Vulnerability Summary for the Week of June 5, 2017
Released
Jun 12, 2017
Document ID
SB17-163
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- hadoop | In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. | 2017-06-04 | 8.5 | CVE-2017-7669 BID MLIST |
| bigtreecms -- bigtree_cms | Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | 2017-06-02 | 7.5 | CVE-2017-9364 CONFIRM CONFIRM |
| dolibarr -- dolibarr | Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). | 2017-06-05 | 7.5 | CVE-2017-9435 CONFIRM CONFIRM |
| google -- android | In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9923 BID CONFIRM |
| google -- android | In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur. | 2017-06-06 | 9.3 | CVE-2014-9924 BID CONFIRM |
| google -- android | In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9925 BID CONFIRM |
| google -- android | In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9926 BID CONFIRM |
| google -- android | In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9927 CONFIRM |
| google -- android | In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9928 BID CONFIRM |
| google -- android | In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9929 BID CONFIRM |
| google -- android | In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9930 BID CONFIRM |
| google -- android | In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. | 2017-06-06 | 7.6 | CVE-2014-9941 BID CONFIRM |
| google -- android | In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9942 BID CONFIRM |
| google -- android | In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9943 BID CONFIRM |
| google -- android | In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9944 BID CONFIRM |
| google -- android | In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9945 BID CONFIRM |
| google -- android | In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9946 BID CONFIRM |
| google -- android | In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9948 BID CONFIRM |
| google -- android | In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9949 BID CONFIRM |
| google -- android | In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9950 BID CONFIRM |
| google -- android | In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2014-9952 BID CONFIRM |
| google -- android | In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2015-9005 BID CONFIRM |
| google -- android | In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2015-9006 BID CONFIRM |
| google -- android | In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2015-9007 BID CONFIRM |
| google -- android | In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. | 2017-06-06 | 9.3 | CVE-2016-10297 BID CONFIRM |
| lenovo -- lenovo_service_bridge | In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | 2017-06-04 | 7.2 | CVE-2016-8228 CONFIRM |
| mercurial -- mercurial | In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. | 2017-06-06 | 9.0 | CVE-2017-9462 CONFIRM CONFIRM CONFIRM |
| soffid -- iam | Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request. | 2017-06-02 | 7.5 | CVE-2017-9363 CONFIRM |
| todd_miller -- sudo | Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. | 2017-06-05 | 7.2 | CVE-2017-1000368 BID CONFIRM |
| websitebaker -- websitebaker | WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | 2017-06-02 | 7.5 | CVE-2017-9360 MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. | 2017-06-02 | 7.8 | CVE-2017-9345 BID MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. | 2017-06-02 | 7.8 | CVE-2017-9346 BID MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. | 2017-06-02 | 7.8 | CVE-2017-9349 BID MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. | 2017-06-02 | 7.8 | CVE-2017-9350 BID MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. | 2017-06-02 | 7.8 | CVE-2017-9352 BID MISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| asterisk -- certified_asterisk | A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing a infinite loop and leading to memory exhaustion (by message logging in that loop). | 2017-06-02 | 5.0 | CVE-2017-9358 CONFIRM BID CONFIRM |
| bigtreecms -- bigtree_cms | CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked. | 2017-06-02 | 6.8 | CVE-2017-9365 CONFIRM CONFIRM |
| bigtreecms -- bigtree_cms | BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted. | 2017-06-02 | 4.0 | CVE-2017-9378 MISC MISC |
| bigtreecms -- bigtree_cms | Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php. | 2017-06-02 | 6.8 | CVE-2017-9379 MISC |
| bigtreecms -- bigtree_cms | SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true. | 2017-06-04 | 6.5 | CVE-2017-9427 MISC |
| bigtreecms -- bigtree_cms | A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter. | 2017-06-04 | 5.0 | CVE-2017-9428 MISC |
| bigtreecms -- bigtree_cms | ** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." | 2017-06-05 | 6.5 | CVE-2017-9442 MISC |
| bigtreecms -- bigtree_cms | ** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." | 2017-06-05 | 6.5 | CVE-2017-9443 MISC |
| cryptopp -- crypto++ | Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter. | 2017-06-05 | 5.0 | CVE-2017-9434 CONFIRM CONFIRM CONFIRM |
| freedesktop -- poppler | In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. | 2017-06-02 | 4.3 | CVE-2017-9406 CONFIRM |
| freedesktop -- poppler | In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. | 2017-06-02 | 4.3 | CVE-2017-9408 CONFIRM |
| google -- android | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. | 2017-06-06 | 4.3 | CVE-2014-9947 BID CONFIRM |
