Vulnerability Summary for the Week of August 28, 2017
Released
Sep 04, 2017
Document ID
SB17-247
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| arubanetworks -- clearpass | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking. | 2017-08-29 | 9.0 | CVE-2015-3653 CONFIRM |
| arubanetworks -- clearpass | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. | 2017-08-29 | 9.0 | CVE-2015-3654 CONFIRM |
| arubanetworks -- clearpass | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. | 2017-08-29 | 9.0 | CVE-2015-4649 CONFIRM BID |
| barracuda -- load_balancer | Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. | 2017-08-28 | 7.5 | CVE-2014-8426 MISC FULLDISC |
| barracuda -- load_balancer | Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. | 2017-08-28 | 7.5 | CVE-2014-8428 MISC FULLDISC |
| basercms -- basercms | SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2017-08-28 | 7.5 | CVE-2017-10842 JVN MISC |
| canonical -- ubuntu_linux | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. | 2017-08-25 | 7.1 | CVE-2014-9637 CONFIRM FEDORA FEDORA MLIST BID UBUNTU CONFIRM CONFIRM CONFIRM |
| canonical -- ubuntu_linux | Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | 2017-08-25 | 7.2 | CVE-2015-1324 BID UBUNTU CONFIRM |
| canonical -- ubuntu_linux | Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. | 2017-08-25 | 7.8 | CVE-2015-1395 FEDORA FEDORA MLIST BID UBUNTU MISC CONFIRM CONFIRM CONFIRM |
| crushftp -- crushftp | CrushFTP 8.x before 8.2.0 has a serialization vulnerability. | 2017-08-30 | 7.5 | CVE-2017-14035 CONFIRM |
| gnu -- binutils | The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). | 2017-08-28 | 7.1 | CVE-2017-13716 MISC |
| graphicsmagick -- graphicsmagick | GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests. | 2017-08-30 | 7.1 | CVE-2017-13775 CONFIRM MISC BID |
| graphicsmagick -- graphicsmagick | GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | 2017-08-30 | 7.1 | CVE-2017-13776 CONFIRM MISC BID |
| graphicsmagick -- graphicsmagick | GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request it. | 2017-08-30 | 7.1 | CVE-2017-13777 CONFIRM MISC BID |
| imagemagick -- imagemagick | The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. | 2017-08-29 | 7.1 | CVE-2017-12875 CONFIRM |
| kamailio -- kamailio | Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | 2017-08-29 | 7.5 | CVE-2013-7426 MLIST BID CONFIRM |
| kaspersky -- kaspersky_internet_security | In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | 2017-08-25 | 7.5 | CVE-2017-12816 BID CONFIRM |
| moj.go -- commercial_registration_electronic_authentication_software | Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-28 | 9.3 | CVE-2017-10831 MISC JVN |
| nippon-antenna -- scr02hd_firmware | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2017-08-28 | 10.0 | CVE-2017-10832 MISC JVN |
| ntt -- flets_azukuu_pc_automatic_backup_tool | Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-28 | 9.3 | CVE-2017-10827 MISC JVN |
| ntt -- flets_install_tool | Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-28 | 9.3 | CVE-2017-10828 MISC JVN |
| ntt -- flets_setsuzoku_tool | Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-28 | 9.3 | CVE-2017-2242 MISC JVN |
| ntt -- security_kinou_mihariban | Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-28 | 9.3 | CVE-2017-10826 MISC JVN |
| ntt -- security_setup_tool | Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-28 | 9.3 | CVE-2017-10830 MISC JVN |
| nttdocomo -- photo_collection_pc_software | Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-28 | 9.3 | CVE-2017-10812 JVN |
| optim -- optimal_guard | Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-28 | 9.3 | CVE-2017-10836 JVN MISC |
| smartcms -- smartcms | Multiple SQL injection vulnerabilities in SmartCMS v.2. | 2017-08-28 | 7.5 | CVE-2014-9558 MISC FULLDISC BID |
| spidercontrol -- scada_microbrowser | A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. | 2017-08-25 | 7.5 | CVE-2017-12707 BID MISC |
| wireshark -- wireshark | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. | 2017-08-30 | 7.8 | CVE-2017-13767 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| xymon -- xymon | Buffer overflow in xymon 4.3.17-1. | 2017-08-28 | 7.5 | CVE-2015-1430 MLIST |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advantech -- webaccess | A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | 2017-08-30 | 6.8 | CVE-2017-12704 BID MISC |
| apache -- atlas | Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img. | 2017-08-29 | 5.0 | CVE-2016-8752 MLIST |
| apache -- atlas | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. | 2017-08-29 | 4.3 | CVE-2017-3150 BID MLIST |
| apache -- atlas | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality. | 2017-08-29 | 4.3 | CVE-2017-3151 BID MLIST |
| apache -- atlas | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. | 2017-08-29 | 4.3 | CVE-2017-3152 BID MLIST |
| apache -- atlas | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | 2017-08-29 | 4.3 | CVE-2017-3153 BID MLIST |
| apache -- atlas | Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information. | 2017-08-29 | 5.0 | CVE-2017-3154 MLIST |
| apache -- atlas | Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. | 2017-08-29 | 4.3 | CVE-2017-3155 MLIST |
| arubanetworks -- clearpass | Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token. | 2017-08-29 | 6.8 | CVE-2015-3655 CONFIRM |
| arubanetworks -- clearpass | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | 2017-08-29 | 6.5 | CVE-2015-3656 CONFIRM |
| arubanetworks -- clearpass | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. | 2017-08-29 | 6.5 | CVE-2015-3657 CONFIRM |
| basercms -- basercms | baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. | 2017-08-28 | 6.4 | CVE-2017-10843 JVN MISC |
| basercms -- basercms | baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | 2017-08-28 | 6.5 | CVE-2017-10844 JVN MISC |
| blackcat-cms -- blackcat_cms | In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajax_upload.php, as demonstrated by a ZIP archive that contains a .php file. | 2017-08-31 | 4.0 | CVE-2017-13670 MISC |
| blackcat-cms -- blackcat_cms | BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php. NOTE: this can be exploited via CSRF. | 2017-08-31 | 6.5 | CVE-2017-14048 MISC |
| blackcat-cms -- blackcat_cms | In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file. | 2017-08-31 | 6.5 | CVE-2017-14050 MISC |
