Vulnerability Summary for the Week of September 25, 2017
Released
Oct 08, 2017
Document ID
SB17-281
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- activemq | The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies. | 2017-09-25 | 7.5 | CVE-2015-5183 CONFIRM |
| apache -- activemq | The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact. | 2017-09-25 | 7.5 | CVE-2015-5184 CONFIRM |
| cashbackcomparisonscript -- cash_back_comparison | SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | 2017-09-26 | 7.5 | CVE-2017-14703 EXPLOIT-DB |
| cisco -- ios | A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217. | 2017-09-28 | 7.8 | CVE-2017-12231 BID SECTRACK CONFIRM |
| cisco -- ios | Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334. | 2017-09-28 | 7.8 | CVE-2017-12233 BID SECTRACK CONFIRM |
| cisco -- ios | Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709. | 2017-09-28 | 7.8 | CVE-2017-12234 BID SECTRACK CONFIRM |
| cisco -- ios | A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179. | 2017-09-28 | 7.8 | CVE-2017-12235 BID SECTRACK CONFIRM |
| cisco -- ios | The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959. | 2017-09-28 | 10.0 | CVE-2017-12240 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| cisco -- ios_xe | A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device. This vulnerability affects the following Cisco products if they are running Cisco IOS XE Software Release 3.7.0E, 3.7.1E, 3.7.2E, 3.7.3E, 3.7.4E, or 3.7.5E: Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, Cisco New Generation Wireless Controllers (NGWC) 3850. Cisco Bug IDs: CSCvd73746. | 2017-09-28 | 9.0 | CVE-2017-12226 BID SECTRACK SECTRACK CONFIRM |
| cisco -- ios_xe | A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuz46036. | 2017-09-28 | 10.0 | CVE-2017-12229 BID SECTRACK CONFIRM |
| cisco -- ios_xe | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062. | 2017-09-28 | 9.0 | CVE-2017-12230 BID SECTRACK CONFIRM |
| cisco -- ios_xe | A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008. | 2017-09-28 | 7.5 | CVE-2017-12236 BID SECTRACK CONFIRM |
| cisco -- ios_xe | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277. | 2017-09-28 | 7.8 | CVE-2017-12237 BID SECTRACK CONFIRM |
| cisco -- ios_xe | A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132. | 2017-09-28 | 7.2 | CVE-2017-12239 BID SECTRACK SECTRACK CONFIRM |
| denyall -- i-suite | DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | 2017-09-22 | 9.3 | CVE-2017-14705 MISC MISC MISC |
| denyall -- i-suite | DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | 2017-09-22 | 7.5 | CVE-2017-14706 MISC MISC MISC |
| devscripts_devel_team -- devscripts | scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | 2017-09-25 | 7.2 | CVE-2015-5704 FEDORA FEDORA MLIST BID CONFIRM CONFIRM CONFIRM |
| elasticsearch -- logstash | The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | 2017-09-25 | 7.2 | CVE-2017-14730 CONFIRM CONFIRM CONFIRM CONFIRM |
| ersdata -- ers_data_system | ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization. | 2017-09-29 | 7.5 | CVE-2017-14702 MISC EXPLOIT-DB |
| eventespresso -- event_espresso_lite | SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. | 2017-09-27 | 7.5 | CVE-2017-14760 MISC |
| freedesktop -- systemd | Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. | 2017-09-25 | 7.5 | CVE-2015-7510 CONFIRM CONFIRM CONFIRM |
| gnu -- binutils | Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | 2017-09-29 | 7.1 | CVE-2017-14930 CONFIRM |
| google -- android | The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | 2017-09-27 | 7.1 | CVE-2015-1526 BID MISC |
| google -- android | Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. | 2017-09-27 | 9.3 | CVE-2015-1537 BID CONFIRM MISC |
| hp -- application_performance_management | A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | 2017-09-29 | 10.0 | CVE-2017-14350 BID MISC CONFIRM |
| hp -- bsm_platform_application_performance_management_system_health | A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | 2017-09-29 | 9.0 | CVE-2017-13982 MISC CONFIRM AUSCERT |
| hp -- bsm_platform_application_performance_management_system_health | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | 2017-09-29 | 10.0 | CVE-2017-13983 MISC CONFIRM AUSCERT |
| hp -- ucmdb_configuration_manager | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. | 2017-09-29 | 7.5 | CVE-2017-14351 CONFIRM |
| huawei -- uap2105_firmware | Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. | 2017-09-25 | 7.2 | CVE-2015-6592 BID CONFIRM |