| google -- android | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. | 2017-06-06 | 4.3 | CVE-2014-9951 BID CONFIRM |
| google -- android | The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names. | 2017-06-06 | 4.3 | CVE-2015-3830 MISC MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-06-02 | 4.3 | CVE-2017-9405 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-06-02 | 4.3 | CVE-2017-9407 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-06-02 | 4.3 | CVE-2017-9409 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. | 2017-06-05 | 4.3 | CVE-2017-9439 BID CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. | 2017-06-05 | 4.3 | CVE-2017-9440 BID CONFIRM |
| jamroom -- jamroom | Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field. | 2017-06-04 | 4.3 | CVE-2012-6705 MISC BID |
| lenovo -- lenovo_service_bridge | A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | 2017-06-04 | 6.8 | CVE-2016-8229 CONFIRM |
| lenovo -- lenovo_service_bridge | In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. | 2017-06-04 | 5.0 | CVE-2016-8230 CONFIRM |
| lenovo -- lenovo_service_bridge | In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | 2017-06-04 | 5.0 | CVE-2016-8231 CONFIRM |
| libtiff -- libtiff | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file. | 2017-06-02 | 4.3 | CVE-2017-9403 CONFIRM |
| libtiff -- libtiff | In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file. | 2017-06-02 | 4.3 | CVE-2017-9404 CONFIRM |
| odoo -- odoo | Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service. | 2017-06-04 | 4.0 | CVE-2017-9416 CONFIRM |
| open-emr -- openemr | OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application. | 2017-06-02 | 6.5 | CVE-2017-9380 MISC |
| todd_miller -- sudo | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | 2017-06-05 | 6.9 | CVE-2017-1000367 SUSE SUSE SUSE MISC FULLDISC DEBIAN MLIST BID SECTRACK UBUNTU REDHAT FEDORA GENTOO CONFIRM |
| virustotal -- yara | libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304. | 2017-06-05 | 5.0 | CVE-2017-9438 CONFIRM CONFIRM |
| websitebaker -- websitebaker | WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. | 2017-06-02 | 4.3 | CVE-2017-9361 MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. | 2017-06-02 | 5.0 | CVE-2017-9343 BID MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. | 2017-06-02 | 5.0 | CVE-2017-9344 BID MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. | 2017-06-02 | 5.0 | CVE-2017-9347 BID MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. | 2017-06-02 | 5.0 | CVE-2017-9348 BID MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. | 2017-06-02 | 5.0 | CVE-2017-9351 BID MISC MISC MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. | 2017-06-02 | 5.0 | CVE-2017-9353 BID MISC MISC MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. | 2017-06-02 | 5.0 | CVE-2017-9354 BID MISC MISC MISC MISC |
| ytnef_project -- ytnef | In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | 2017-06-07 | 4.3 | CVE-2017-9470 MISC |
| ytnef_project -- ytnef | In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 2017-06-07 | 4.3 | CVE-2017-9471 MISC |
| ytnef_project -- ytnef | In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 2017-06-07 | 4.3 | CVE-2017-9472 MISC |
| ytnef_project -- ytnef | In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | 2017-06-07 | 4.3 | CVE-2017-9473 MISC |
| ytnef_project -- ytnef | In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 2017-06-07 | 4.3 | CVE-2017-9474 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| piwigo -- piwigo | Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 2017-06-06 | 3.5 | CVE-2017-9452 MISC |
| telaxus -- epesi | Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter. | 2017-06-02 | 3.5 | CVE-2017-9366 CONFIRM CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| acquisition_technology_&_logistics_agency -- installer_of_electronic_tendering_and_bid_opening_system | Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2178 JVN CONFIRM |
| adblock -- adblock | AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters. | 2017-06-08 | not yet calculated | CVE-2015-2692 CONFIRM MISC |
| amd -- fglrx-driver | AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723. | 2017-06-07 | not yet calculated | CVE-2015-7724 MISC FULLDISC BUGTRAQ BID MISC |
| amd -- fglrx-driver | AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. | 2017-06-07 | not yet calculated | CVE-2015-7723 MISC FULLDISC BUGTRAQ BID MISC |
apache -- archiva | The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes. | 2017-06-06 | not yet calculated | CVE-2016-5004 MLIST BID SECTRACK MISC MISC |
| apache -- cxf_fediz | Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. | 2017-06-07 | not yet calculated | CVE-2015-5175 MLIST BID CONFIRM CONFIRM MLIST |
| apache -- java_servlet_specification | The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. | 2017-06-06 | not yet calculated | CVE-2017-5664 BID MLIST |
| appcheck -- appcheck | Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2214 JVN |
| apple -- mac_sleipnir_4 | Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage. | 2017-06-09 | not yet calculated | CVE-2016-7831 JVN |
| arm -- arm_trusted_firmware | In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits). | 2017-06-07 | not yet calculated | CVE-2017-7563 CONFIRM |
| arm -- arm_trusted_firmware | In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. | 2017-06-07 | not yet calculated | CVE-2017-7564 CONFIRM |
arubanetworks -- clearpass_policy_manager | SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. | 2017-06-08 | not yet calculated | CVE-2016-2034 CONFIRM |