| bmc -- footprints_service_core | Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. | 2017-08-28 | 4.3 | CVE-2014-9514 BUGTRAQ |
| c.p.sub_project -- c.p.sub | Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php. | 2017-08-29 | 4.3 | CVE-2017-12856 CONFIRM |
| canonical -- ubuntu_linux | Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges. | 2017-08-25 | 6.9 | CVE-2015-1325 MLIST BID UBUNTU EXPLOIT-DB |
| coremail -- coremail_xt | Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. | 2017-08-29 | 4.3 | CVE-2015-6942 FULLDISC |
| crushftp -- crushftp | CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. | 2017-08-30 | 4.3 | CVE-2017-14036 CONFIRM CONFIRM |
| crushftp -- crushftp | CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. | 2017-08-30 | 4.3 | CVE-2017-14037 CONFIRM CONFIRM |
| crushftp -- crushftp | CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. | 2017-08-30 | 5.8 | CVE-2017-14038 CONFIRM CONFIRM |
| cybozu -- garoon | Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input | 2017-08-28 | 4.0 | CVE-2017-2254 JVN CONFIRM |
| cybozu -- garoon | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. | 2017-08-28 | 4.3 | CVE-2017-2257 JVN CONFIRM |
| cybozu -- garoon | Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". | 2017-08-28 | 4.0 | CVE-2017-2258 JVN CONFIRM |
| exponentcms -- exponent_cms | Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. | 2017-08-28 | 4.3 | CVE-2015-1177 MISC BUGTRAQ BID |
| ffmpeg -- ffmpeg | Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. | 2017-08-28 | 5.0 | CVE-2012-2805 MISC CONFIRM |
| finecms_project -- finecms | controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. | 2017-08-25 | 4.3 | CVE-2017-13697 MISC |
| fiyo -- fiyo_cms | Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | 2017-08-30 | 4.3 | CVE-2017-13778 MISC |
| gnu -- binutils | The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small. | 2017-08-27 | 5.0 | CVE-2017-13710 BID CONFIRM |
| gnu -- binutils | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c. | 2017-08-29 | 4.3 | CVE-2017-13757 BID CONFIRM CONFIRM |
| gnu -- emacs | Emacs 24.4 allows remote attackers to bypass security restrictions. | 2017-08-28 | 5.0 | CVE-2014-9483 MLIST XF CONFIRM |
| gnu -- ncurses | There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13728 MISC |
| gnu -- ncurses | There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13729 MISC |
| gnu -- ncurses | There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13730 MISC |
| gnu -- ncurses | There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13731 MISC |
| gnu -- ncurses | There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13732 MISC |
| gnu -- ncurses | There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13733 MISC |
| gnu -- ncurses | There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13734 MISC |
| good -- good_for_enterprise | Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40. | 2017-08-28 | 4.3 | CVE-2014-4925 MISC FULLDISC XF |
| graphicsmagick -- graphicsmagick | There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13736 BID MISC |
| graphicsmagick -- graphicsmagick | There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13737 MISC MISC |
| graphicsmagick -- graphicsmagick | A memory allocation failure was discovered in the ReadPNMImage function in coders/pnm.c in GraphicsMagick 1.3.26. The vulnerability causes a big memory allocation, which may lead to remote denial of service in the MagickRealloc function in magick/memory.c. | 2017-08-30 | 4.3 | CVE-2017-14042 MISC BID MISC |
| htacg -- tidy | In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. | 2017-08-25 | 5.0 | CVE-2017-13692 BID CONFIRM |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127579. | 2017-08-29 | 4.3 | CVE-2017-1427 CONFIRM MISC |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 127583. | 2017-08-29 | 5.8 | CVE-2017-1428 CONFIRM MISC |
| ibm -- curam_social_program_management | IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM X-Force ID: 120915. | 2017-08-28 | 4.0 | CVE-2017-1110 CONFIRM MISC |
| ibm -- curam_social_program_management | IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670. | 2017-08-29 | 5.8 | CVE-2017-1195 CONFIRM MISC |
| ibm -- emptoris_services_procurement | IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105. | 2017-08-30 | 6.5 | CVE-2017-1440 CONFIRM BID MISC |
| ibm -- emptoris_services_procurement | IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107. | 2017-08-30 | 6.8 | CVE-2017-1442 CONFIRM BID MISC |
| ibm -- emptoris_services_procurement | IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109. | 2017-08-30 | 4.3 | CVE-2017-1443 CONFIRM BID MISC |
| ibm -- en6131_firmware | CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. | 2017-08-25 | 4.3 | CVE-2014-9564 BID CONFIRM |
| ibm -- sametime | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user to upload a malicious file to a Sametime meeting room, that could be downloaded by unsuspecting users which could be executed with user privileges. IBM X-Force ID: 111893. | 2017-08-29 | 6.0 | CVE-2016-0354 CONFIRM SECTRACK MISC |
| ibm -- sametime | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111894. | 2017-08-29 | 4.0 | CVE-2016-0355 CONFIRM SECTRACK MISC |
| ibm -- sametime | IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an authenticated user that has been invited to a Sametime meeting room, to cause the screen sharing to cease through the use of cross-site request forgery. IBM X-Force ID: 111895. | 2017-08-29 | 4.0 | CVE-2016-0356 CONFIRM SECTRACK MISC |
| ibm -- sametime | IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928. | 2017-08-29 | 4.0 | CVE-2016-0358 CONFIRM BID MISC |
| ibm -- sametime | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803. | 2017-08-29 | 4.0 | CVE-2016-10503 CONFIRM MISC |
| ibm -- sametime | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804. | 2017-08-29 | 4.0 | CVE-2016-2959 CONFIRM SECTRACK MISC |
| ibm -- sametime | IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error message to a user that is too detailed and may reveal details about the application. IBM X-Force ID: 113813. | 2017-08-29 | 5.0 | CVE-2016-2964 CONFIRM BID MISC |
| ibm -- sametime | IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846. | 2017-08-29 | 4.3 | CVE-2016-2965 CONFIRM SECTRACK MISC |
| ibm -- sametime | IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847. | 2017-08-29 | 4.0 | CVE-2016-2966 CONFIRM BID MISC |
| ibm -- sametime | IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850. | 2017-08-29 | 4.0 | CVE-2016-2969 CONFIRM SECTRACK MISC |