| ibm -- security_identity_governance_and_intelligence | IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394. | 2017-09-27 | 9.0 | CVE-2017-1407 CONFIRM BID MISC |
| ibm -- security_identity_governance_and_intelligence | IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621. | 2017-09-27 | 7.5 | CVE-2017-1483 CONFIRM BID MISC |
| inspire_ircd -- inspircd | inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836. | 2017-09-25 | 7.5 | CVE-2012-6696 DEBIAN MLIST CONFIRM |
| manageengine -- desktop_central | The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | 2017-09-27 | 10.0 | CVE-2015-8249 MISC MISC MISC EXPLOIT-DB |
| nvidia -- gpu_driver | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges. | 2017-09-22 | 7.2 | CVE-2017-6272 CONFIRM BID |
| perl -- perl | Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. | 2017-09-27 | 7.5 | CVE-2017-12814 BID CONFIRM CONFIRM CONFIRM |
| saltstack -- salt | Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | 2017-09-26 | 9.0 | CVE-2017-5200 CONFIRM CONFIRM CONFIRM |
| support_ticket_system_project -- support_ticket_system | Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter. | 2017-09-26 | 7.5 | CVE-2015-7670 BUGTRAQ CONFIRM MISC |
| testlink -- testlink | SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. | 2017-09-26 | 7.5 | CVE-2015-7390 BUGTRAQ |
| vebto -- pixie_image_editor | Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | 2017-09-25 | 7.5 | CVE-2017-12905 FULLDISC |
| wordpress -- wordpress | Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | 2017-09-23 | 7.5 | CVE-2017-14723 BID MISC MISC MISC MISC MISC MISC MISC |
| wpdevart -- responsive_image_gallery_gallery_album | SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | 2017-09-25 | 7.5 | CVE-2017-14125 FULLDISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ana -- all_nippon_airways | ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | 2017-09-25 | 4.3 | CVE-2015-5666 JVN JVNDB BID |
| antisamy_project -- antisamy | OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. | 2017-09-25 | 4.3 | CVE-2017-14735 CONFIRM |
| apache -- activemq | Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | 2017-09-25 | 6.8 | CVE-2015-5182 CONFIRM |
| apache -- geode | When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view. | 2017-09-29 | 4.0 | CVE-2017-9794 MLIST |
| artifex -- gsview | Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068." | 2017-09-29 | 6.8 | CVE-2017-14945 CONFIRM |
| artifex -- gsview | Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e." | 2017-09-29 | 6.8 | CVE-2017-14946 CONFIRM |
| artifex -- gsview | Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359." | 2017-09-29 | 6.8 | CVE-2017-14947 CONFIRM |
| asp4cms -- aspcms | member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. | 2017-09-22 | 4.0 | CVE-2017-14653 MISC |
| baidu -- ueditor | UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | 2017-09-26 | 4.3 | CVE-2017-14744 MISC |
| ca -- identity_manager | CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | 2017-09-22 | 5.0 | CVE-2017-9393 BID CONFIRM |
| cfpaypal -- cp_contact_form_with_paypal | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | 2017-09-29 | 6.8 | CVE-2015-9233 MISC MISC MISC |
| cfpaypal -- cp_contact_form_with_paypal | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | 2017-09-29 | 6.5 | CVE-2015-9234 MISC MISC MISC |
| cisco -- ios | Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). | 2017-09-25 | 4.9 | CVE-2010-3049 CISCO |
| cisco -- ios | Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). | 2017-09-25 | 6.8 | CVE-2010-3050 CISCO |
| cisco -- ios | The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. | 2017-09-25 | 4.3 | CVE-2011-4667 CISCO CISCO |
| cisco -- ios | A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809. | 2017-09-28 | 6.1 | CVE-2017-12232 BID SECTRACK CONFIRM |
| cisco -- ios_xe | A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069. | 2017-09-28 | 6.1 | CVE-2017-12222 BID SECTRACK CONFIRM |
| cisco -- ios_xe | A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171. | 2017-09-28 | 4.3 | CVE-2017-12228 BID SECTRACK CONFIRM |
| comicsmart -- ganma! | GANMA! App for iOS does not verify SSL certificates. | 2017-09-25 | 4.3 | CVE-2015-7785 JVN JVNDB |
| cyberlink -- labelprint | Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file. | 2017-09-23 | 6.8 | CVE-2017-14627 MISC EXPLOIT-DB |
| dasinfomedia -- annual_maintenance_contract_management_system | Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | 2017-09-27 | 4.0 | CVE-2017-14841 EXPLOIT-DB |