| asterisk -- asterisk | PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. | 2017-06-02 | not yet calculated | CVE-2017-9372 CONFIRM BID CONFIRM |
| asterisk -- asterisk | The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | 2017-06-02 | not yet calculated | CVE-2017-9359 CONFIRM BID CONFIRM CONFIRM |
| atmail -- atmail | atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. | 2017-06-08 | not yet calculated | CVE-2017-9517 CONFIRM |
| atmail -- atmail | atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. | 2017-06-08 | not yet calculated | CVE-2017-9519 CONFIRM |
| atmail -- atmail | atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. | 2017-06-08 | not yet calculated | CVE-2017-9518 CONFIRM |
| bigtree -- bigtree_cms | BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the index.php/admin/developer/upgrade/set-ftp-directory/ URI. | 2017-06-05 | not yet calculated | CVE-2017-9444 MISC |
| bigtree -- bigtree_cms | ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files." | 2017-06-05 | not yet calculated | CVE-2017-9441 MISC |
| bigtree -- bigtree_cms | SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name. | 2017-06-06 | not yet calculated | CVE-2017-9449 MISC |
| bigtree -- bigtree_cms | Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users. | 2017-06-06 | not yet calculated | CVE-2017-9448 MISC |
blue_coat -- advanced_secure_gateway
| Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. | 2017-06-08 | not yet calculated | CVE-2016-6594 CONFIRM |
bluez -- bluez
| Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. | 2017-06-09 | not yet calculated | CVE-2016-7837 CONFIRM JVN |
| broadcom -- wi-fi_chip | Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. | 2017-06-04 | not yet calculated | CVE-2017-9417 MISC |
| buffalo_inc -- wnc01wh_firmware | Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7824 CONFIRM JVN |
| buffalo_inc -- wnc01wh_firmware | Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. | 2017-06-09 | not yet calculated | CVE-2016-7825 CONFIRM JVN |
| buffalo_inc -- wnc01wh_firmware | Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7822 CONFIRM JVN |
| buffalo_inc -- wnc01wh_firmware | Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. | 2017-06-09 | not yet calculated | CVE-2016-7826 CONFIRM JVN |
| buffalo_inc -- wnc01wh_firmware | Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7823 CONFIRM JVN |
buffalo_inc -- wnc01wh_firmware
| Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7821 CONFIRM JVN |
| cgi:irc -- irc.cgi | irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS. | 2017-06-06 | not yet calculated | CVE-2017-8920 CONFIRM CONFIRM |
| cisco -- anyconnect_secure_mobility_client_for_windows | A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability. This vulnerability affects all Cisco AnyConnect Secure Mobility Client for Windows software versions prior to 4.4.02034. Cisco Bug IDs: CSCvc97928. | 2017-06-08 | not yet calculated | CVE-2017-6638 BID CONFIRM |
| cisco -- prime_data_center_network_manager | A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346. | 2017-06-08 | not yet calculated | CVE-2017-6640 BID CONFIRM |
| cisco -- prime_data_center_network_manager | A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to access sensitive information or execute arbitrary code with root privileges on an affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961. | 2017-06-08 | not yet calculated | CVE-2017-6639 BID CONFIRM |
| cisco -- telepresence_codec_and_collaboration_endpoint_software | A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002. | 2017-06-08 | not yet calculated | CVE-2017-6648 BID CONFIRM |
| compulab -- intense_pc_and_mintbox_2_firmware | CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges. | 2017-06-06 | not yet calculated | CVE-2017-8083 MISC MISC |
corega -- cg-wlbargmh_firmware
| Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7808 CONFIRM JVN |
| corega -- cg-wlr300nx_firmware | Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7810 CONFIRM JVN |
| corega -- cg-wlr300nx_firmware | Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7809 CONFIRM JVN |
| corega -- cg-wlr300nx_firmware | Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7811 CONFIRM JVN |
| craft_cms -- craft_cms | Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. | 2017-06-08 | not yet calculated | CVE-2017-9516 MISC MISC MISC |
| cybozu -- dezie | Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7832 JVN CONFIRM |
| cybozu -- dezie | Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7833 JVN CONFIRM |
| cybozu -- garoon | Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-4907 JVN CONFIRM |
cybozu -- garoon | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. | 2017-06-09 | not yet calculated | CVE-2016-4906 JVN CONFIRM |
| cybozu -- garoon | Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-4908 JVN CONFIRM |
| cybozu -- garoon | SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | 2017-06-09 | not yet calculated | CVE-2016-7803 JVN CONFIRM |
| cybozu -- garoon | Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7801 JVN CONFIRM |
| cybozu -- garoon | Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-4910 JVN CONFIRM |
| cybozu -- garoon | Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7802 JVN CONFIRM |
| cybozu -- garoon | Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-4909 JVN CONFIRM |
| cybozu -- kintone | The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-06-09 | not yet calculated | CVE-2016-7816 JVN CONFIRM |
| deraemon-cms -- deraemon-cms | Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username. | 2017-06-09 | not yet calculated | CVE-2016-7813 CONFIRM JVN |