| ibm -- sametime | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936. | 2017-08-29 | 4.0 | CVE-2016-2976 CONFIRM BID MISC |
| ibm -- sametime | IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user to lower other users hands in the meeting. IBM X-Force ID: 113937. | 2017-08-29 | 4.0 | CVE-2016-2977 CONFIRM SECTRACK MISC |
| ibm -- sametime | The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script injection where a malicious site can inject their own script by exploiting a vulnerability in the way that the WebPlayer works. IBM X-Force ID: 113993. | 2017-08-29 | 6.8 | CVE-2016-2980 CONFIRM BID MISC |
| ibm -- urbancode_deploy | Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. | 2017-08-28 | 6.8 | CVE-2014-8900 CONFIRM BID |
| imagemagick -- imagemagick | Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | 2017-08-28 | 4.3 | CVE-2017-12876 MLIST MISC CONFIRM |
| imagemagick -- imagemagick | Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | 2017-08-28 | 4.3 | CVE-2017-12877 MLIST MISC CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. | 2017-08-29 | 4.3 | CVE-2017-13758 SECTRACK CONFIRM |
| imagemagick -- imagemagick | Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. | 2017-08-30 | 4.3 | CVE-2017-13768 BID CONFIRM |
| imagemagick -- imagemagick | The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. | 2017-08-30 | 4.3 | CVE-2017-13769 CONFIRM |
| jasper_project -- jasper | There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | 2017-08-29 | 5.0 | CVE-2017-13745 BID MISC |
| jasper_project -- jasper | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. | 2017-08-29 | 5.0 | CVE-2017-13746 BID MISC |
| jasper_project -- jasper | There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | 2017-08-29 | 5.0 | CVE-2017-13747 BID MISC |
| jasper_project -- jasper | There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. | 2017-08-29 | 5.0 | CVE-2017-13748 BID MISC |
| jasper_project -- jasper | There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | 2017-08-29 | 5.0 | CVE-2017-13749 BID MISC |
| jasper_project -- jasper | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | 2017-08-29 | 5.0 | CVE-2017-13750 BID MISC |
| jasper_project -- jasper | There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | 2017-08-29 | 5.0 | CVE-2017-13751 BID MISC |
| jasper_project -- jasper | There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | 2017-08-29 | 5.0 | CVE-2017-13752 BID MISC |
| kaspersky -- kaspersky_internet_security | In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. | 2017-08-25 | 5.0 | CVE-2017-12817 BID CONFIRM |
| lame_project -- lame | NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. | 2017-08-28 | 5.0 | CVE-2017-13712 BID MISC |
| libfpx_project -- libfpx | Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. | 2017-08-28 | 4.3 | CVE-2017-12919 MLIST MISC |
| libfpx_project -- libfpx | CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | 2017-08-28 | 4.3 | CVE-2017-12920 MLIST MISC |
| libfpx_project -- libfpx | PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | 2017-08-28 | 4.3 | CVE-2017-12921 MLIST MISC |
| libfpx_project -- libfpx | wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | 2017-08-28 | 4.3 | CVE-2017-12922 MLIST MISC |
| libfpx_project -- libfpx | OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. | 2017-08-28 | 4.3 | CVE-2017-12923 MLIST MISC |
| libfpx_project -- libfpx | CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image. | 2017-08-28 | 4.3 | CVE-2017-12924 MLIST MISC |
| libfpx_project -- libfpx | Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. | 2017-08-28 | 4.3 | CVE-2017-12925 MLIST MISC |
| libgig0 -- libgig | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | 2017-08-28 | 4.3 | CVE-2017-12950 FULLDISC |
| libgig0 -- libgig | The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file. | 2017-08-28 | 4.3 | CVE-2017-12951 FULLDISC |
| libgig0 -- libgig | The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. | 2017-08-28 | 4.3 | CVE-2017-12952 FULLDISC |
| libgig0 -- libgig | The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. | 2017-08-28 | 4.3 | CVE-2017-12953 FULLDISC |
| libgig0 -- libgig | The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. | 2017-08-28 | 4.3 | CVE-2017-12954 FULLDISC |
| libhtp_project -- libhtp | libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference). | 2017-08-28 | 5.0 | CVE-2015-0928 BID MISC |
| liblouis -- liblouis | There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. | 2017-08-29 | 6.8 | CVE-2017-13738 MISC |
| liblouis -- liblouis | There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution. | 2017-08-29 | 6.8 | CVE-2017-13739 MISC |
| liblouis -- liblouis | There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. | 2017-08-29 | 6.8 | CVE-2017-13740 MISC |
| liblouis -- liblouis | There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13741 MISC |
| liblouis -- liblouis | There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13742 MISC |
| liblouis -- liblouis | There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13743 MISC |
| liblouis -- liblouis | There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0. | 2017-08-29 | 4.3 | CVE-2017-13744 MISC |
| libraw -- libraw | There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. | 2017-08-29 | 5.0 | CVE-2017-13735 MISC |
| libtiff -- libtiff | There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13726 MISC BID |
| libtiff -- libtiff | There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | 2017-08-29 | 4.3 | CVE-2017-13727 MISC BID |
| linux -- linux_kernel | An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access. | 2017-08-31 | 4.9 | CVE-2017-14051 BID MISC MISC |
| linx -- linux_kernel | The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | 2017-08-25 | 4.9 | CVE-2017-13693 BID MISC MISC |
| mantisbt -- mantisbt | Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20. | 2017-08-28 | 4.3 | CVE-2015-2046 MLIST MLIST CONFIRM |
| mapsplugin -- googlemaps | Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter. | 2017-08-28 | 4.3 | CVE-2013-7430 CONFIRM MLIST |
| mapsplugin -- googlemaps | Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!. | 2017-08-29 | 5.0 | CVE-2013-7431 MISC CONFIRM MLIST |
| mapsplugin -- googlemaps | The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism. | 2017-08-29 | 5.0 | CVE-2013-7432 MISC CONFIRM MLIST |