| dasinfomedia -- hospital_management_system | Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | 2017-09-27 | 6.5 | CVE-2017-14846 EXPLOIT-DB |
| dasinfomedia -- school_management_system | Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | 2017-09-27 | 6.5 | CVE-2017-14843 EXPLOIT-DB |
| dasinfomedia -- smsmaster_multipurpose_sms_gateway | Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | 2017-09-27 | 6.5 | CVE-2017-14842 EXPLOIT-DB |
| dasinfomedia -- wpams_apartment_management_system | Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. | 2017-09-27 | 6.5 | CVE-2017-14847 EXPLOIT-DB |
| dasinfomedia -- wpchurch_church_management_system | Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | 2017-09-27 | 6.5 | CVE-2017-14845 EXPLOIT-DB |
| dasinfomedia -- wpgym_gym_management_system | Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | 2017-09-27 | 6.5 | CVE-2017-14844 EXPLOIT-DB |
| egroupware -- egroupware | Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. | 2017-09-29 | 4.3 | CVE-2017-14920 MISC MISC |
| exiv2 -- exiv2 | In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack. | 2017-09-28 | 4.3 | CVE-2017-14857 MISC |
| exiv2 -- exiv2 | There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | 2017-09-28 | 4.3 | CVE-2017-14858 MISC |
| exiv2 -- exiv2 | An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2017-09-28 | 4.3 | CVE-2017-14859 MISC |
| exiv2 -- exiv2 | There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | 2017-09-28 | 4.3 | CVE-2017-14860 MISC |
| exiv2 -- exiv2 | There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | 2017-09-28 | 4.3 | CVE-2017-14861 MISC |
| exiv2 -- exiv2 | An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2017-09-28 | 4.3 | CVE-2017-14862 MISC |
| exiv2 -- exiv2 | A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2017-09-28 | 4.3 | CVE-2017-14863 MISC |
| exiv2 -- exiv2 | An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2017-09-28 | 4.3 | CVE-2017-14864 MISC |
| exiv2 -- exiv2 | There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | 2017-09-28 | 4.3 | CVE-2017-14865 MISC |
| exiv2 -- exiv2 | There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | 2017-09-28 | 4.3 | CVE-2017-14866 MISC |
| ffmpeg -- ffmpeg | The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | 2017-09-27 | 6.8 | CVE-2017-14767 BID CONFIRM |
| foxitsoftware -- foxit_reader | Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f." | 2017-09-22 | 4.6 | CVE-2017-14694 BID MISC |
| freedesktop -- poppler | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. | 2017-09-29 | 4.3 | CVE-2017-14926 CONFIRM |
| freedesktop -- poppler | In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | 2017-09-29 | 4.3 | CVE-2017-14927 CONFIRM |
| freedesktop -- poppler | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. | 2017-09-29 | 4.3 | CVE-2017-14928 CONFIRM |
| freedesktop -- poppler | In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | 2017-09-29 | 5.0 | CVE-2017-14929 CONFIRM |
| gnu -- binutils | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | 2017-09-29 | 4.3 | CVE-2017-14932 CONFIRM CONFIRM |
| gnu -- binutils | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | 2017-09-29 | 4.3 | CVE-2017-14933 CONFIRM CONFIRM CONFIRM |
| gnu -- binutils | process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | 2017-09-29 | 4.3 | CVE-2017-14934 CONFIRM CONFIRM |
| gnu -- binutils | _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. | 2017-09-29 | 4.3 | CVE-2017-14938 MISC MISC MISC |
| gnu -- binutils | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. | 2017-09-29 | 4.3 | CVE-2017-14939 MISC MISC MISC |
| gnu -- binutils | scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. | 2017-09-29 | 4.3 | CVE-2017-14940 MISC MISC MISC |
| google -- protobuf | protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. | 2017-09-25 | 6.5 | CVE-2015-5237 MLIST CONFIRM CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | 2017-09-29 | 4.3 | CVE-2017-13986 BID CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | 2017-09-29 | 4.0 | CVE-2017-13987 BID CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function. | 2017-09-29 | 4.0 | CVE-2017-13988 BID CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | 2017-09-29 | 5.5 | CVE-2017-13989 BID CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | 2017-09-29 | 5.0 | CVE-2017-13990 BID CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | 2017-09-29 | 5.0 | CVE-2017-13991 BID CONFIRM |
| hp -- bsm_platform_application_performance_management_system_health | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. | 2017-09-29 | 5.5 | CVE-2017-13984 MISC CONFIRM AUSCERT |
