SB17-268: Vulnerability Summary for the Week of September 18, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
corega -- wlr_300_nm_firmware | CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 2017-09-15 | 7.7 | CVE-2017-10813 MISC JVN |
corega -- wlr_300_nm_firmware | Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. | 2017-09-15 | 7.7 | CVE-2017-10814 MISC JVN |
daj -- i-filter_installer | Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-15 | 9.3 | CVE-2017-10858 MISC JVN |
daj -- i-filter_installer | Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-15 | 9.3 | CVE-2017-10859 MISC JVN |
daj -- i-filter_installer | Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | 2017-09-15 | 9.3 | CVE-2017-10860 MISC BID JVN |
fujitsu -- fence-explorer | Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-15 | 9.3 | CVE-2017-10855 MISC JVN |
helpdesk_pro_project -- helpdesk_pro | Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter. | 2017-09-20 | 7.5 | CVE-2015-4073 MISC FULLDISC BID EXPLOIT-DB |
imagemagick -- imagemagick | ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. | 2017-09-17 | 7.1 | CVE-2017-14531 BID CONFIRM |
imagemagick -- imagemagick | ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. | 2017-09-17 | 7.5 | CVE-2017-14532 BID CONFIRM |
imagemagick -- imagemagick | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. | 2017-09-21 | 7.5 | CVE-2017-14624 BID CONFIRM |
imagemagick -- imagemagick | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. | 2017-09-21 | 7.5 | CVE-2017-14625 BID CONFIRM |
imagemagick -- imagemagick | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. | 2017-09-21 | 7.5 | CVE-2017-14626 BID CONFIRM CONFIRM |
linux -- linux_kernel | The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. | 2017-09-15 | 7.2 | CVE-2017-14497 CONFIRM MLIST BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
nexusphp_project -- nexusphp | NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981. | 2017-09-17 | 7.5 | CVE-2017-14512 MISC |
nttdocomo -- wi-fi_station_l-02f_firmware | Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. | 2017-09-15 | 10.0 | CVE-2017-10845 JVN MISC |
polycom -- realpresence_resource_manager | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords. | 2017-09-19 | 7.2 | CVE-2015-4681 FULLDISC BUGTRAQ BID MISC CONFIRM EXPLOIT-DB |
polycom -- realpresence_resource_manager | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | 2017-09-19 | 7.5 | CVE-2015-4683 MISC FULLDISC BUGTRAQ BID CONFIRM EXPLOIT-DB |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco -- cloud_web_security | Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. | 2017-09-19 | 5.0 | CVE-2015-0689 CISCO |
freedesktop -- poppler | In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. | 2017-09-17 | 4.3 | CVE-2017-14517 CONFIRM |
freedesktop -- poppler | In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. | 2017-09-17 | 6.8 | CVE-2017-14518 CONFIRM |
freedesktop -- poppler | In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | 2017-09-17 | 5.0 | CVE-2017-14519 CONFIRM |
freedesktop -- poppler | In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. | 2017-09-17 | 6.8 | CVE-2017-14520 CONFIRM |
gnu -- binutils | The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. | 2017-09-17 | 4.3 | CVE-2017-14529 CONFIRM CONFIRM CONFIRM |
google -- android | Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | 2017-09-15 | 4.6 | CVE-2015-1527 BID CONFIRM MISC |
graphicsmagick -- graphicsmagick | ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference. | 2017-09-17 | 4.3 | CVE-2017-14504 CONFIRM BID CONFIRM CONFIRM |
helpdesk_pro_project -- helpdesk_pro | Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task. | 2017-09-20 | 5.0 | CVE-2015-4074 MISC FULLDISC BID EXPLOIT-DB |
helpdesk_pro_project -- helpdesk_pro | The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task. | 2017-09-20 | 6.8 | CVE-2015-4075 MISC FULLDISC BID EXPLOIT-DB |
huawei -- p8_firmware | Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths. | 2017-09-20 | 4.3 | CVE-2015-8224 CONFIRM |
ibm -- security_identity_manager | Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. | 2017-09-18 | 6.8 | CVE-2014-6106 BID XF CONFIRM |
imagemagick -- imagemagick | DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input. | 2017-09-17 | 4.3 | CVE-2017-14505 BID CONFIRM |
imagemagick -- imagemagick | The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. | 2017-09-17 | 4.3 | CVE-2017-14528 MISC BID MISC |
imagemagick -- imagemagick | ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. | 2017-09-17 | 4.3 | CVE-2017-14533 BID CONFIRM |
imagemagick -- imagemagick | In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | 2017-09-20 | 5.8 | CVE-2017-14607 BID CONFIRM |
irfanview -- irfanview | IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x000000000011d767." | 2017-09-18 | 4.6 | CVE-2017-14539 MISC |
irfanview -- irfanview | IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e." | 2017-09-18 | 4.6 | CVE-2017-14540 MISC |