| mapsplugin -- googlemaps | Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!. | 2017-08-29 | 4.3 | CVE-2013-7433 MISC CONFIRM MLIST |
| modx -- modx_revolution | Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | 2017-08-29 | 4.3 | CVE-2015-6588 MISC |
| mpg123 -- mpg123 | Buffer overflow in mpg123 before 1.18.0. | 2017-08-29 | 5.0 | CVE-2014-9497 MLIST GENTOO MISC |
| nippon-antenna -- scr02hd_firmware | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. | 2017-08-28 | 6.4 | CVE-2017-10833 MISC JVN |
| nippon-antenna -- scr02hd_firmware | Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | 2017-08-28 | 4.0 | CVE-2017-10834 MISC JVN |
| nippon-antenna -- scr02hd_firmware | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | 2017-08-28 | 6.5 | CVE-2017-10835 MISC JVN |
| onosproject -- onos | ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. | 2017-08-29 | 4.3 | CVE-2017-13762 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| onosproject -- onos | ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size is not limited. | 2017-08-29 | 5.0 | CVE-2017-13763 CONFIRM CONFIRM |
| openjpeg -- openjpeg | Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. | 2017-08-30 | 4.3 | CVE-2016-10504 BID CONFIRM CONFIRM |
| openjpeg -- openjpeg | NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | 2017-08-30 | 4.3 | CVE-2016-10505 CONFIRM CONFIRM CONFIRM CONFIRM |
| openjpeg -- openjpeg | Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | 2017-08-30 | 4.3 | CVE-2016-10506 BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| openjpeg -- openjpeg | Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. | 2017-08-30 | 4.3 | CVE-2016-10507 BID CONFIRM CONFIRM |
| openjpeg -- openjpeg | A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. | 2017-08-30 | 6.8 | CVE-2017-14039 BID MISC MISC MISC |
| openjpeg -- openjpeg | An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. | 2017-08-30 | 6.8 | CVE-2017-14040 BID MISC MISC MISC |
| openjpeg -- openjpeg | A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | 2017-08-30 | 6.8 | CVE-2017-14041 BID MISC MISC MISC |
| osisoft -- pi_data_archive | An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. | 2017-08-25 | 5.8 | CVE-2017-7930 BID MISC |
| osisoft -- pi_data_archive | An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. | 2017-08-25 | 4.3 | CVE-2017-7934 BID MISC |
| osisoft -- pi_web_api | A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. | 2017-08-25 | 6.8 | CVE-2017-7926 BID MISC |
| phpmybackuppro -- phpmybackuppro | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050. | 2017-08-25 | 5.0 | CVE-2015-4180 MLIST |
| phpmybackuppro -- phpmybackuppro | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. | 2017-08-25 | 5.0 | CVE-2015-4181 MLIST |
| redhat -- satellite | Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | 2017-08-28 | 4.3 | CVE-2014-0141 CONFIRM |
| riverbed -- opnet_app_response_xpert | Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. | 2017-08-26 | 6.8 | CVE-2017-7693 MISC |
| saltstack -- salt | Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | 2017-08-25 | 5.0 | CVE-2015-4017 MLIST CONFIRM CONFIRM CONFIRM |
| seopanel -- seo_panel | Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 2017-08-28 | 4.3 | CVE-2017-10838 JVN |
| seopanel -- seo_panel | SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 2017-08-28 | 6.5 | CVE-2017-10839 JVN |
| smartcms -- smartcms | Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2. | 2017-08-28 | 4.3 | CVE-2014-9557 MISC FULLDISC |
| spidercontrol -- scada_web_server | A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. | 2017-08-25 | 5.0 | CVE-2017-12694 BID MISC |
| sqlite -- sqlite | The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. | 2017-08-29 | 4.3 | CVE-2017-13685 MISC BID |
| synology -- diskstation_manager | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | 2017-08-28 | 4.0 | CVE-2017-12076 CONFIRM |
| synology -- router_manager | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | 2017-08-28 | 4.0 | CVE-2017-12077 CONFIRM |
| unshield_project -- unshield | Directory traversal vulnerability in unshield 1.0-1. | 2017-08-28 | 5.0 | CVE-2015-1386 MLIST CONFIRM |
| vbulletin -- vbulletin | Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. | 2017-08-28 | 4.3 | CVE-2014-9469 MISC FULLDISC BID |
| w1.fi -- wpa_supplicant | wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | 2017-08-28 | 4.3 | CVE-2015-0210 CONFIRM CONFIRM |
| web-dorado -- photo_gallery | Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. | 2017-08-28 | 6.5 | CVE-2014-9312 MISC MISC BID |
| webcalendar_project -- webcalendar | Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 2017-08-28 | 4.3 | CVE-2017-10840 MISC JVN |
| webcalendar_project -- webcalendar | Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. | 2017-08-28 | 4.0 | CVE-2017-10841 MISC JVN |
| westermo -- mrd-315-din_firmware | A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. | 2017-08-25 | 5.0 | CVE-2016-5816 MISC |
| westermo -- mrd-315-din_firmware | A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. | 2017-08-25 | 6.8 | CVE-2017-12703 BID MISC |
| wireshark -- wireshark | In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation. | 2017-08-30 | 5.0 | CVE-2017-13764 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation. | 2017-08-30 | 5.0 | CVE-2017-13765 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation. | 2017-08-30 | 5.0 | CVE-2017-13766 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| zend -- diactoros | Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. | 2017-08-25 | 4.3 | CVE-2015-3257 BID CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| blackcat-cms -- blackcat_cms | In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows remote authenticated users to conduct XSS attacks via the Website header or Website footer field. | 2017-08-31 | 3.5 | CVE-2017-14049 MISC |
| cybozu -- garoon | Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". | 2017-08-28 | 3.5 | CVE-2017-2255 JVN CONFIRM |
| cybozu -- garoon | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". | 2017-08-28 | 3.5 | CVE-2017-2256 JVN CONFIRM |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623. | 2017-08-29 | 3.5 | CVE-2017-1485 CONFIRM MISC |
| ibm -- cognos_analytics | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130677. | 2017-08-29 | 3.5 | CVE-2017-1535 CONFIRM MISC |
| ibm -- curam_social_program_management | IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761. | 2017-08-28 | 3.5 | CVE-2016-9732 CONFIRM MISC |