| hp -- bsm_platform_application_performance_management_system_health | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | 2017-09-29 | 4.0 | CVE-2017-13985 MISC CONFIRM AUSCERT |
| hp -- ucmdb_configuration_manager | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | 2017-09-29 | 4.3 | CVE-2017-14352 BID CONFIRM |
| ibm -- api_connect | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291. | 2017-09-25 | 5.8 | CVE-2017-1551 CONFIRM MISC |
| ibm -- api_connect | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. | 2017-09-25 | 4.0 | CVE-2017-1555 CONFIRM BID MISC |
| ibm -- datapower_gateway | IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132368. | 2017-09-27 | 4.3 | CVE-2017-1591 CONFIRM BID MISC |
| ibm -- websphere_portal | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. | 2017-09-27 | 5.0 | CVE-2017-1577 CONFIRM BID SECTRACK MISC |
| intensewp -- wp_jobs | The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | 2017-09-26 | 4.3 | CVE-2017-14751 MISC BID MISC |
| jerryscript -- jerryscript | JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data. | 2017-09-26 | 6.8 | CVE-2017-14749 MISC |
| jsoup -- jsoup | Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | 2017-09-25 | 4.3 | CVE-2015-6748 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| kde -- kmail | KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | 2017-09-27 | 4.3 | CVE-2014-8878 MLIST BID CONFIRM CONFIRM |
| lenovo -- xclarity_administrator | Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. | 2017-09-22 | 6.5 | CVE-2017-3770 CONFIRM |
| libbpg_project -- libbpg | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg. | 2017-09-27 | 6.8 | CVE-2017-14795 MISC |
| libbpg_project -- libbpg | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg. | 2017-09-27 | 6.8 | CVE-2017-14796 MISC |
| linux -- linux_kernel | Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. | 2017-09-25 | 4.0 | CVE-2015-5327 MLIST CONFIRM CONFIRM |
| mahara -- mahara | Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account. | 2017-09-25 | 4.3 | CVE-2017-9551 CONFIRM CONFIRM |
| mapsplugin -- googlemaps | The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428. | 2017-09-27 | 4.3 | CVE-2014-9686 FULLDISC MISC MLIST |
| norton -- remove_&_reinstall | Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability. | 2017-09-27 | 4.4 | CVE-2017-13676 BID CONFIRM |
| openexif_project -- openexif | ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file. | 2017-09-29 | 4.3 | CVE-2017-14931 MISC MISC |
| opentext -- documentum_administrator | Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | 2017-09-27 | 5.8 | CVE-2017-14524 FULLDISC CONFIRM |
| opentext -- documentum_administrator | Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | 2017-09-27 | 5.8 | CVE-2017-14525 FULLDISC CONFIRM |
| opentext -- documentum_administrator | Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. | 2017-09-27 | 6.5 | CVE-2017-14526 FULLDISC CONFIRM |
| plone -- plone | Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | 2017-09-25 | 6.8 | CVE-2015-7293 MISC CONFIRM CONFIRM EXPLOIT-DB |
| plone -- plone | Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator. | 2017-09-25 | 4.3 | CVE-2015-7315 MLIST CONFIRM CONFIRM CONFIRM |
| plone -- plone | Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. | 2017-09-25 | 4.3 | CVE-2015-7316 MLIST CONFIRM MISC CONFIRM |
| plone -- plone | Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. | 2017-09-25 | 4.9 | CVE-2015-7317 MLIST CONFIRM CONFIRM CONFIRM |
| plone -- plone | Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. | 2017-09-25 | 5.0 | CVE-2015-7318 MLIST CONFIRM CONFIRM CONFIRM |
| pulpproject -- pulp | pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | 2017-09-25 | 6.8 | CVE-2015-5263 MISC MLIST CONFIRM CONFIRM |
| pulsesecure -- pulse_one_on-premise | Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. | 2017-09-29 | 5.0 | CVE-2017-14935 CONFIRM |
| saltstack -- salt | When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | 2017-09-26 | 6.5 | CVE-2017-5192 CONFIRM CONFIRM CONFIRM |
| sap -- enterprise_portal | Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | 2017-09-28 | 4.3 | CVE-2017-10701 BID BID BID BID MISC |
| schneider-electric -- citect_anywhere | A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes. | 2017-09-25 | 5.2 | CVE-2017-7972 CONFIRM BID CONFIRM |
| stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917." | 2017-09-22 | 4.6 | CVE-2017-14688 MISC |
| stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b." | 2017-09-22 | 4.6 | CVE-2017-14692 MISC |