irfanview -- irfanview | IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4." | 2017-09-18 | 4.6 | CVE-2017-14578 MISC |
joomla -- joomla! | Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. | 2017-09-20 | 5.8 | CVE-2015-5608 BID CONFIRM |
libarchive -- libarchive | An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. | 2017-09-17 | 4.3 | CVE-2017-14501 MISC MISC |
libarchive -- libarchive | read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. | 2017-09-17 | 5.0 | CVE-2017-14502 MISC MISC MISC |
libarchive -- libarchive | libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16. | 2017-09-17 | 4.3 | CVE-2017-14503 MISC MISC |
linux -- linux_kernel | The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR). | 2017-09-20 | 4.9 | CVE-2017-12168 CONFIRM CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel | The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. | 2017-09-15 | 4.9 | CVE-2017-14489 CONFIRM CONFIRM |
magento -- e-commerce | Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1. | 2017-09-20 | 4.3 | CVE-2014-9758 MISC MLIST |
metinfo -- metinfo | Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php. | 2017-09-17 | 5.0 | CVE-2017-14513 MISC |
moodle -- moodle | Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | 2017-09-18 | 4.3 | CVE-2017-12156 BID CONFIRM |
nexusphp_project -- nexusphp | Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. | 2017-09-18 | 4.3 | CVE-2017-14534 MISC |
nttdocomo -- wi-fi_station_l-02f_firmware | Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | 2017-09-15 | 5.0 | CVE-2017-10846 JVN MISC |
openwebif_project -- openwebif | OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access. | 2017-09-17 | 6.8 | CVE-2017-9333 MISC MISC |
polycom -- realpresence_resource_manager | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. | 2017-09-19 | 4.0 | CVE-2015-4682 MISC FULLDISC BUGTRAQ BID CONFIRM EXPLOIT-DB |
polycom -- realpresence_resource_manager | Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager. | 2017-09-19 | 5.5 | CVE-2015-4684 MISC FULLDISC BUGTRAQ BID CONFIRM EXPLOIT-DB |
polycom -- realpresence_resource_manager | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration. | 2017-09-19 | 4.4 | CVE-2015-4685 MISC FULLDISC BUGTRAQ BID CONFIRM EXPLOIT-DB |
pragyan_cms_project -- pragyan_cms | Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | 2017-09-19 | 4.0 | CVE-2017-14600 MISC |
pragyan_cms_project -- pragyan_cms | Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. | 2017-09-19 | 4.0 | CVE-2017-14601 MISC |
pydio -- pydio | Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities." | 2017-09-19 | 4.3 | CVE-2015-3432 BID CONFIRM |
silverstripe -- silverstripe | SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. | 2017-09-15 | 4.3 | CVE-2017-14498 MISC MISC MISC MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .epub file, related to a "Read Access Violation on Block Data Move starting at STDUEPubFile!DllUnregisterServer+0x0000000000010262." | 2017-09-18 | 4.6 | CVE-2017-14542 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335." | 2017-09-18 | 4.6 | CVE-2017-14543 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUEPubFile!DllUnregisterServer+0x000000000003fff1." | 2017-09-18 | 4.6 | CVE-2017-14544 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332." | 2017-09-18 | 4.6 | CVE-2017-14545 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d." | 2017-09-18 | 4.6 | CVE-2017-14546 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a "Read Access Violation starting at STDUMOBIFile!DllUnregisterServer+0x000000000002efc0." | 2017-09-18 | 4.6 | CVE-2017-14547 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000854d." | 2017-09-18 | 4.6 | CVE-2017-14548 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d." | 2017-09-18 | 4.6 | CVE-2017-14549 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000e8b8." | 2017-09-18 | 4.6 | CVE-2017-14550 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2." | 2017-09-18 | 4.6 | CVE-2017-14551 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9." | 2017-09-18 | 4.6 | CVE-2017-14552 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x00000000000085f5." | 2017-09-18 | 4.6 | CVE-2017-14553 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d908." | 2017-09-18 | 4.6 | CVE-2017-14554 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000ec6e." | 2017-09-18 | 4.6 | CVE-2017-14555 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000da27." | 2017-09-18 | 4.6 | CVE-2017-14556 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000dd3f." | 2017-09-18 | 4.6 | CVE-2017-14557 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2." | 2017-09-18 | 4.6 | CVE-2017-14558 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005af2." | 2017-09-18 | 4.6 | CVE-2017-14559 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2." | 2017-09-18 | 4.6 | CVE-2017-14560 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638." | 2017-09-18 | 4.6 | CVE-2017-14561 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d." | 2017-09-18 | 4.6 | CVE-2017-14562 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005311." | 2017-09-18 | 4.6 | CVE-2017-14563 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000028657." | 2017-09-18 | 4.6 | CVE-2017-14564 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000038f2fbf called from image00000000_00400000+0x0000000000240065." | 2017-09-18 | 4.6 | CVE-2017-14565 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x00000000039d76c4 called from Unknown Symbol @ 0x0000000000049d2c." | 2017-09-18 | 4.6 | CVE-2017-14566 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b." | 2017-09-18 | 4.6 | CVE-2017-14567 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x000000000297024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025630." | 2017-09-18 | 4.6 | CVE-2017-14568 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Read Access Violation starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd5." | 2017-09-18 | 4.6 | CVE-2017-14569 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1." | 2017-09-18 | 4.6 | CVE-2017-14570 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706." | 2017-09-18 | 4.6 | CVE-2017-14571 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b." | 2017-09-18 | 4.6 | CVE-2017-14572 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566a." | 2017-09-18 | 4.6 | CVE-2017-14573 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x0000000004940490." | 2017-09-18 | 4.6 | CVE-2017-14574 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566c." | 2017-09-18 | 4.6 | CVE-2017-14575 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281." | 2017-09-18 | 4.6 | CVE-2017-14576 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d." | 2017-09-18 | 4.6 | CVE-2017-14577 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000005b70." | 2017-09-18 | 4.6 | CVE-2017-14579 MISC |
sugarcrm -- sugarcrm | An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits. | 2017-09-17 | 6.5 | CVE-2017-14508 MISC MISC |
sugarcrm -- sugarcrm | An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue. | 2017-09-17 | 6.5 | CVE-2017-14509 MISC MISC |
sugarcrm -- sugarcrm | An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along. | 2017-09-17 | 4.3 | CVE-2017-14510 MISC MISC |
tenda -- w15e_firmware | Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL. | 2017-09-17 | 5.0 | CVE-2017-14514 CONFIRM |
tenda -- w15e_firmware | Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors. | 2017-09-17 | 5.0 | CVE-2017-14515 CONFIRM |
xnview -- xnview | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823." | 2017-09-18 | 4.6 | CVE-2017-14538 MISC |
xnview -- xnview | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e." | 2017-09-18 | 4.6 | CVE-2017-14541 MISC |
xnview -- xnview | XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f." | 2017-09-18 | 4.6 | CVE-2017-14580 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
afterlogic -- aurora | AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain. | 2017-09-19 | 3.5 | CVE-2017-14597 CONFIRM |
helpdesk_pro_project -- helpdesk_pro | Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message. | 2017-09-20 | 3.5 | CVE-2015-4072 MISC FULLDISC BID EXPLOIT-DB |
ibm -- curam_social_program_management | Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 98568. | 2017-09-19 | 3.5 | CVE-2014-6191 CONFIRM BID |
vmware -- vcenter_server | VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. | 2017-09-15 | 3.5 | CVE-2017-4926 BID SECTRACK CONFIRM |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
389_directory_server -- 389_directory_server | 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | 2017-09-19 | not yet calculated | CVE-2015-1854 FEDORA BID REDHAT CONFIRM |
abstrium -- pydio | Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | 2017-09-19 | not yet calculated | CVE-2015-3431 BID CONFIRM |
apache -- http_server | Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c. | 2017-09-18 | not yet calculated | CVE-2017-9798 MISC BID SECTRACK MISC MISC MISC MISC MISC MISC EXPLOIT-DB |
apache -- solr | Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Solr 6.6.1 onwards. | 2017-09-18 | not yet calculated | CVE-2017-9803 MLIST BID |
apache -- struts2 | In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672. | 2017-09-20 | not yet calculated | CVE-2017-9804 CONFIRM BID SECTRACK CONFIRM CISCO |
apache -- struts2 | The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 2017-09-15 | not yet calculated | CVE-2017-9805 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CISCO EXPLOIT-DB |
apache -- struts2 | In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. | 2017-09-20 | not yet calculated | CVE-2016-6795 BID CONFIRM |
apache -- struts2 | In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. | 2017-09-20 | not yet calculated | CVE-2017-12611 CONFIRM BID CONFIRM CONFIRM |
