qpdflibqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.2017-05-23not yet calculatedCVE-2017-9208
MISC
qpdf -- qpdflibqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.2017-05-23not yet calculatedCVE-2017-9209
MISC
qpdf -- qpdflibqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.2017-05-23not yet calculatedCVE-2017-9210
MISC
randombit_botan -- randombit_botanA programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.2017-05-24not yet calculatedCVE-2017-2801
MISC
BID
red_hat -- jboss_application_serverHTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.2017-05-19not yet calculatedCVE-2017-7504
BID
CONFIRM
redmine -- redmineCross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.2017-05-23not yet calculatedCVE-2015-8477
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
roundcube -- roundcube_webmailprogram/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.2017-05-23not yet calculatedCVE-2015-5382
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
roundcube -- roundcube_webmailRoundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.2017-05-23not yet calculatedCVE-2015-5383
MLIST
CONFIRM
CONFIRM
CONFIRM
roundcube -- roundcube_webmailCross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.2017-05-23not yet calculatedCVE-2015-5381
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
sap -- business_one_for_androidSAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/
INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065.
2017-05-25not yet calculatedCVE-2016-6256
MISC
BID
EXPLOIT-DB
sap -- hana_xssinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.2017-05-23not yet calculatedCVE-2017-8914
BID
MISC
MISC
sap -- hana_xssinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694.2017-05-23not yet calculatedCVE-2017-8915
BID
MISC
MISC
sap -- netweaver_as_javaThe Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.2017-05-23not yet calculatedCVE-2017-8913
MISC
MISC
schneider_electric -- wonderwall_indusoft_web_studioAn Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges.2017-05-19not yet calculatedCVE-2017-7968
MISC
BID
MISC
sitecore -- crmSitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter.2017-05-23not yet calculatedCVE-2017-5966
MISC
sitecore -- crmThe package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file.2017-05-23not yet calculatedCVE-2017-5965
MISC
synacore -- zimbra_collaboration_suiteCross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-23not yet calculatedCVE-2017-7288
BID
CONFIRM
CONFIRM
synacore -- zimbra_collaboration_suiteA service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.2017-05-23not yet calculatedCVE-2017-6813
BID
CONFIRM
CONFIRM
synacore -- zimbra_collaboration_suiteDirectory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.2017-05-23not yet calculatedCVE-2017-6821
BID
CONFIRM
CONFIRM
systemd-resolved -- systemd-resolvedsystemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.2017-05-24not yet calculatedCVE-2017-9217
CONFIRM
CONFIRM
CONFIRM
tenda -- routersThere is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.2017-05-21not yet calculatedCVE-2017-9138
MISC
tenda -- routersThere is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds.2017-05-21not yet calculatedCVE-2017-9139
MISC
teradata -- teradata_gatewayTeradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message.2017-05-23not yet calculatedCVE-2015-5401
MISC
SECTRACK
MISC
the_foreman -- the_foremanForeman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.2017-05-26not yet calculatedCVE-2017-7505
CONFIRM
CONFIRM
toshiba -- flashair_sdhc_memory_cardFlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser.2017-05-22not yet calculatedCVE-2017-2162
JVNDB
CONFIRM
JVN
toshiba -- flashair_sdhc_memory_cardFlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors.2017-05-22not yet calculatedCVE-2017-2161
JVNDB
CONFIRM
JVN
toshiba -- flashairThe Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.2017-05-22not yet calculatedCVE-2016-4863
JVNDB
BID
JVN
trend_micro -- serverprotect_for_linuxMultiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T114, (7) T115, (8) T117117, (9) T118, (10) T_action_fail, (11) T_ptn_update, (12) textarea, (13) textfield5, or (14) tmLastConfigFileModifiedDate parameter to notification.cgi.2017-05-25not yet calculatedCVE-2017-9037
MISC
FULLDISC
SECTRACK
CONFIRM
MISC
trend_micro -- serverprotect_for_linuxMultiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi.2017-05-25not yet calculatedCVE-2017-9032
MISC
FULLDISC
SECTRACK
CONFIRM
MISC
trend_micro -- serverprotect_for_linuxCross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens.2017-05-25not yet calculatedCVE-2017-9033
MISC
FULLDISC
SECTRACK
CONFIRM
MISC
trend_micro -- serverprotect_for_linuxTrend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory.2017-05-25not yet calculatedCVE-2017-9036