| tcpdump -- tcpdump | print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). | 2017-09-27 | 5.0 | CVE-2015-3138 SUSE CONFIRM CONFIRM CONFIRM |
| teamworktec -- job_links | TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | 2017-09-27 | 6.5 | CVE-2017-14838 EXPLOIT-DB |
| teamworktec -- photo_fusion | TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | 2017-09-27 | 6.5 | CVE-2017-14839 EXPLOIT-DB |
| teamworktec -- ticketplus | TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | 2017-09-27 | 6.5 | CVE-2017-14840 EXPLOIT-DB |
| testlink -- testlink | Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php. | 2017-09-26 | 4.3 | CVE-2015-7391 BUGTRAQ |
| tiki -- tikiwiki_cms/groupware | Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. | 2017-09-29 | 6.0 | CVE-2017-14924 MISC MISC MISC |
| tiki -- tikiwiki_cms/groupware | Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site. | 2017-09-29 | 6.0 | CVE-2017-14925 MISC MISC MISC |
| vasco -- digipass | Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter. | 2017-09-27 | 4.3 | CVE-2015-7349 MISC CONFIRM CONFIRM |
| wordpress -- wordpress | Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | 2017-09-23 | 4.9 | CVE-2017-14725 BID MISC MISC MISC |
| zkteco -- zktime_web | Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens. | 2017-09-26 | 6.0 | CVE-2017-13129 BUGTRAQ FULLDISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| blizzard -- overwatch | Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match. | 2017-09-26 | 3.5 | CVE-2017-14748 BID MISC MISC |
| cisco -- ios | A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927. | 2017-09-28 | 3.3 | CVE-2017-12238 BID SECTRACK CONFIRM |
| eyesofnetwork -- eonweb | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php. | 2017-09-26 | 3.5 | CVE-2017-14753 BID MISC |
| ibm -- business_process_manager | IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478. | 2017-09-26 | 3.5 | CVE-2017-1425 CONFIRM BID MISC |
| lenovo -- xclarity_administrator | An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. | 2017-09-22 | 2.1 | CVE-2017-3763 CONFIRM |
| octobercms -- october | Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | 2017-09-27 | 3.5 | CVE-2015-5613 MLIST CONFIRM CONFIRM |
| php-fusion -- php-fusion | Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | 2017-09-25 | 3.5 | CVE-2015-8375 MISC MLIST CONFIRM CONFIRM |
| redhat -- jboss_a-mq | The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | 2017-09-25 | 3.5 | CVE-2015-5181 REDHAT CONFIRM REDHAT |
| telaxius -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | 2017-09-22 | 3.5 | CVE-2017-14712 MISC EXPLOIT-DB |
| telaxius -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | 2017-09-22 | 3.5 | CVE-2017-14717 MISC EXPLOIT-DB |
| tine20 -- tine_2.0 | Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 2017-09-29 | 3.5 | CVE-2017-14921 MISC MISC MISC MISC MISC |
| tine20 -- tine_2.0 | Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 2017-09-29 | 3.5 | CVE-2017-14922 MISC MISC MISC MISC MISC |
| tine20 -- tine_2.0 | Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 2017-09-29 | 3.5 | CVE-2017-14923 MISC MISC MISC MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| N/A -- N/A | Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | 2017-09-30 | not yet calculated | CVE-2017-14797 MISC |
| N/A -- N/A | Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | 2017-09-27 | not yet calculated | CVE-2017-14849 BID CONFIRM CONFIRM |
| N/A -- N/A | Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. | 2017-09-28 | not yet calculated | CVE-2017-14867 CONFIRM BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| N/A -- N/A | FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | 2017-09-29 | not yet calculated | CVE-2017-14738 MISC MISC EXPLOIT-DB |
| N/A -- N/A | SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | 2017-09-29 | not yet calculated | CVE-2017-14620 MISC EXPLOIT-DB |
| N/A -- N/A | An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | 2017-09-29 | not yet calculated | CVE-2017-14349 BID CONFIRM AUSCERT |
| N/A -- N/A | Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php. | 2017-09-28 | not yet calculated | CVE-2017-14507 MISC EXPLOIT-DB |
| N/A -- N/A | The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. | 2017-09-29 | not yet calculated | CVE-2017-14582 BID MISC |
| N/A -- N/A | ** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern. | 2017-09-27 | not yet calculated | CVE-2017-11191 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.