| document_liberation_project -- libmwaw | Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx. | 2017-06-04 | not yet calculated | CVE-2017-9433 MISC MISC |
| document_liberation_project -- libstaroffice | Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx. | 2017-06-04 | not yet calculated | CVE-2017-9432 MISC MISC |
| elastic -- kibana | Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 2017-06-05 | not yet calculated | CVE-2017-8440 CONFIRM CONFIRM CONFIRM |
| elastic -- kibana | Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. | 2017-06-05 | not yet calculated | CVE-2017-8439 CONFIRM CONFIRM CONFIRM |
| elastic -- x-pack | Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an index alias. | 2017-06-05 | not yet calculated | CVE-2017-8441 CONFIRM CONFIRM CONFIRM |
| elastic -- x-pack | Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user specified does not exist, the transition will not happen. | 2017-06-05 | not yet calculated | CVE-2017-8438 CONFIRM CONFIRM CONFIRM |
| emc -- multiple_products | EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | 2017-06-09 | not yet calculated | CVE-2017-5004 CONFIRM |
| emc -- multiple_products | EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. | 2017-06-09 | not yet calculated | CVE-2017-5003 CONFIRM |
| f5 -- big-ip_enterprise_manager | Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors. | 2017-06-08 | not yet calculated | CVE-2014-6031 CONFIRM |
| f5 -- multiple_products | A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. | 2017-06-09 | not yet calculated | CVE-2016-7469 CONFIRM |
| flatcore -- flatcore | Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | 2017-06-06 | not yet calculated | CVE-2017-9451 MISC |
| game-music-emu -- game-music-emu | game-music-emu before 0.6.1 mishandles unspecified integer values. | 2017-06-06 | not yet calculated | CVE-2016-9961 SUSE SUSE MLIST BID CONFIRM CONFIRM FEDORA FEDORA FEDORA FEDORA MISC |
| game-music-emu -- game-music-emu | game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). | 2017-06-06 | not yet calculated | CVE-2016-9960 SUSE SUSE MLIST BID CONFIRM CONFIRM FEDORA FEDORA FEDORA FEDORA MISC |
| google -- android | b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash). | 2017-06-08 | not yet calculated | CVE-2014-7919 CONFIRM CONFIRM CONFIRM |
| google -- android | Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. | 2017-06-08 | not yet calculated | CVE-2016-5648 MISC FULLDISC BUGTRAQ CERT-VN |
| google -- android | The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-06-09 | not yet calculated | CVE-2016-7805 JVN |
| google -- chrome | Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. | 2017-06-06 | not yet calculated | CVE-2015-1207 CONFIRM CONFIRM |
| google -- grpc | Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c. | 2017-06-04 | not yet calculated | CVE-2017-9431 MISC MISC |
| group_sessions -- group_sessions | GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2017-2165 JVN |
h2o_project -- h2o | Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. | 2017-06-09 | not yet calculated | CVE-2016-7835 CONFIRM JVN |
| houkokusyo -- sakusei_shien_tool | Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2209 CONFIRM CONFIRM MISC JVN |
| huawei -- ar1220_firmware | Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port. | 2017-06-08 | not yet calculated | CVE-2015-2255 CONFIRM |
| huawei -- campus_firmware | The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. | 2017-06-08 | not yet calculated | CVE-2015-2800 CONFIRM BID |
| huawei -- campus_firmware | The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. | 2017-06-08 | not yet calculated | CVE-2015-3913 CONFIRM |
| huawei -- oceanstor_firmware | The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. | 2017-06-08 | not yet calculated | CVE-2015-2253 CONFIRM |
| huawei -- oceanstor_firmware | Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | 2017-06-08 | not yet calculated | CVE-2015-2252 CONFIRM |
| huawei -- oceanstor_firmware | The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. | 2017-06-08 | not yet calculated | CVE-2015-2251 CONFIRM |
| ibm -- bigfix_compliance_analytics | IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. | 2017-06-08 | not yet calculated | CVE-2017-1179 CONFIRM BID MISC |
| ibm -- bigfix_compliance_analytics | IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671. | 2017-06-07 | not yet calculated | CVE-2017-1196 CONFIRM BID MISC |
| ibm -- business_process_manager | IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2017-06-08 | not yet calculated | CVE-2017-1140 CONFIRM BID MISC |
| ibm -- cognos_analytics | IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340. | 2017-06-07 | not yet calculated | CVE-2017-1125 CONFIRM BID MISC |
| ibm -- cognos_business_intelligence | IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563. | 2017-06-07 | not yet calculated | CVE-2016-0254 CONFIRM MISC |
| ibm -- curam_social_program_management | Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information about internal caseworker usernames via vectors related to a URL. | 2017-06-08 | not yet calculated | CVE-2014-4843 CONFIRM BID |
| ibm -- domino | IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. | 2017-06-07 | not yet calculated | CVE-2016-6087 CONFIRM BID MISC |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125459. | 2017-06-07 | not yet calculated | CVE-2017-1305 CONFIRM BID MISC |