| ibm -- emptoris_services_procurement | IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106. | 2017-08-30 | 2.1 | CVE-2017-1441 CONFIRM BID MISC |
| ibm -- sametime | IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848. | 2017-08-29 | 3.5 | CVE-2016-2967 CONFIRM BID MISC |
| ibm -- sametime | IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. IBM X-Force ID: 113855. | 2017-08-29 | 2.1 | CVE-2016-2972 CONFIRM SECTRACK MISC |
| ibm -- sametime | IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime Rich Client, could disclose potentially sensitive information related to the Sametime environment as well as other users on the local machine of the user. IBM X-Force ID: 113934. | 2017-08-29 | 2.1 | CVE-2016-2974 CONFIRM BID MISC |
| ibm -- sametime | IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935. | 2017-08-29 | 3.5 | CVE-2016-2975 CONFIRM BID MISC |
| ibm -- sametime | IBM Sametime 8.5.2 and 9.0 could store potentially sensitive information from the browser cache locally that could be available to a local user. IBM X-Force ID: 113938. | 2017-08-29 | 2.1 | CVE-2016-2978 CONFIRM BID MISC |
| ibm -- sametime | IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945. | 2017-08-29 | 3.5 | CVE-2016-2979 CONFIRM SECTRACK MISC |
| linx -- linux_kernel | The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | 2017-08-25 | 2.1 | CVE-2017-13694 BID MISC MISC |
| linx -- linux_kernel | The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | 2017-08-25 | 2.1 | CVE-2017-13695 BID MISC MISC |
| sleuthkit -- the_sleuth_kit | In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image triggers an out-of-bounds read in iso9660_proc_dir() in tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. | 2017-08-29 | 2.1 | CVE-2017-13755 MISC |
| sleuthkit -- the_sleuth_kit | In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. | 2017-08-29 | 2.1 | CVE-2017-13756 MISC |
| sleuthkit -- the_sleuth_kit | In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in tsk_img_read() in tsk/img/img_io.c in libtskimg.a. | 2017-08-29 | 2.1 | CVE-2017-13760 MISC |
| westermo -- mrd-315-din_firmware | A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. | 2017-08-25 | 2.1 | CVE-2017-12709 BID MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| N/A -- N/A | The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. | 2017-08-28 | not yet calculated | CVE-2013-0870 CONFIRM MLIST CONFIRM |
| N/A -- N/A | Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. | 2017-08-28 | not yet calculated | CVE-2014-5301 MISC MISC FULLDISC SECUNIA BUGTRAQ XF EXPLOIT-DB |
| N/A -- N/A | Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code. | 2017-08-28 | not yet calculated | CVE-2014-5302 MISC FULLDISC FULLDISC SECUNIA SECUNIA BUGTRAQ XF |
| N/A -- N/A | D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | 2017-08-25 | not yet calculated | CVE-2014-7857 MISC FULLDISC CONFIRM BUGTRAQ BID |
| N/A -- N/A | Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | 2017-08-28 | not yet calculated | CVE-2014-8163 CONFIRM CONFIRM |
| N/A -- N/A | Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | 2017-08-28 | not yet calculated | CVE-2014-8168 CONFIRM |
| N/A -- N/A | DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. | 2017-08-28 | not yet calculated | CVE-2014-8393 MISC FULLDISC SECUNIA MISC BUGTRAQ BID SECTRACK |
| N/A -- N/A | Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash. | 2017-08-31 | not yet calculated | CVE-2014-8675 MISC FULLDISC BID EXPLOIT-DB |
| N/A -- N/A | Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter. | 2017-08-31 | not yet calculated | CVE-2014-8676 MISC FULLDISC BID EXPLOIT-DB |
| N/A -- N/A | The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name. | 2017-08-31 | not yet calculated | CVE-2014-8677 MISC FULLDISC BID EXPLOIT-DB |
| N/A -- N/A | Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6. | 2017-08-28 | not yet calculated | CVE-2014-8753 MISC FULLDISC BID |
| N/A -- N/A | Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier. | 2017-08-28 | not yet calculated | CVE-2014-8871 MISC FULLDISC BUGTRAQ BID |
| N/A -- N/A | Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. | 2017-08-28 | not yet calculated | CVE-2014-8872 MISC FULLDISC BUGTRAQ |
| N/A -- N/A | Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. | 2017-08-28 | not yet calculated | CVE-2014-9513 MLIST BID XF |
| N/A -- N/A | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5. | 2017-08-28 | not yet calculated | CVE-2015-0101 CONFIRM BID |
| N/A -- N/A | Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. | 2017-08-28 | not yet calculated | CVE-2015-0114 CONFIRM BID |
| N/A -- N/A | Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. | 2017-08-28 | not yet calculated | CVE-2015-0233 FEDORA CONFIRM |
| N/A -- N/A | Multiple temporary file creation vulnerabilities in pki-core 10.2.0. | 2017-08-28 | not yet calculated | CVE-2015-0234 CONFIRM MISC |
| N/A -- N/A | Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll. | 2017-08-28 | not yet calculated | CVE-2015-0974 MISC |
| N/A -- N/A | Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. | 2017-08-28 | not yet calculated | CVE-2015-1198 MLIST BID |
| N/A -- N/A | Directory traversal vulnerability in ppmd 10.1-5. | 2017-08-28 | not yet calculated | CVE-2015-1199 MLIST |
| N/A -- N/A | Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | 2017-08-28 | not yet calculated | CVE-2015-1401 MLIST MLIST BID |
| N/A -- N/A | The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. | 2017-08-28 | not yet calculated | CVE-2015-1443 MLIST CONFIRM MLIST |
| N/A -- N/A | HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30. | 2017-08-28 | not yet calculated | CVE-2015-1445 MLIST CONFIRM MLIST |
| N/A -- N/A | kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). | 2017-08-28 | not yet calculated | CVE-2015-1554 MLIST CONFIRM |
| N/A -- N/A | Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier. | 2017-08-28 | not yet calculated | CVE-2015-1600 MISC BUGTRAQ BID MISC |
| N/A -- N/A | Directory traversal vulnerability in ES File Explorer 3.2.4.1. | 2017-08-28 | not yet calculated | CVE-2015-1876 MISC |
| N/A -- N/A | Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. | 2017-08-28 | not yet calculated | CVE-2015-3976 MISC |
| N/A -- N/A | Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. | 2017-08-29 | not yet calculated | CVE-2015-5209 BID SECTRACK CONFIRM |
