Vulnerability Summary for the Week of August 21, 2017
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache2triad -- apache2triad | Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | 2017-08-23 | 7.5 | CVE-2017-12965 MISC MISC BID |
aptus -- styra_porttelefonkort_4400_firmware | Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. | 2017-08-18 | 10.0 | CVE-2017-7278 CONFIRM |
buffalo -- wcr-1166ds_firmware | Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | 2017-08-18 | 7.7 | CVE-2017-10811 CONFIRM JVN |
enecho.meti -- shin_kikan_toukei_houkoku_data_nyuryokuyou_program | Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | 9.3 | CVE-2017-10821 JVN |
enecho.meti -- shin_kinkyuji_houkoku_data_nyuryoku_program | Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | 9.3 | CVE-2017-10823 JVN |
enecho.meti -- shin_sekiyu_yunyu_chousa_houkoku_data_nyuryoku_program | Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | 9.3 | CVE-2017-10822 JVN |
enecho.meti -- teikihoukokusho_sakuseishien_tool | Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | 9.3 | CVE-2017-2228 JVN |
formcraft-wp -- formcraft | The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php. | 2017-08-23 | 7.5 | CVE-2017-13137 MISC |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. | 2017-08-18 | 10.0 | CVE-2014-9411 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. | 2017-08-18 | 10.0 | CVE-2014-9968 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. | 2017-08-18 | 10.0 | CVE-2014-9969 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. | 2017-08-18 | 10.0 | CVE-2014-9971 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. | 2017-08-18 | 10.0 | CVE-2014-9972 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. | 2017-08-18 | 10.0 | CVE-2014-9973 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. | 2017-08-18 | 10.0 | CVE-2014-9974 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. | 2017-08-18 | 10.0 | CVE-2014-9975 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | 2017-08-18 | 10.0 | CVE-2014-9976 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. | 2017-08-18 | 10.0 | CVE-2014-9977 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. | 2017-08-18 | 10.0 | CVE-2014-9978 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. | 2017-08-18 | 10.0 | CVE-2014-9979 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. | 2017-08-18 | 10.0 | CVE-2014-9980 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. | 2017-08-18 | 10.0 | CVE-2014-9981 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. | 2017-08-18 | 10.0 | CVE-2015-0574 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. | 2017-08-18 | 10.0 | CVE-2015-0575 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. | 2017-08-18 | 7.6 | CVE-2015-0576 MISC. CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. | 2017-08-18 | 10.0 | CVE-2015-8592 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | 2017-08-18 | 10.0 | CVE-2015-8593 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. | 2017-08-18 | 10.0 | CVE-2015-8594 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. | 2017-08-18 | 10.0 | CVE-2015-8595 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. | 2017-08-18 | 10.0 | CVE-2015-8596 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. | 2017-08-18 | 10.0 | CVE-2015-9034 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. | 2017-08-18 | 10.0 | CVE-2015-9035 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. | 2017-08-18 | 10.0 | CVE-2015-9036 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. | 2017-08-18 | 10.0 | CVE-2015-9037 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. | 2017-08-18 | 10.0 | CVE-2015-9038 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. | 2017-08-18 | 10.0 | CVE-2015-9039 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. | 2017-08-18 | 10.0 | CVE-2015-9040 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. | 2017-08-18 | 10.0 | CVE-2015-9041 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. | 2017-08-18 | 10.0 | CVE-2015-9042 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. | 2017-08-18 | 10.0 | CVE-2015-9043 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. | 2017-08-18 | 10.0 | CVE-2015-9044 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. | 2017-08-18 | 10.0 | CVE-2015-9045 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. | 2017-08-18 | 10.0 | CVE-2015-9046 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. | 2017-08-18 | 10.0 | CVE-2015-9047 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. | 2017-08-18 | 10.0 | CVE-2015-9048 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. | 2017-08-18 | 10.0 | CVE-2015-9049 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. | 2017-08-18 | 10.0 | CVE-2015-9050 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message. | 2017-08-18 | 10.0 | CVE-2015-9051 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. | 2017-08-18 | 10.0 | CVE-2015-9052 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. | 2017-08-18 | 10.0 | CVE-2015-9053 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. | 2017-08-18 | 10.0 | CVE-2015-9054 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. | 