| ibm -- endpoint_manager_for_security_and_compliance | IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430. | 2017-06-07 | not yet calculated | CVE-2017-1178 CONFIRM BID MISC |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253. | 2017-06-07 | not yet calculated | CVE-2016-9977 CONFIRM BID MISC |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view. | 2017-06-08 | not yet calculated | CVE-2016-8987 CONFIRM BID MISC |
| ibm -- predictive_solutions_foundation | IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618. | 2017-06-07 | not yet calculated | CVE-2016-9710 CONFIRM MISC |
| ibm -- rhapsody_dm | IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960. | 2017-06-08 | not yet calculated | CVE-2016-9698 CONFIRM CONFIRM BID MISC |
| ibm -- security_access_manager_9.0 | IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462. | 2017-06-07 | not yet calculated | CVE-2016-3019 CONFIRM BID MISC |
| ibm -- security_access_manager_9.0 | IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. | 2017-06-07 | not yet calculated | CVE-2016-3051 CONFIRM BID MISC |
| ibm -- security_privileged_identity_manager | IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136. | 2017-06-07 | not yet calculated | CVE-2016-5959 CONFIRM BID MISC |
| ibm -- security_privileged_identity_manager | IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171. | 2017-06-07 | not yet calculated | CVE-2016-5960 CONFIRM BID MISC |
| ibm -- sterling_order_management | IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314. | 2017-06-08 | not yet calculated | CVE-2016-9991 CONFIRM BID MISC |
| ibm -- tivoli key lifecycle manager | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 2017-06-08 | not yet calculated | CVE-2016-6098 CONFIRM BID MISC |
| ibm -- tivoli key lifecycle manager | IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 2017-06-08 | not yet calculated | CVE-2016-6093 CONFIRM BID MISC |
| ibm -- tivoli_federated_identity_manager | IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. | 2017-06-08 | not yet calculated | CVE-2017-1319 CONFIRM MISC |
| ibm -- tivoli_storage_manager | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. | 2017-06-07 | not yet calculated | CVE-2016-8939 CONFIRM BID MISC |
| ibm -- websphere_application_server | IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. | 2017-06-08 | not yet calculated | CVE-2016-9736 CONFIRM CONFIRM BID MISC |
| ibm -- websphere_mq | IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926. | 2017-06-07 | not yet calculated | CVE-2016-6089 CONFIRM BID MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. | 2017-06-07 | not yet calculated | CVE-2017-9500 BID CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. | 2017-06-07 | not yet calculated | CVE-2017-9501 BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. | 2017-06-07 | not yet calculated | CVE-2017-9499 BID CONFIRM CONFIRM |
| intel -- omni_path_architecture | Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. | 2017-06-07 | not yet calculated | CVE-2015-5232 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| intellect_design_arena -- intellect_core | Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software. | 2017-06-07 | not yet calculated | CVE-2015-6540 MISC BUGTRAQ |
| iodata -- ts-wrlp_firmware | I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7814 CONFIRM JVN |
| iodata -- ts-wrlp_firmware | Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7820 CONFIRM JVN |
| iodata -- ts-wrlp_firmware | I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7819 CONFIRM JVN |
iodata -- wfs-sr01_firmware
| I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7806 CONFIRM JVN |
| iodata -- wfs-sr01_firmware | I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7807 CONFIRM JVN |
ipa -- appgoat
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182. | 2017-06-09 | not yet calculated | CVE-2017-2179 JVN |
ipa -- appgoat
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182. | 2017-06-09 | not yet calculated | CVE-2017-2181 JVN |
ipa -- appgoat
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181. | 2017-06-09 | not yet calculated | CVE-2017-2182 JVN |
ipa -- appgoat
| Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2017-2180 JVN |
| irssi -- irssi | In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash. | 2017-06-06 | not yet calculated | CVE-2017-9469 CONFIRM CONFIRM |
| irssi -- irssi | In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash. | 2017-06-06 | not yet calculated | CVE-2017-9468 CONFIRM CONFIRM |
| lemons_php -- simple_keitai_chat_2.0 | Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7817 JVN |
| lenovo -- active_protection_system | In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality. | 2017-06-04 | not yet calculated | CVE-2017-3740 CONFIRM |
| lenovo -- power_management_driver | In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation. | 2017-06-04 | not yet calculated | CVE-2017-3741 CONFIRM |
libdwarf -- libdwarf | dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | 2017-06-07 | not yet calculated | CVE-2015-8538 MLIST CONFIRM |
| libgcrypt -- libgcrypt | In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. | 2017-06-10 | not yet calculated | CVE-2017-9526 CONFIRM CONFIRM CONFIRM |
| linux-- qemu_emulator | QEMU (aka Quick Emulator), when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value. | 2017-06-08 | not yet calculated | CVE-2017-9330 CONFIRM MLIST BID CONFIRM |
| lynis -- lynis | Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. | 2017-06-08 | not yet calculated | CVE-2017-8108 CONFIRM CONFIRM FEDORA FEDORA |
| markdown-it -- markdown-it | markdown-it before 4.1.0 does not block data: URLs. | 2017-06-07 | not yet calculated | CVE-2015-3295 MLIST BID CONFIRM |