| N/A -- N/A | Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set. | 2017-08-31 | not yet calculated | CVE-2015-5695 MLIST MLIST MLIST CONFIRM CONFIRM CONFIRM |
| N/A -- N/A | mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. | 2017-08-25 | not yet calculated | CVE-2015-5700 MLIST MISC CONFIRM CONFIRM CONFIRM |
| N/A -- N/A | phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. | 2017-08-31 | not yet calculated | CVE-2015-5958 MISC |
| N/A -- N/A | ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. | 2017-08-29 | not yet calculated | CVE-2015-7255 CERT-VN MISC MISC |
| N/A -- N/A | Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/. | 2017-08-29 | not yet calculated | CVE-2015-7517 MISC BID MISC MISC |
| N/A -- N/A | Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors. | 2017-08-31 | not yet calculated | CVE-2015-7700 CONFIRM CONFIRM |
| N/A -- N/A | Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. | 2017-08-31 | not yet calculated | CVE-2015-7711 MISC MISC FULLDISC BUGTRAQ |
| N/A -- N/A | NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | 2017-09-01 | not yet calculated | CVE-2015-7746 CONFIRM |
| N/A -- N/A | Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet. | 2017-08-29 | not yet calculated | CVE-2015-8299 MISC |
| N/A -- N/A | Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. | 2017-08-28 | not yet calculated | CVE-2015-8300 MISC FULLDISC |
| N/A -- N/A | Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." | 2017-08-28 | not yet calculated | CVE-2015-8332 CONFIRM |
| N/A -- N/A | SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | 2017-08-29 | not yet calculated | CVE-2015-8334 CONFIRM |
| N/A -- N/A | The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. | 2017-08-28 | not yet calculated | CVE-2016-0634 MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST BID CONFIRM GENTOO |
| N/A -- N/A | Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. | 2017-08-31 | not yet calculated | CVE-2016-0713 CONFIRM MLIST |
| N/A -- N/A | Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. | 2017-08-31 | not yet calculated | CVE-2016-10508 CONFIRM |
| N/A -- N/A | SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php. | 2017-08-31 | not yet calculated | CVE-2016-10509 CONFIRM CONFIRM |
| N/A -- N/A | Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php. | 2017-08-31 | not yet calculated | CVE-2016-10510 CONFIRM CONFIRM |
| N/A -- N/A | NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. | 2017-09-01 | not yet calculated | CVE-2016-1895 CONFIRM |
| N/A -- N/A | IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. | 2017-08-28 | not yet calculated | CVE-2016-2970 CONFIRM BID SECTRACK MISC |
| N/A -- N/A | IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898. | 2017-08-29 | not yet calculated | CVE-2016-2971 CONFIRM SECTRACK MISC |
| N/A -- N/A | IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899. | 2017-08-29 | not yet calculated | CVE-2016-2973 CONFIRM SECTRACK MISC |
| N/A -- N/A | By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01 | 2017-08-30 | not yet calculated | CVE-2016-4462 MLIST |
| N/A -- N/A | This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token. | 2017-08-30 | not yet calculated | CVE-2016-5001 MLIST BID |
| N/A -- N/A | An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. | 2017-08-31 | not yet calculated | CVE-2016-5795 BID MISC |
| N/A -- N/A | The default configuration of the OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not properly sanitized. It is possible to inject arbitrary JavaScript code in these form fields. This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01. | 2017-08-30 | not yet calculated | CVE-2016-6800 MLIST |
| N/A -- N/A | FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on. | 2017-08-28 | not yet calculated | CVE-2016-7030 MLIST BID CONFIRM CONFIRM |
| N/A -- N/A | Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. | 2017-08-29 | not yet calculated | CVE-2017-0379 BID MISC MISC MISC MISC MISC MISC |
| N/A -- N/A | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. | 2017-08-31 | not yet calculated | CVE-2017-0899 MISC BID SECTRACK MISC MISC MISC |
| N/A -- N/A | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. | 2017-08-31 | not yet calculated | CVE-2017-0900 MISC BID SECTRACK MISC MISC |
| N/A -- N/A | RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | 2017-08-31 | not yet calculated | CVE-2017-0901 MISC BID SECTRACK MISC MISC |
| N/A -- N/A | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | 2017-08-31 | not yet calculated | CVE-2017-0902 MISC SECTRACK MISC MISC |
| N/A -- N/A | Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-01 | not yet calculated | CVE-2017-10829 CONFIRM MISC JVN |
| N/A -- N/A | Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 2017-08-28 | not yet calculated | CVE-2017-10837 JVN MISC |
| N/A -- N/A | Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-01 | not yet calculated | CVE-2017-10848 CONFIRM JVN |
| N/A -- N/A | Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-01 | not yet calculated | CVE-2017-10849 CONFIRM JVN |
| N/A -- N/A | Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C2271 (Timestamp of code signing is before 25 Aug 2015 08:51 UTC.) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-01 | not yet calculated | CVE-2017-10850 CONFIRM JVN |
| N/A -- N/A | Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-01 | not yet calculated | CVE-2017-10851 CONFIRM JVN |
| N/A -- N/A | This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 IOCTL in the bdfwfpf driver. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker could leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4776. | 2017-08-29 | not yet calculated | CVE-2017-10950 BID MISC |
| N/A -- N/A | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4724. | 2017-08-29 | not yet calculated | CVE-2017-10951 BID SECTRACK MISC |
| N/A -- N/A | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs JavaScript function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4518. | 2017-08-29 | not yet calculated | CVE-2017-10952 BID SECTRACK MISC MISC |
| N/A -- N/A | Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 2017-08-30 | not yet calculated | CVE-2017-11157 CONFIRM |
| N/A -- N/A | Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 2017-08-31 | not yet calculated | CVE-2017-11158 CONFIRM |
| N/A -- N/A | diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | 2017-08-29 | not yet calculated | CVE-2017-11455 BID SECTRACK CONFIRM |