2017-08-18 | 10.0 | CVE-2015-9055 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. | 2017-08-18 | 10.0 | CVE-2015-9060 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. | 2017-08-18 | 10.0 | CVE-2015-9061 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. | 2017-08-18 | 10.0 | CVE-2015-9062 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. | 2017-08-18 | 10.0 | CVE-2015-9063 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. | 2017-08-18 | 10.0 | CVE-2015-9064 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. | 2017-08-18 | 10.0 | CVE-2015-9065 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. | 2017-08-18 | 10.0 | CVE-2015-9066 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. | 2017-08-18 | 10.0 | CVE-2015-9067 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. | 2017-08-18 | 10.0 | CVE-2015-9068 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. | 2017-08-18 | 10.0 | CVE-2015-9069 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. | 2017-08-18 | 10.0 | CVE-2015-9070 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. | 2017-08-18 | 10.0 | CVE-2015-9071 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. | 2017-08-18 | 10.0 | CVE-2015-9072 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. | 2017-08-18 | 10.0 | CVE-2015-9073 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. | 2017-08-18 | 10.0 | CVE-2016-10343 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. | 2017-08-18 | 10.0 | CVE-2016-10344 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. | 2017-08-18 | 10.0 | CVE-2016-10346 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. | 2017-08-18 | 10.0 | CVE-2016-10347 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. | 2017-08-18 | 10.0 | CVE-2016-10380 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. | 2017-08-18 | 10.0 | CVE-2016-10381 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. | 2017-08-18 | 10.0 | CVE-2016-10382 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | 2017-08-18 | 9.3 | CVE-2016-10383 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. | 2017-08-18 | 10.0 | CVE-2016-10384 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. | 2017-08-18 | 10.0 | CVE-2016-10385 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. | 2017-08-18 | 10.0 | CVE-2016-10386 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. | 2017-08-18 | 10.0 | CVE-2016-10387 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. | 2017-08-18 | 10.0 | CVE-2016-10388 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition. | 2017-08-18 | 9.3 | CVE-2016-10389 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. | 2017-08-18 | 10.0 | CVE-2016-10390 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. | 2017-08-18 | 10.0 | CVE-2016-10391 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. | 2017-08-18 | 10.0 | CVE-2016-10392 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. | 2017-08-18 | 10.0 | CVE-2016-5871 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. | 2017-08-18 | 10.0 | CVE-2016-5872 BID CONFIRM |
google -- android | A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701. | 2017-08-23 | 9.3 | CVE-2017-0805 CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition. | 2017-08-18 | 10.0 | CVE-2017-7364 SECTRACK CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. | 2017-08-18 | 9.3 | CVE-2017-8253 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. | 2017-08-18 | 9.3 | CVE-2017-8255 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. | 2017-08-18 | 7.6 | CVE-2017-8262 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. | 2017-08-18 | 9.3 | CVE-2017-8263 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. | 2017-08-18 | 7.6 | CVE-2017-8267 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. | 2017-08-18 | 9.3 | CVE-2017-8268 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). | 2017-08-18 | 9.3 | CVE-2017-9678 BID CONFIRM MISC. |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. | 2017-08-18 | 7.6 | CVE-2017-9684 BID CONFIRM MISC. |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. | 2017-08-18 | 9.3 | CVE-2017-9685 BID CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. | 2017-08-22 | 7.1 | CVE-2017-13133 BID CONFIRM |
imagemagick -- imagemagick | In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. | 2017-08-23 | 7.5 | CVE-2017-13139 CONFIRM CONFIRM |
kddi -- qua_station_firmware | Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | 9.3 | CVE-2017-2289 JVN |
libsass -- libsass | There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. | 2017-08-18 | 7.8 | CVE-2017-12964 MISC |
linux -- linux_kernel | The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. | 2017-08-19 | 7.2 | CVE-2017-10662 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel | The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. | 2017-08-19 | 7.2 | CVE-2017-10663 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRM |
nexusphp -- nexusphp | NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. | 2017-08-21 | 7.5 | CVE-2017-12981 MISC |
nexusphp_project -- nexusphp | SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | 2017-08-18 | 7.5 | CVE-2017-12776 MISC |