| mavetju -- mavetju | Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string. | 2017-06-05 | not yet calculated | CVE-2017-9430 MISC MISC EXPLOIT-DB |
| microsoft -- windows_7 | Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2191 JVN |
| microsoft -- windows_7 | Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2190 JVN |
| microsoft -- windows_7 | Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 version 2.27 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2189 JVN |
| microsoft -- windows_7 | Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2192 JVN |
microsoft -- windows_vista
| Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2016-4902 JVN |
| milton -- milton_webdav | XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. | 2017-06-07 | not yet calculated | CVE-2015-7326 MISC BUGTRAQ BID CONFIRM CONFIRM CONFIRM |
| multi_feed_reader -- multi_feed_reader | SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2017-2195 JVN CONFIRM |
| nagios -- fedora_nagios | The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | 2017-06-06 | not yet calculated | CVE-2016-0726 CONFIRM |
| net_monitor -- net_monitor_for_employees | Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application. | 2017-06-08 | not yet calculated | CVE-2017-7180 EXPLOIT-DB |
| open-xchange -- open-xchange_appsuite | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. | 2017-06-08 | not yet calculated | CVE-2015-1588 MISC BUGTRAQ BID SECTRACK |
| openbravo -- openbravo_business_suite | Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. | 2017-06-05 | not yet calculated | CVE-2017-9437 MISC |
| openstack -- ironic | OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information. | 2017-06-07 | not yet calculated | CVE-2015-7514 MLIST CONFIRM CONFIRM CONFIRM |
| patchjgd -- patchjgd | Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2211 JVN CONFIRM |
| patchjgd -- patchjgd | Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2210 JVN CONFIRM |
| peplink -- balance_router | Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter. | 2017-06-05 | not yet calculated | CVE-2017-8841 MISC MISC |
| peplink -- balance_router | SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database. | 2017-06-05 | not yet calculated | CVE-2017-8835 MISC MISC |
| peplink -- balance_router | Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid. | 2017-06-05 | not yet calculated | CVE-2017-8840 MISC MISC |
| peplink -- balance_router | Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. | 2017-06-05 | not yet calculated | CVE-2017-8837 MISC MISC |
| peplink -- balance_router | CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface. | 2017-06-05 | not yet calculated | CVE-2017-8836 MISC MISC |
| peplink -- balance_router | XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi. | 2017-06-05 | not yet calculated | CVE-2017-8839 MISC MISC |
| peplink -- balance_router | XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi. | 2017-06-05 | not yet calculated | CVE-2017-8838 MISC MISC |
| perl -- perl | The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. | 2017-06-07 | not yet calculated | CVE-2015-8326 MLIST CONFIRM CONFIRM CONFIRM |
| personify360 -- personify360_e-business | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords). | 2017-06-07 | not yet calculated | CVE-2017-7312 MISC |
| personify360 -- personify360_e-business | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required. | 2017-06-07 | not yet calculated | CVE-2017-7313 MISC |
| personify360 -- personify360_e-business | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available. | 2017-06-07 | not yet calculated | CVE-2017-7314 MISC |
| phoenix -- broadband_poweragent_sc3_bms | A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device. | 2017-06-02 | not yet calculated | CVE-2017-6039 BID MISC |
| pivotx -- pivotx | The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | 2017-06-06 | not yet calculated | CVE-2017-9332 MISC |
| poppler -- poppler | poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. | 2017-06-06 | not yet calculated | CVE-2017-7515 CONFIRM |
postgresql -- postgresql | PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. | 2017-06-06 | not yet calculated | CVE-2016-0768 CONFIRM |
postgresql -- postgresql | PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath. | 2017-06-06 | not yet calculated | CVE-2016-0767 CONFIRM |
| postgresql -- postgresql | PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own. | 2017-06-06 | not yet calculated | CVE-2016-2192 CONFIRM |
| qemu -- qemu_emulator | QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. | 2017-06-08 | not yet calculated | CVE-2017-9310 CONFIRM MLIST BID CONFIRM |
| radare -- radare2 | The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file. | 2017-06-08 | not yet calculated | CVE-2017-9520 CONFIRM CONFIRM |
| rapid7 -- nexpose | The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks. | 2017-06-06 | not yet calculated | CVE-2017-5243 CONFIRM |
| red5 -- media_server | The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data. | 2017-06-08 | not yet calculated | CVE-2017-5878 MLIST MISC |
| red_hat -- ansible | The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. | 2017-06-07 | not yet calculated | CVE-2015-6240 MLIST CONFIRM CONFIRM CONFIRM |
| red_hat -- ansible | The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands. | 2017-06-08 | not yet calculated | CVE-2014-3498 CONFIRM CONFIRM |
| red_hat -- satellite_6 | MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | 2017-06-06 | not yet calculated | CVE-2014-8180 CONFIRM CONFIRM |