| N/A -- N/A | An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All versions < V7.4 SP1), SIMATIC WinCC Runtime Professional (All versions < V14 SP1), SIMATIC NET PC Software, and SIMATIC IT Production Suite. By sending specially crafted packets to the OPC Discovery Server at port 4840/tcp, an attacker might cause the system to access various resources chosen by the attacker. | 2017-08-30 | not yet calculated | CVE-2017-12069 BID CONFIRM CONFIRM |
| N/A -- N/A | NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. | 2017-09-01 | not yet calculated | CVE-2017-12421 CONFIRM |
| N/A -- N/A | NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors. | 2017-08-29 | not yet calculated | CVE-2017-12422 BID CONFIRM |
| N/A -- N/A | NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. | 2017-09-01 | not yet calculated | CVE-2017-12423 CONFIRM |
| N/A -- N/A | The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc. | 2017-08-27 | not yet calculated | CVE-2017-12595 CONFIRM CONFIRM |
| N/A -- N/A | The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | 2017-09-01 | not yet calculated | CVE-2017-12691 CONFIRM |
| N/A -- N/A | The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. | 2017-09-01 | not yet calculated | CVE-2017-12692 CONFIRM |
| N/A -- N/A | The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. | 2017-09-01 | not yet calculated | CVE-2017-12693 CONFIRM |
| N/A -- N/A | An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution. | 2017-08-30 | not yet calculated | CVE-2017-12698 BID MISC |
| N/A -- N/A | An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code. | 2017-08-30 | not yet calculated | CVE-2017-12702 BID MISC |
| N/A -- N/A | A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | 2017-08-30 | not yet calculated | CVE-2017-12706 BID MISC |
| N/A -- N/A | An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash. | 2017-08-30 | not yet calculated | CVE-2017-12708 BID MISC |
| N/A -- N/A | A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. | 2017-08-30 | not yet calculated | CVE-2017-12710 BID MISC |
| N/A -- N/A | An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. | 2017-08-30 | not yet calculated | CVE-2017-12711 BID MISC |
| N/A -- N/A | An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts. | 2017-08-30 | not yet calculated | CVE-2017-12713 BID MISC |
| N/A -- N/A | An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application. | 2017-08-30 | not yet calculated | CVE-2017-12717 BID MISC |
| N/A -- N/A | A vulnerability has been identified in Siemens LOGO! devices before V1.81.2. An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks. | 2017-08-30 | not yet calculated | CVE-2017-12734 BID CONFIRM |
| N/A -- N/A | A vulnerability has been identified in Siemens LOGO! devices. An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic. | 2017-08-30 | not yet calculated | CVE-2017-12735 BID CONFIRM |
| N/A -- N/A | An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. | 2017-08-29 | not yet calculated | CVE-2017-12763 CONFIRM CONFIRM |
| N/A -- N/A | qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. | 2017-08-29 | not yet calculated | CVE-2017-12775 CONFIRM CONFIRM |
| N/A -- N/A | Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow. | 2017-08-29 | not yet calculated | CVE-2017-12797 CONFIRM CONFIRM |
| N/A -- N/A | A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of type 0x0FA4204. The vulnerability is present due to the kernel driver failing to allocate sufficient memory on the kernel heap to contain a user supplied string as such the string is copied into a buffer of constant size (0x1000-bytes) and thus an overflow condition results. Access to the kernel driver is permitted through an obfuscated interface whereby bytes of user supplied message are "authenticated" via an obfuscation routine employing a linear equation. | 2017-08-28 | not yet calculated | CVE-2017-12840 MISC |
| N/A -- N/A | Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. | 2017-08-29 | not yet calculated | CVE-2017-12865 DEBIAN BID MISC CONFIRM |
| N/A -- N/A | The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. | 2017-08-29 | not yet calculated | CVE-2017-12867 CONFIRM |
| N/A -- N/A | The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. | 2017-09-01 | not yet calculated | CVE-2017-12868 CONFIRM CONFIRM |
| N/A -- N/A | The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. | 2017-09-01 | not yet calculated | CVE-2017-12869 CONFIRM |
| N/A -- N/A | SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. | 2017-09-01 | not yet calculated | CVE-2017-12870 CONFIRM |
| N/A -- N/A | The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). | 2017-09-01 | not yet calculated | CVE-2017-12871 CONFIRM CONFIRM |
| N/A -- N/A | The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. | 2017-09-01 | not yet calculated | CVE-2017-12872 CONFIRM |
| N/A -- N/A | SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. | 2017-09-01 | not yet calculated | CVE-2017-12873 CONFIRM CONFIRM |
| N/A -- N/A | The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. | 2017-09-01 | not yet calculated | CVE-2017-12874 CONFIRM |
| N/A -- N/A | QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. | 2017-09-01 | not yet calculated | CVE-2017-13672 MLIST BID CONFIRM MLIST |
| N/A -- N/A | The vga display update in Qemu 2.8.0 through 2.9.0 mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the "cpu_physical_memory_snapshot_get_dirty" function. | 2017-08-29 | not yet calculated | CVE-2017-13673 BID CONFIRM |
| N/A -- N/A | Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. | 2017-09-01 | not yet calculated | CVE-2017-13674 CONFIRM |
| N/A -- N/A | Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd. | 2017-08-27 | not yet calculated | CVE-2017-13707 MISC |
| N/A -- N/A | Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request. | 2017-08-31 | not yet calculated | CVE-2017-13708 MISC |
| N/A -- N/A | In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. | 2017-08-27 | not yet calculated | CVE-2017-13709 CONFIRM CONFIRM |
| N/A -- N/A | Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | 2017-09-01 | not yet calculated | CVE-2017-13711 MLIST BID CONFIRM MLIST |
| N/A -- N/A | The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet. | 2017-08-28 | not yet calculated | CVE-2017-13715 CONFIRM CONFIRM BID CONFIRM |
| N/A -- N/A | A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873. | 2017-08-28 | not yet calculated | CVE-2017-1376 CONFIRM MISC |
| N/A -- N/A | Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. | 2017-08-30 | not yet calculated | CVE-2017-13774 MISC |