nih -- libzip | Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. | 2017-08-23 | 7.5 | CVE-2017-12858 BID CONFIRM |
qnap -- ts-212p_firmware | Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. | 2017-08-18 | 7.5 | CVE-2017-12582 MISC |
rarlab -- unrar | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | 2017-08-18 | 7.5 | CVE-2017-12940 MISC |
rarlab -- unrar | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | 2017-08-18 | 7.5 | CVE-2017-12941 MISC |
rarlab -- unrar | libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | 2017-08-18 | 7.5 | CVE-2017-12942 MISC |
teikoku_databank -- type_a | Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | 9.3 | CVE-2017-10824 JVN |
wago -- wago_i/o_plc_758-870_firmware | WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. | 2017-08-22 | 10.0 | CVE-2015-6473 MISC FULLDISC BID |
x.org -- libxfont | A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. | 2017-08-18 | 7.5 | CVE-2007-5199 CONFIRM CONFIRM |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
altools -- alzip | Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename. | 2017-08-19 | 6.8 | CVE-2017-11323 MISC MISC |
apache2triad -- apache2triad | Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. | 2017-08-23 | 6.8 | CVE-2017-12970 MISC MISC BID |
apache2triad -- apache2triad | Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. | 2017-08-23 | 4.3 | CVE-2017-12971 MISC MISC BID |
asn1c_project -- asn1c | The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. | 2017-08-20 | 4.3 | CVE-2017-12966 MISC |
asus -- dsl-n10s_firmware | ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. | 2017-08-18 | 6.5 | CVE-2017-12592 MISC |
asus -- dsl-n10s_firmware | ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. | 2017-08-18 | 6.8 | CVE-2017-12593 MISC |
attic_project -- attic | attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file". | 2017-08-18 | 4.0 | CVE-2015-4082 MLIST BID CONFIRM CONFIRM |
broken_link_checker_project -- broken_link_checker | Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | 2017-08-18 | 4.3 | CVE-2015-5057 MLIST BID MISC |
ccfile -- cc_file_transfer | In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787. | 2017-08-21 | 5.0 | CVE-2017-12784 MISC |
cyrusimap -- cyrus_imap | Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | 2017-08-22 | 4.0 | CVE-2017-12843 CONFIRM CONFIRM FEDORA CONFIRM |
d-link -- dir-600_b1_firmware | D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | 2017-08-18 | 5.0 | CVE-2017-12943 MISC |
django-cms -- django_cms | Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. | 2017-08-18 | 6.8 | CVE-2015-5081 MLIST CONFIRM CONFIRM |
dokuwiki -- dokuwiki | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. | 2017-08-21 | 4.3 | CVE-2017-12979 CONFIRM |
dokuwiki -- dokuwiki | DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. | 2017-08-21 | 4.3 | CVE-2017-12980 CONFIRM |
easymodal_project -- easy_modal | classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. | 2017-08-18 | 6.5 | CVE-2017-12946 MISC MISC |
easymodal_project -- easy_modal | classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. | 2017-08-18 | 6.5 | CVE-2017-12947 MISC MISC |
exiv2 -- exiv2 | There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. | 2017-08-18 | 6.8 | CVE-2017-12955 MISC |
exiv2 -- exiv2 | There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. | 2017-08-18 | 4.3 | CVE-2017-12956 MISC |
exiv2 -- exiv2 | There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. | 2017-08-18 | 4.3 | CVE-2017-12957 MISC |
fedoraproject -- fedora | Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. | 2017-08-22 | 6.8 | CVE-2015-5258 FEDORA CONFIRM |
gnome -- librest | The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. | 2017-08-18 | 5.0 | CVE-2015-2675 REDHAT MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
gnu -- binutils | The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. | 2017-08-19 | 4.3 | CVE-2017-12967 BID CONFIRM |
gnu -- pspp | There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. | 2017-08-18 | 5.0 | CVE-2017-12958 MISC |
gnu -- pspp | There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack. | 2017-08-18 | 5.0 | CVE-2017-12959 MISC |
gnu -- pspp | There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. | 2017-08-18 | 5.0 | CVE-2017-12960 MISC |
gnu -- pspp | There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. | 2017-08-18 | 5.0 | CVE-2017-12961 MISC |
google -- android | A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675. | 2017-08-18 | 4.3 | CVE-2017-0687 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. | 2017-08-18 | 4.3 | CVE-2017-8254 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. | 2017-08-18 | 6.8 | CVE-2017-8256 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. | 2017-08-18 | 6.8 | CVE-2017-8257 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. | 2017-08-18 | 6.8 | CVE-2017-8260 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. | 2017-08-18 | 6.8 | CVE-2017-8261 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. | 2017-08-18 | 5.1 | CVE-2017-8265 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. | 2017-08-18 | 5.1 | CVE-2017-8266 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. | 2017-08-18 | 5.1 | CVE-2017-8270 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write. | 2017-08-18 | 6.8 | CVE-2017-8272 BID CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. | 2017-08-18 | 5.0 | CVE-2017-9679 BID CONFIRM MISC. |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message. | 2017-08-18 | 5.0 | CVE-2017-9680 BID CONFIRM MISC. |