| red_hat -- satellite_6 | Red Hat Satellite 6 allows remote authenticated users with privileged access on a content host to authenticate to the capsule broker or server broker. | 2017-06-07 | not yet calculated | CVE-2015-5202 CONFIRM |
| redhat -- 389_directory_server | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. | 2017-06-08 | not yet calculated | CVE-2016-4992 REDHAT REDHAT CONFIRM |
| redhat -- 389_directory_server | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. | 2017-06-08 | not yet calculated | CVE-2016-5405 REDHAT REDHAT BID CONFIRM |
| redhat -- 389_directory_server | 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. | 2017-06-08 | not yet calculated | CVE-2016-5416 REDHAT REDHAT CONFIRM |
| redhat -- cloud_foundry_diego | Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service. | 2017-06-08 | not yet calculated | CVE-2016-3091 MLIST |
| redhat -- cloudforms | ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | 2017-06-08 | not yet calculated | CVE-2016-4471 CONFIRM CONFIRM |
| redhat -- cloudforms | CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | 2017-06-08 | not yet calculated | CVE-2016-4457 CONFIRM |
| redhat -- gnu_compiler_collection | Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature. | 2017-06-07 | not yet calculated | CVE-2016-4973 MLIST BID CONFIRM |
| redhat -- jboss_eap | The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload. | 2017-06-08 | not yet calculated | CVE-2016-3690 CONFIRM MISC CONFIRM |
| redhat -- mod_ns | mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled. | 2017-06-08 | not yet calculated | CVE-2016-3099 FEDORA FEDORA FEDORA REDHAT CONFIRM |
| redhat -- ovirt | The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. | 2017-06-06 | not yet calculated | CVE-2016-3077 CONFIRM |
| redhat -- php | /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. | 2017-06-08 | not yet calculated | CVE-2016-4473 SUSE REDHAT CONFIRM |
| redhat -- pulp | server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key. | 2017-06-08 | not yet calculated | CVE-2016-3095 FEDORA MLIST MLIST CONFIRM CONFIRM |
| redhat -- pulp | The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack. | 2017-06-08 | not yet calculated | CVE-2016-3108 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| redhat -- pulp | pulp.spec in Pulp 2.8.3 allows local users to read generated RSA keys. | 2017-06-08 | not yet calculated | CVE-2016-3111 MISC MISC MLIST CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| redhat -- pulp | The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data. | 2017-06-08 | not yet calculated | CVE-2016-3107 MLIST CONFIRM CONFIRM CONFIRM |
| redhat -- pulp | client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable. | 2017-06-08 | not yet calculated | CVE-2016-3112 MLIST CONFIRM CONFIRM CONFIRM |
redhat -- resteasy
| SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code. | 2017-06-08 | not yet calculated | CVE-2016-7050 REDHAT CONFIRM |
| redhat -- spice-gtk | The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. | 2017-06-06 | not yet calculated | CVE-2016-3066 CONFIRM |
| saat -- netizen | Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2206 JVN CONFIRM |
| saat -- personal | Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2207 JVN CONFIRM |
| samba -- samba | smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. | 2017-06-06 | not yet calculated | CVE-2017-9461 CONFIRM CONFIRM CONFIRM |
samsung -- samsung_mobile | Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. | 2017-06-07 | not yet calculated | CVE-2015-7888 MISC BID MISC |
| schneider_electric – somachine_hvac | A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL. | 2017-06-07 | not yet calculated | CVE-2017-7966 CONFIRM BID |
| schneider_electric – somachine_hvac | A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. | 2017-06-07 | not yet calculated | CVE-2017-7965 CONFIRM BID |
| screensaver_installers -- N/A screensaver_installers | Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2176 JVN CONFIRM |
| seagate -- business_nas | Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens. | 2017-06-08 | not yet calculated | CVE-2014-8687 MISC MISC BID MISC EXPLOIT-DB EXPLOIT-DB |
| semidynaexe -- semidynaexe | Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2213 JVN CONFIRM |
| shogyo_touki_denshi_ninsho -- shogyo_touki_denshi_ninsho | Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2177 JVN CONFIRM |
| simeji -- simeji | Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2219 JVN |
| skysea -- skysea | SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program. | 2017-06-09 | not yet calculated | CVE-2016-7836 CONFIRM JVN CONFIRM |
| socat -- socat | The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). | 2017-06-08 | not yet calculated | CVE-2015-1379 CONFIRM MLIST MLIST BID CONFIRM |
| sony -- video_conference_firmware | Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2016-7830 JVN CONFIRM |
| sophos -- cyberoam_firmware | An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp. | 2017-06-07 | not yet calculated | CVE-2016-9834 MISC |
| sophos -- sophos_web_appliance | The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342. | 2017-06-08 | not yet calculated | CVE-2017-9523 CONFIRM |
| spiffy -- spiffy | Directory traversal vulnerability in Spiffy before 5.4. | 2017-06-07 | not yet calculated | CVE-2015-8235 CONFIRM MLIST BID MLIST |
| strongswan -- strongswan | The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. | 2017-06-08 | not yet calculated | CVE-2017-9023 DEBIAN BID UBUNTU CONFIRM |
| strongswan -- strongswan | The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. | 2017-06-08 | not yet calculated | CVE-2017-9022 DEBIAN BID UBUNTU CONFIRM |