MISC
FULLDISC
SECTRACK
CONFIRM
MISC
trend_micro -- serverprotect_for_linuxTrend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers.2017-05-25not yet calculatedCVE-2017-9035
MISC
FULLDISC
SECTRACK
CONFIRM
MISC
trend_micro -- serverprotect_for_linuxTrend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.2017-05-25not yet calculatedCVE-2017-9034
MISC
FULLDISC
SECTRACK
CONFIRM
MISC
vanilla_forums -- vanilla_forumsThe from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.2017-05-23not yet calculatedCVE-2016-10073
MISC
MISC
CONFIRM
EXPLOIT-DB
videolan_vlc -- videolan_vlcHeap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file.2017-05-23not yet calculatedCVE-2017-8312
CONFIRM
videolan_vlc -- videolan_vlcPotential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.2017-05-23not yet calculatedCVE-2017-8311
CONFIRM
videolan_vlc -- videolan_vlcHeap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file.2017-05-23not yet calculatedCVE-2017-8310
CONFIRM
BID
videolan_vlc -- videolan_vlcHeap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file.2017-05-23not yet calculatedCVE-2017-8313
CONFIRM
virgl -- virglrendererThe vrend_clear dispatch function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted value in "buffers."2017-05-26not yet calculatedCVE-2017-9021
CONFIRM
MLIST
vmware -- workstation_pro/playerVMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine.2017-05-22not yet calculatedCVE-2017-4916
BID
CONFIRM
vmware -- workstation_pro/playerVMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.2017-05-22not yet calculatedCVE-2017-4915
BID
CONFIRM
wolfssl -- wolfsslA specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.2017-05-24not yet calculatedCVE-2017-2800
MISC
wordpress -- wordpressCross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-22not yet calculatedCVE-2017-2168
JVNDB
JVN
CONFIRM
wordpress -- wordpressAbsolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php.2017-05-23not yet calculatedCVE-2015-5609
MLIST
MLIST
MISC
wordpress -- wordpressupload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.2017-05-23not yet calculatedCVE-2015-5682
MLIST
MISC
wordpress -- wordpressAbsolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php.2017-05-23not yet calculatedCVE-2015-5469
MLIST
MLIST
MISC
wordpress -- wordpressDirectory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php.2017-05-23not yet calculatedCVE-2015-4704
MISC
MISC
wordpress -- wordpressCross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-22not yet calculatedCVE-2017-2169
JVNDB
JVN
CONFIRM
wordpress -- wordpressDirectory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.2017-05-23not yet calculatedCVE-2015-5468
MLIST
MLIST
MISC
CONFIRM
wordpress -- wordpressCross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu.2017-05-22not yet calculatedCVE-2017-2171
JVNDB
JVN
wordpress -- wordpressUnrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.2017-05-23not yet calculatedCVE-2015-4455
MISC
MISC
wordpress -- wp-olivecartSQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.2017-05-22not yet calculatedCVE-2016-4905
JVNDB
BID
CONFIRM
JVN
wordpress -- wp-olivecartCross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors.2017-05-22not yet calculatedCVE-2016-4904
JVNDB
BID
CONFIRM
JVN
wordpress -- wp-olivecartCross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-22not yet calculatedCVE-2016-4903
BID
CONFIRM
JVN
xbmc/kodi_foundation -- kodiDirectory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.2017-05-23not yet calculatedCVE-2017-8314
BID
CONFIRM
yodl -- yodlYodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.2017-05-26not yet calculatedCVE-2016-10375
CONFIRM
CONFIRM
ytnef -- ytnefThe TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.2017-05-22not yet calculatedCVE-2017-9146
MISC
MISC
zabbix -- zabbix_serverAn exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.2017-05-24not yet calculatedCVE-2017-2824
BID
MISC
zlib -- zlibThe crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.2017-05-23not yet calculatedCVE-2016-9843
SUSE
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
GENTOO
MISC
MISC
zlib -- zlibinffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.2017-05-23not yet calculatedCVE-2016-9841
SUSE
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
GENTOO
MISC
MISC
zlib -- zlibinftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.2017-05-23not yet calculatedCVE-2016-9840
SUSE
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
GENTOO
MISC
MISC
zlib -- zlibThe inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.2017-05-23not yet calculatedCVE-2016-9842
SUSE
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
GENTOO
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.