graphicsmagick -- graphicsmagick | The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. | 2017-08-18 | 6.8 | CVE-2017-12935 MISC MISC |
graphicsmagick -- graphicsmagick | The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. | 2017-08-18 | 6.8 | CVE-2017-12936 MISC MISC |
graphicsmagick -- graphicsmagick | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | 2017-08-18 | 6.8 | CVE-2017-12937 MISC BID MISC |
graphicsmagick -- graphicsmagick | GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. | 2017-08-22 | 4.3 | CVE-2017-13063 CONFIRM CONFIRM |
graphicsmagick -- graphicsmagick | GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. | 2017-08-22 | 4.3 | CVE-2017-13064 CONFIRM BID CONFIRM |
graphicsmagick -- graphicsmagick | GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. | 2017-08-22 | 4.3 | CVE-2017-13065 CONFIRM CONFIRM |
graphicsmagick -- graphicsmagick | GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. | 2017-08-22 | 4.3 | CVE-2017-13066 BID CONFIRM |
graphicsmagick -- graphicsmagick | In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. | 2017-08-23 | 6.8 | CVE-2017-13147 CONFIRM |
graphicsmagick -- graphicsmagick | In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. | 2017-08-23 | 4.3 | CVE-2017-13648 CONFIRM |
ibm -- security_network_protection_4100_firmware | Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-08-22 | 4.3 | CVE-2014-6189 CONFIRM BID |
ibm -- websphere_application_server | IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. | 2017-08-18 | 4.3 | CVE-2017-1501 CONFIRM BID SECTRACK MISC |
igniterealtime -- openfire | OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | 2017-08-18 | 5.0 | CVE-2014-3451 MISC MLIST BUGTRAQ BID MISC |
imagemagick -- imagemagick | Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | 2017-08-21 | 6.8 | CVE-2017-12983 CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. | 2017-08-22 | 4.3 | CVE-2017-13058 BID CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. | 2017-08-22 | 4.3 | CVE-2017-13059 BID CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. | 2017-08-22 | 4.3 | CVE-2017-13060 BID CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. | 2017-08-22 | 4.3 | CVE-2017-13061 BID CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. | 2017-08-22 | 4.3 | CVE-2017-13062 CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. | 2017-08-22 | 4.3 | CVE-2017-13131 BID CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. | 2017-08-22 | 4.3 | CVE-2017-13132 BID CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. | 2017-08-22 | 4.3 | CVE-2017-13134 BID CONFIRM |
imagemagick -- imagemagick | In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. | 2017-08-23 | 4.3 | CVE-2017-13140 CONFIRM CONFIRM |
imagemagick -- imagemagick | In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. | 2017-08-23 | 4.3 | CVE-2017-13141 CONFIRM CONFIRM |
imagemagick -- imagemagick | In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. | 2017-08-23 | 4.3 | CVE-2017-13142 CONFIRM CONFIRM CONFIRM |
imagemagick -- imagemagick | In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. | 2017-08-23 | 5.0 | CVE-2017-13143 CONFIRM CONFIRM CONFIRM |
imagemagick -- imagemagick | In ImageMagick before 6.9.7-10, there is a crash (rather than a "width or height exceeds limit" error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. | 2017-08-23 | 4.3 | CVE-2017-13144 CONFIRM CONFIRM |
imagemagick -- imagemagick | In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. | 2017-08-23 | 4.3 | CVE-2017-13145 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
imagemagick -- imagemagick | In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. | 2017-08-23 | 6.8 | CVE-2017-13146 CONFIRM CONFIRM |
imagemagick -- imagemagick | In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. | 2017-08-24 | 4.3 | CVE-2017-13658 CONFIRM CONFIRM CONFIRM |
libsass -- libsass | There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. | 2017-08-18 | 5.0 | CVE-2017-12962 MISC |
libsass -- libsass | There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24). | 2017-08-18 | 5.0 | CVE-2017-12963 MISC |
libtiff -- libtiff | The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. | 2017-08-18 | 5.0 | CVE-2017-12944 CONFIRM |
netapp -- clustered_data_ontap | Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. | 2017-08-18 | 6.5 | CVE-2017-12420 BID CONFIRM |
netapp -- data_ontap | NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. | 2017-08-18 | 4.3 | CVE-2017-12859 BID CONFIRM |
nexusphp_project -- nexusphp | Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. | 2017-08-18 | 4.3 | CVE-2017-12680 MISC BID |