| N/A -- N/A | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory traversal attacks for reading arbitrary files via the module/admin_conf/download.php file parameter. | 2017-08-30 | not yet calculated | CVE-2017-13780 MISC |
| N/A -- N/A | ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. | 2017-08-30 | not yet calculated | CVE-2017-14032 CONFIRM CONFIRM CONFIRM CONFIRM |
| N/A -- N/A | NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 2017-09-01 | not yet calculated | CVE-2017-14053 CONFIRM |
| N/A -- N/A | In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop. | 2017-08-31 | not yet calculated | CVE-2017-14054 CONFIRM |
| N/A -- N/A | In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop. | 2017-08-31 | not yet calculated | CVE-2017-14055 CONFIRM |
| N/A -- N/A | In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. | 2017-08-31 | not yet calculated | CVE-2017-14056 CONFIRM |
| N/A -- N/A | In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. | 2017-08-31 | not yet calculated | CVE-2017-14057 CONFIRM |
| N/A -- N/A | In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). | 2017-08-31 | not yet calculated | CVE-2017-14058 CONFIRM |
| N/A -- N/A | In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | 2017-08-31 | not yet calculated | CVE-2017-14059 CONFIRM |
| N/A -- N/A | In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. | 2017-08-31 | not yet calculated | CVE-2017-14060 CONFIRM |
| N/A -- N/A | Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | 2017-08-31 | not yet calculated | CVE-2017-14061 CONFIRM CONFIRM |
| N/A -- N/A | Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | 2017-08-31 | not yet calculated | CVE-2017-14062 CONFIRM CONFIRM |
| N/A -- N/A | Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL. | 2017-08-31 | not yet calculated | CVE-2017-14063 MISC MISC |
| N/A -- N/A | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. | 2017-08-31 | not yet calculated | CVE-2017-14064 MISC MISC MISC |
| N/A -- N/A | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php. | 2017-08-31 | not yet calculated | CVE-2017-14069 MISC |
| N/A -- N/A | Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF. | 2017-08-31 | not yet calculated | CVE-2017-14070 MISC |
| N/A -- N/A | SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id parameter to linksmanage.php in an editlink action. | 2017-08-31 | not yet calculated | CVE-2017-14076 MISC |
| N/A -- N/A | In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. | 2017-09-02 | not yet calculated | CVE-2017-14098 CONFIRM SECTRACK CONFIRM CONFIRM |
| N/A -- N/A | In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well. | 2017-09-02 | not yet calculated | CVE-2017-14099 CONFIRM SECTRACK CONFIRM CONFIRM MISC |
| N/A -- N/A | In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. | 2017-09-02 | not yet calculated | CVE-2017-14100 CONFIRM SECTRACK CONFIRM CONFIRM |
| N/A -- N/A | MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts. | 2017-09-01 | not yet calculated | CVE-2017-14102 MISC MISC |
| N/A -- N/A | The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403. | 2017-09-01 | not yet calculated | CVE-2017-14103 MISC MISC |
| N/A -- N/A | HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface). | 2017-09-01 | not yet calculated | CVE-2017-14105 MISC |
| N/A -- N/A | The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. | 2017-09-01 | not yet calculated | CVE-2017-14106 CONFIRM CONFIRM CONFIRM |
| N/A -- N/A | The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. | 2017-09-01 | not yet calculated | CVE-2017-14107 MISC MISC |
| N/A -- N/A | RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service (communication outage) via crafted RTP packets. | 2017-09-02 | not yet calculated | CVE-2017-14114 MISC |
| N/A -- N/A | IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110. | 2017-08-31 | not yet calculated | CVE-2017-1444 CONFIRM MISC |
| N/A -- N/A | IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170. | 2017-08-30 | not yet calculated | CVE-2017-1445 CONFIRM BID MISC |
| N/A -- N/A | IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128171. | 2017-08-30 | not yet calculated | CVE-2017-1446 CONFIRM BID MISC |
| N/A -- N/A | IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172. | 2017-08-31 | not yet calculated | CVE-2017-1447 CONFIRM MISC |
| N/A -- N/A | IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174. | 2017-08-31 | not yet calculated | CVE-2017-1449 CONFIRM MISC |
| N/A -- N/A | IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177. | 2017-08-31 | not yet calculated | CVE-2017-1450 CONFIRM MISC |
| N/A -- N/A | IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. | 2017-08-28 | not yet calculated | CVE-2017-1489 CONFIRM SECTRACK MISC |
| N/A -- N/A | When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access. | 2017-08-30 | not yet calculated | CVE-2017-3163 MLIST |
| N/A -- N/A | While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then. | 2017-08-28 | not yet calculated | CVE-2017-3735 BID CONFIRM |
| N/A -- N/A | ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. | 2017-08-28 | not yet calculated | CVE-2017-3746 BID CONFIRM |
| N/A -- N/A | An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges. | 2017-08-28 | not yet calculated | CVE-2017-3757 CONFIRM |
| N/A -- N/A | A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. | 2017-09-01 | not yet calculated | CVE-2017-3897 CONFIRM BID |
| N/A -- N/A | A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. | 2017-09-01 | not yet calculated | CVE-2017-3898 CONFIRM |
| N/A -- N/A | The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. | 2017-08-28 | not yet calculated | CVE-2017-6594 SUSE CONFIRM CONFIRM CONFIRM |
| N/A -- N/A | In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. | 2017-08-31 | not yet calculated | CVE-2017-7855 MISC |
| N/A -- N/A | Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. | 2017-08-28 | not yet calculated | CVE-2017-8380 BID CONFIRM GENTOO |
| N/A -- N/A | In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover. | 2017-08-30 | not yet calculated | CVE-2017-9945 BID CONFIRM |
| N/A -- N/A | On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames. | 2017-08-28 | not yet calculated | CVE-2017-9978 MISC FULLDISC MISC EXPLOIT-DB |
| N/A -- N/A | On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS. | 2017-08-28 | not yet calculated | CVE-2017-9979 MISC FULLDISC MISC EXPLOIT-DB |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.