| subsonic -- subsonic | XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. | 2017-06-07 | not yet calculated | CVE-2017-9355 MISC MISC |
symantec -- rar
| Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive. | 2017-06-04 | not yet calculated | CVE-2014-9983 CONFIRM |
| teampass -- teampass | TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. | 2017-06-05 | not yet calculated | CVE-2017-9436 CONFIRM |
| tera_term -- tera_term | Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2193 JVN CONFIRM |
tky2jgd -- tky2jgd | Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. 1.3.79 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2017-2212 JVN CONFIRM |
| todokesho -- todokesho | Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2016-7818 CONFIRM CONFIRM CONFIRM CONFIRM JVN |
torproject -- tor | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. | 2017-06-09 | not yet calculated | CVE-2017-0376 CONFIRM CONFIRM CONFIRM |
torproject -- tor | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. | 2017-06-09 | not yet calculated | CVE-2017-0375 CONFIRM CONFIRM CONFIRM |
| ubuntu -- debian | In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. | 2017-06-09 | not yet calculated | CVE-2017-9525 MISC MISC |
| vindula -- vindula | Cross-site scripting (XSS) vulnerability in Vindula 1.9. | 2017-06-07 | not yet calculated | CVE-2015-6959 MISC |
| vmware -- esxi | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host. | 2017-06-07 | not yet calculated | CVE-2017-4903 BID CONFIRM |
| vmware -- esxi | The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5. | 2017-06-07 | not yet calculated | CVE-2017-4904 BID CONFIRM |
| vmware -- esxi | VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host. | 2017-06-07 | not yet calculated | CVE-2017-4902 BID CONFIRM |
| vmware -- esxi | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak. | 2017-06-07 | not yet calculated | CVE-2017-4905 BID CONFIRM |
| vmware -- horizon_view_client | VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed. | 2017-06-08 | not yet calculated | CVE-2017-4918 CONFIRM |
| vmware -- unified_access_gateway | VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway. | 2017-06-08 | not yet calculated | CVE-2017-4907 BID CONFIRM |
| vmware -- vsphere_data_protection | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. | 2017-06-07 | not yet calculated | CVE-2017-4914 BID CONFIRM |
| vmware -- vsphere_data_protection | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. | 2017-06-07 | not yet calculated | CVE-2017-4917 BID CONFIRM |
| vmware -- workstation | VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | 2017-06-07 | not yet calculated | CVE-2017-4900 BID CONFIRM |
| vmware -- workstation | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | 2017-06-08 | not yet calculated | CVE-2017-4910 BID CONFIRM |
| vmware -- workstation | The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion. | 2017-06-08 | not yet calculated | CVE-2017-4901 BID CONFIRM |
| vmware -- workstation | VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation of this issue may allow normal users to escalate privileges to System in the host machine where VMware Workstation is installed. | 2017-06-07 | not yet calculated | CVE-2017-4898 BID CONFIRM |
| vmware -- workstation | VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no graphics drivers are installed. | 2017-06-07 | not yet calculated | CVE-2017-4899 BID CONFIRM |
| vmware -- workstation | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | 2017-06-08 | not yet calculated | CVE-2017-4912 BID CONFIRM |
| vmware -- workstation | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | 2017-06-08 | not yet calculated | CVE-2017-4908 BID CONFIRM |
| vmware -- workstation | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | 2017-06-08 | not yet calculated | CVE-2017-4911 BID CONFIRM |
| vmware -- workstation | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | 2017-06-08 | not yet calculated | CVE-2017-4909 BID CONFIRM |
| vmware -- workstation | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | 2017-06-08 | not yet calculated | CVE-2017-4913 BID CONFIRM |
| winsparkle -- winsparkle | Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory. | 2017-06-09 | not yet calculated | CVE-2016-7838 CONFIRM JVN JVN CONFIRM |
| wordpress -- live_chat_support | Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-06-09 | not yet calculated | CVE-2017-2187 JVN CONFIRM |
| wordpress -- slideshow | The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. | 2017-06-08 | not yet calculated | CVE-2015-3634 MLIST BID CONFIRM CONFIRM |
| wordpress -- spiffy_calendar | Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. | 2017-06-05 | not yet calculated | CVE-2017-9420 MISC MISC BID |
| wordpress -- wordpress_backup_to_dropbox | Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. | 2017-06-07 | not yet calculated | CVE-2014-9310 BID MISC CONFIRM |
| yara -- yara | The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c. | 2017-06-06 | not yet calculated | CVE-2017-9465 CONFIRM CONFIRM |
zencherry -- zcms | SQL injection vulnerability in ZCMS 1.1. | 2017-06-07 | not yet calculated | CVE-2015-7346 MISC MISC EXPLOIT-DB |
| zend -- zend_framework | Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers. | 2017-06-08 | not yet calculated | CVE-2015-1786 CONFIRM CONFIRM |
zulip -- zulip_server | Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | 2017-06-02 | not yet calculated | CVE-2017-0896 MISC MLIST MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.