nongnu -- icoutils | Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. | 2017-08-22 | 6.8 | CVE-2017-5208 MLIST BID CONFIRM |
open-uri-cached_project -- open-uri-cached | The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created. | 2017-08-18 | 4.6 | CVE-2015-3649 MISC MLIST BID MISC MISC MISC |
paessler -- prtg_network_monitor | Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-08-18 | 4.3 | CVE-2017-9816 CONFIRM |
phpmywind -- phpmywind | PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. | 2017-08-21 | 4.3 | CVE-2017-12984 MISC |
podlove -- podlove_podcast_publisher | lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. | 2017-08-18 | 6.5 | CVE-2017-12949 MISC |
pressforward -- pressforward | Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. | 2017-08-18 | 4.3 | CVE-2017-12948 MISC |
pulp_project -- pulp | Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | 2017-08-18 | 6.5 | CVE-2015-5153 CONFIRM |
qodeinteractive -- bridge | DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. | 2017-08-23 | 4.3 | CVE-2017-13138 MISC MISC MISC |
razerone -- synapse | Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. | 2017-08-18 | 4.6 | CVE-2017-11652 MISC |
razerone -- synapse | Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. | 2017-08-18 | 4.6 | CVE-2017-11653 MISC |
resiprocate -- resiprocate | Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response. | 2017-08-18 | 5.0 | CVE-2017-9454 CONFIRM MLIST |
spring_batch_admin_project -- spring_batch_admin | Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | 2017-08-18 | 6.8 | CVE-2017-12881 MLIST BID |
strongswan -- strongswan | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. | 2017-08-18 | 5.0 | CVE-2017-11185 BID CONFIRM |
tomaxcom -- r60g_firmware | ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. | 2017-08-18 | 6.8 | CVE-2017-12589 BID MISC |
wago -- wago_i/o_plc_758-870_firmware | WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. | 2017-08-22 | 5.0 | CVE-2015-6472 MISC FULLDISC BID |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
asus -- dsl-n10s_firmware | ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | 2017-08-18 | 3.5 | CVE-2017-12591 MISC |
cacti -- cacti | lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. | 2017-08-21 | 3.5 | CVE-2017-12978 SECTRACK CONFIRM CONFIRM CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. | 2017-08-18 | 2.6 | CVE-2017-9682 BID CONFIRM MISC. |
ibm -- rational_requirements_composer | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246. | 2017-08-18 | 3.5 | CVE-2017-1338 CONFIRM BID MISC |
qemu -- qemu | QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. | 2017-08-23 | 2.1 | CVE-2017-12809 MLIST BID MLIST |
spring_batch_admin_project -- spring_batch_admin | Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. | 2017-08-18 | 3.5 | CVE-2017-12882 MLIST BID |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accellion -- file_transfer_appliance | Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. | 2017-08-22 | not yet calculated | CVE-2015-2857 MISC MISC MISC EXPLOIT-DB |
apache -- pony_mail | Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | 2017-08-22 | not yet calculated | CVE-2016-4460 CONFIRM BID |
atlassian -- crucible | The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. | 2017-08-24 | not yet calculated | CVE-2017-9509 MISC MISC |
atlassian -- crucible | The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter. | 2017-08-24 | not yet calculated | CVE-2017-9507 MISC MISC |
atlassian -- fisheye_and_crucible | The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. | 2017-08-24 | not yet calculated | CVE-2017-9512 MISC MISC MISC |
atlassian -- fisheye_and_crucible | The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system. | 2017-08-24 | not yet calculated | CVE-2017-9511 MISC MISC MISC |
atlassian -- fisheye_and_crucible | Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file. | 2017-08-24 | not yet calculated | CVE-2017-9508 MISC MISC MISC |
atlassian -- fisheye | The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. | 2017-08-24 | not yet calculated | CVE-2017-9510 MISC MISC |
atlassian -- oauth_plugin | The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). | 2017-08-23 | not yet calculated | CVE-2017-9506 MISC MISC |
automated_logic_corporation -- alc_webctrl | A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. | 2017-08-25 | not yet calculated | CVE-2017-9640 BID MISC |
automated_logic_corporation -- alc_webctrl | An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. | 2017-08-25 | not yet calculated | CVE-2017-9650 BID MISC EXPLOIT-DB |
automated_logic_corporation -- alc_webctrl | An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. | 2017-08-25 | not yet calculated | CVE-2017-9644 BID MISC EXPLOIT-DB |
bitrix -- bitrix | Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php. | 2017-08-24 | not yet calculated | CVE-2015-8355 BUGTRAQ MISC |
bmc_patrol -- bmc_patrol | mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring. | 2017-08-22 | not yet calculated | CVE-2017-13130 MISC |
cloud4wi -- cloud4wi | Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI. | 2017-08-24 | not yet calculated | CVE-2015-4699 FULLDISC MISC CONFIRM |
cloud_foundry_foundation -- capi | In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure. | 2017-08-21 | not yet calculated | CVE-2017-8037 CONFIRM |
codiad -- codiad | components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | 2017-08-20 | not yet calculated | CVE-2017-11366 MISC MISC MISC MISC |
connect2id -- nimbus_jose+jwt | Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation. | 2017-08-20 | not yet calculated | CVE-2017-12974 CONFIRM CONFIRM CONFIRM |
connect2id -- nimbus_jose+jwt | In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. | 2017-08-20 | not yet calculated | CVE-2017-12972 CONFIRM CONFIRM CONFIRM |
connect2id -- nimbus_jose+jwt | Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. | 2017-08-20 | not yet calculated | CVE-2017-12973 CONFIRM CONFIRM CONFIRM |
d-link -- d-link_firmware | D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allows remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | 2017-08-25 | not yet calculated | CVE-2014-7857 MISC FULLDISC CONFIRM BUGTRAQ BID |
d-link -- d-link_firmware | The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. | 2017-08-25 | not yet calculated | CVE-2014-7860 MISC FULLDISC CONFIRM BUGTRAQ BID |
d-link -- d-link_firmware | The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | 2017-08-25 | not yet calculated | CVE-2014-7858 MISC FULLDISC CONFIRM BUGTRAQ BID |
d-link -- d-link_firmware | Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values. | 2017-08-25 | not yet calculated | CVE-2014-7859 MISC FULLDISC CONFIRM BUGTRAQ BID |
dayrui_finecms -- dayrui_finecms | controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. | 2017-08-25 | not yet calculated | CVE-2017-13697 MISC |
dnsdist -- dnsdist | dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. | 2017-08-22 | not yet calculated | CVE-2017-7557 MISC |
fortinet -- fortimanager | Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. | 2017-08-22 | not yet calculated | CVE-2015-3617 BID SECTRACK CONFIRM |
git-annex -- git-annex | git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. | 2017-08-20 | not yet calculated | CVE-2017-12976 CONFIRM CONFIRM CONFIRM |
gnu -- gnu | Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. | 2017-08-25 | not yet calculated | CVE-2015-1395 FEDORA FEDORA MLIST BID UBUNTU MISC CONFIRM CONFIRM CONFIRM |
gnu -- gnu | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | 2017-08-25 | not yet calculated | CVE-2014-9637 CONFIRM FEDORA FEDORA MLIST BID UBUNTU CONFIRM CONFIRM CONFIRM |
ibm -- flex_system_en6131_ethernet_and_ib6131_infiniband_switch_firmware
| CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. | 2017-08-25 | not yet calculated | CVE-2014-9564 BID CONFIRM |
ibm -- maas360_dtm | IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412. | 2017-08-22 | not yet calculated | CVE-2017-1422 CONFIRM BID MISC |
icewarp -- icewarp_mail_server | Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. | 2017-08-23 | not yet calculated | CVE-2017-12844 MISC |
kaspersky -- kaspersky_internet_security_for_android | In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | 2017-08-25 | not yet calculated | CVE-2017-12817 CONFIRM |
kaspersky -- kaspersky_internet_security_for_android | In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | 2017-08-25 | not yet calculated | CVE-2017-12816 CONFIRM |
linux -- kernal | Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. | 2017-08-19 | not yet calculated | CVE-2017-10661 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRM |
linux -- kernel | The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | 2017-08-25 | not yet calculated | CVE-2017-13694 MISC MISC |
linux -- kernel | The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | 2017-08-25 | not yet calculated | CVE-2017-13693 MISC MISC |
linux -- kernel | net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release. | 2017-08-24 | not yet calculated | CVE-2017-13686 CONFIRM CONFIRM |
linux -- kernel | The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | 2017-08-25 | not yet calculated | CVE-2017-13695 MISC MISC |
lxdm -- lxdm | LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | 2017-08-24 | not yet calculated | CVE-2015-8308 MLIST CONFIRM |
micro_focus -- enterprise_developer_and_enterprise_server | A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. | 2017-08-21 | not yet calculated | CVE-2017-5187 MISC |
micro_focus -- enterprise_developer_and_enterprise_server | Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. | 2017-08-21 | not yet calculated | CVE-2017-7421 MISC |
micro_focus -- enterprise_developer_and_enterprise_server | A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default. | 2017-08-21 | not yet calculated | CVE-2017-7423 MISC |
micro_focus -- enterprise_developer_and_enterprise_server | An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). | 2017-08-21 | not yet calculated | CVE-2017-7420 MISC |
micro_focus -- enterprise_developer_and_enterprise_server | A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. | 2017-08-21 | not yet calculated | CVE-2017-7424 MISC |
micro_focus -- enterprise_developer_and_enterprise_server | Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default. | 2017-08-21 | not yet calculated | CVE-2017-7422 MISC |
misp -- misp | app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. | 2017-08-24 | not yet calculated | CVE-2017-13671 CONFIRM |
mktexlsr -- mktexlsr | mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700. | 2017-08-25 | not yet calculated | CVE-2015-5701 MLIST MISC CONFIRM CONFIRM CONFIRM |
mktexlsr -- mktexlsr | mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. | 2017-08-25 | not yet calculated | CVE-2015-5700 MLIST MISC CONFIRM CONFIRM CONFIRM |
mrd-305-din -- mrd-305-din | A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. | 2017-08-25 | not yet calculated | CVE-2016-5816 MISC |
multicoreware -- multicoreware | An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906. | 2017-08-24 | not yet calculated | CVE-2017-13666 MISC |
nagios -- nagios_core | Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command. | 2017-08-23 | not yet calculated | CVE-2017-12847 BID CONFIRM CONFIRM CONFIRM CONFIRM |
newsbeuter -- newsbeuter | Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. | 2017-08-23 | not yet calculated | CVE-2017-12904 DEBIAN CONFIRM CONFIRM MLIST |
nexusphp -- nexusphp | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. | 2017-08-24 | not yet calculated | CVE-2017-12679 MISC |
nexusphp -- nexusphp | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php. | 2017-08-24 | not yet calculated | CVE-2017-13669 MISC |
noviware -- noviware | A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow. | 2017-08-22 | not yet calculated | CVE-2017-12787 EXPLOIT-DB |
noviware -- noviware | Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data. | 2017-08-22 | not yet calculated | CVE-2017-12786 EXPLOIT-DB |
noviware -- noviware | The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection. | 2017-08-22 | not yet calculated | CVE-2017-12785 EXPLOIT-DB |
ntp -- ntp | ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. | 2017-08-24 | not yet calculated | CVE-2015-5146 CONFIRM FEDORA FEDORA FEDORA CONFIRM DEBIAN BID SECTRACK CONFIRM GENTOO |
onos -- onos | ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870). | 2017-08-24 | not yet calculated | CVE-2015-7516 MLIST BID MISC CONFIRM CONFIRM |
openjpeg -- openjpeg | The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. | 2017-08-21 | not yet calculated | CVE-2017-12982 MISC MISC MISC |
openstack -- ocata_and_newton | Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. | 2017-08-18 | not yet calculated | CVE-2017-12440 BID CONFIRM CONFIRM CONFIRM CONFIRM |
openstack-tripleo-image-elements -- openstack-tripleo-image-elements | HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | 2017-08-22 | not yet calculated | CVE-2016-2102 CONFIRM |
osisoft -- pi_web_api | An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. | 2017-08-25 | not yet calculated | CVE-2017-7930 BID MISC |
osisoft -- pi_web_api | An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. | 2017-08-25 | not yet calculated | CVE-2017-7934 BID MISC |
osisoft -- pi_web_api | A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. | 2017-08-25 | not yet calculated | CVE-2017-7926 BID MISC |
paessler -- prtg_network_monitor | Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML. | 2017-08-24 | not yet calculated | CVE-2017-12879 MISC CONFIRM |
php-fpm -- php-fpm | php-fpm allows local users to write to or create arbitrary files via a symlink attack. | 2017-08-25 | not yet calculated | CVE-2015-3211 CONFIRM |
phpmybackuppro -- phpmybackuppro | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. | 2017-08-25 | not yet calculated | CVE-2015-4181 MLIST |
phpmybackuppro -- phpmybackuppro | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050. | 2017-08-25 | not yet calculated | CVE-2015-4180 MLIST |
polycom -- multiple_products | Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information. | 2017-08-25 | not yet calculated | CVE-2017-12857 CONFIRM |
pyjwt -- pyjwt | In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch. | 2017-08-24 | not yet calculated | CVE-2017-11424 CONFIRM |
python -- kerberos | The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. | 2017-08-25 | not yet calculated | CVE-2015-3206 MLIST BID CONFIRM CONFIRM CONFIRM |
python -- python | Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. | 2017-08-24 | not yet calculated | CVE-2014-4616 CONFIRM SUSE MLIST BID MISC CONFIRM MISC GENTOO |
red_hat -- enterprise_virtualization_manager | Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. | 2017-08-24 | not yet calculated | CVE-2015-5293 CONFIRM CONFIRM |
red_hat -- jboss_enterprise_application_platform | Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. | 2017-08-22 | not yet calculated | CVE-2016-6311 CONFIRM |
rhev -- rhev | oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | 2017-08-22 | not yet calculated | CVE-2016-6310 BID CONFIRM |
riverbed -- opnet_app_response_xpert | Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. | 2017-08-26 | not yet calculated | CVE-2017-7693 MISC |
salt -- salt | Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | 2017-08-25 | not yet calculated | CVE-2015-4017 MLIST CONFIRM CONFIRM CONFIRM |
saltstack -- saltstack | Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. | 2017-08-23 | not yet calculated | CVE-2017-12791 BID MISC MISC CONFIRM CONFIRM CONFIRM |
samsung -- galaxy_s4
| The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. | 2017-08-24 | not yet calculated | CVE-2015-1800 MLIST MLIST MLIST BID |
samsung -- galaxy_s4
| The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. | 2017-08-24 | not yet calculated | CVE-2015-1801 MLIST MLIST BID |
samsung -- galaxy_s6 | LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. | 2017-08-24 | not yet calculated | CVE-2015-7896 MISC BID CONFIRM EXPLOIT-DB |
spidercontrol -- scada_microbrowser | A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. | 2017-08-25 | not yet calculated | CVE-2017-12707 BID MISC |
spidercontrol -- scada_web_server | A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. | 2017-08-25 | not yet calculated | CVE-2017-12694 BID MISC |
supervisor -- supervisor | The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. | 2017-08-23 | not yet calculated | CVE-2017-11610 DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM FEDORA FEDORA FEDORA |
symantec -- vip_access_for_desktop | Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application. | 2017-08-21 | not yet calculated | CVE-2017-6329 BID CONFIRM |
synology -- photo_station_uploader | Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 2017-08-23 | not yet calculated | CVE-2017-11159 CONFIRM |
synology -- photo_station | Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | 2017-08-24 | not yet calculated | CVE-2017-9555 CONFIRM |
synology -- synology_dns_server | Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. | 2017-08-24 | not yet calculated | CVE-2017-12074 CONFIRM |
telerik -- telerik.web.ui | Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | 2017-08-23 | not yet calculated | CVE-2017-11357 CONFIRM |
telerik -- telerik.web.ui | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | 2017-08-23 | not yet calculated | CVE-2017-11317 CONFIRM |
tidy -- tidy | In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. | 2017-08-25 | not yet calculated | CVE-2017-13692 CONFIRM |
ubuntu -- apport | Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges. | 2017-08-25 | not yet calculated | CVE-2015-1325 MLIST BID UBUNTU EXPLOIT-DB |
ubuntu -- apport | apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges. | 2017-08-25 | not yet calculated | CVE-2015-1324 BID UBUNTU CONFIRM |
ubuntu -- concurrent_versions_system | CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar." | 2017-08-24 | not yet calculated | CVE-2017-12836 MLIST DEBIAN MLIST MLIST BID UBUNTU MISC |
unity_technologies -- unity_editor | A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. | 2017-08-18 | not yet calculated | CVE-2017-12939 BID CONFIRM |
unrealircd -- unrealircd | UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command. | 2017-08-23 | not yet calculated | CVE-2017-13649 MISC |
util-linux -- util-linux | The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. | 2017-08-23 | not yet calculated | CVE-2015-5224 MLIST BID CONFIRM CONFIRM |
westermo -- multiple_routers | A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. | 2017-08-25 | not yet calculated | CVE-2017-12709 BID MISC |
westermo -- multiple_routers | A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. | 2017-08-25 | not yet calculated | CVE-2017-12703 BID MISC |
wordpress -- photo_gallery_plugin | The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter. | 2017-08-20 | not yet calculated | CVE-2017-12977 MISC MISC |
xen -- xen | Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | 2017-08-24 | not yet calculated | CVE-2017-12136 MLIST BID SECTRACK CONFIRM MISC CONFIRM |
xen -- xen | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | 2017-08-24 | not yet calculated | CVE-2017-12137 MLIST BID SECTRACK CONFIRM MISC CONFIRM |
xen -- xen | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | 2017-08-24 | not yet calculated | CVE-2017-12135 MLIST MLIST BID SECTRACK CONFIRM MISC CONFIRM |
xen -- xen | The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. | 2017-08-24 | not yet calculated | CVE-2017-12134 MLIST BID SECTRACK CONFIRM MISC CONFIRM |
zen_cart -- zen_cart | Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | 2017-08-24 | not yet calculated | CVE-2015-8352 BUGTRAQ MISC CONFIRM |
zend-diactoros -- zend-diactoros | Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. | 2017-08-25 | not yet calculated | CVE-2015-3257 BID CONFIRM |
zte_adsl -- w300_modems | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. | 2017-08-24 | not yet calculated | CVE-2015-7259 MISC MISC FULLDISC EXPLOIT-DB |
zte_adsl -- w300_modems | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | 2017-08-24 | not yet calculated | CVE-2015-7258 MISC MISC FULLDISC EXPLOIT-DB |
zte_adsl -- w300_modems | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". | 2017-08-24 | not yet calculated | CVE-2015-7257 MISC MISC FULLDISC EXPLOIT-DB |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.