apache -- struts2 | The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload. | 2017-09-20 | not yet calculated | CVE-2017-9793 CONFIRM BID SECTRACK CONFIRM CISCO |
apache -- struts2 | In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. | 2017-09-20 | not yet calculated | CVE-2016-8738 BID CONFIRM |
apache -- tomcat | When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | 2017-09-19 | not yet calculated | CVE-2017-12615 BID SECTRACK MLIST |
apache -- tomcat | When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. | 2017-09-19 | not yet calculated | CVE-2017-12616 BID SECTRACK MLIST |
arm -- trusted_firmware | The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. | 2017-09-20 | not yet calculated | CVE-2017-9607 CONFIRM CONFIRM |
artifex -- mupdf | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. | 2017-09-22 | not yet calculated | CVE-2017-14685 MISC MISC MISC |
artifex -- mupdf | Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. | 2017-09-22 | not yet calculated | CVE-2017-14686 MISC MISC MISC |
artifex -- mupdf | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. | 2017-09-22 | not yet calculated | CVE-2017-14687 MISC MISC MISC |
asp4cms -- aspcms | member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter. | 2017-09-22 | not yet calculated | CVE-2017-14653 MISC |
astaro -- security_gateway | Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. | 2017-09-19 | not yet calculated | CVE-2017-6315 EXPLOIT-DB |
bareos -- bareos | bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | 2017-09-20 | not yet calculated | CVE-2017-14610 MISC |
be126 -- wifi_repeater | On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the telnet and will infect the device with malicious code. | 2017-09-20 | not yet calculated | CVE-2017-8771 MISC |
be126 -- wifi_repeater | On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires (malicious or not). | 2017-09-20 | not yet calculated | CVE-2017-8772 MISC |
be126 -- wifi_repeater | There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter. | 2017-09-20 | not yet calculated | CVE-2017-8770 MISC EXPLOIT-DB |
bento4 -- bento4 | A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | 2017-09-21 | not yet calculated | CVE-2017-14644 MISC |
bento4 -- bento4 | The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0-617 uses an incorrect character data type, leading to a heap-based buffer over-read and application crash in AP4_BytesToUInt32BE in Core/Ap4Utils.h. | 2017-09-21 | not yet calculated | CVE-2017-14643 MISC MISC MISC |
bento4 -- bento4 | A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service. | 2017-09-21 | not yet calculated | CVE-2017-14645 MISC |
bento4 -- bento4 | A NULL pointer dereference was discovered in the AP4_HdlrAtom class in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash in AP4_StdcFileByteStream::ReadPartial in System/StdC/Ap4StdCFileByteStream.cpp, which leads to remote denial of service. | 2017-09-21 | not yet calculated | CVE-2017-14642 MISC MISC MISC |
bento4 -- bento4 | A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | 2017-09-21 | not yet calculated | CVE-2017-14647 MISC |
bento4 -- bento4 | The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp. | 2017-09-21 | not yet calculated | CVE-2017-14646 MISC MISC MISC |
bento4 -- bento4 | A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | 2017-09-21 | not yet calculated | CVE-2017-14640 MISC MISC MISC |
bento4 -- bento4 | AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Bento4 version 1.5.0-617 has missing NULL checks, leading to a NULL pointer dereference, segmentation fault, and application crash in AP4_Atom::SetType in Core/Ap4Atom.h. | 2017-09-21 | not yet calculated | CVE-2017-14638 MISC MISC MISC |
bento4 -- bento4 | A NULL pointer dereference was discovered in the AP4_DataAtom class in MetaData/Ap4MetaData.cpp in Bento4 version 1.5.0-617. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | 2017-09-21 | not yet calculated | CVE-2017-14641 MISC MISC MISC |
bento4 -- bento4 | AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact. | 2017-09-21 | not yet calculated | CVE-2017-14639 MISC MISC MISC |
bladeenc -- bladeenc | A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | 2017-09-21 | not yet calculated | CVE-2017-14648 MISC |
ca -- identity_manager | CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search. | 2017-09-22 | not yet calculated | CVE-2017-9393 BID CONFIRM |
chef_software -- chef | The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages. | 2017-09-21 | not yet calculated | CVE-2015-8559 MLIST CONFIRM |
cisco -- email_securit_appliance | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354. | 2017-09-21 | not yet calculated | CVE-2017-12215 BID SECTRACK CONFIRM |
cisco -- findit_network_discovery_utility | A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCve89785. | 2017-09-21 | not yet calculated | CVE-2017-12252 BID CONFIRM |
cisco -- small_business_managed_switches | A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377. | 2017-09-21 | not yet calculated | CVE-2017-6720 BID CONFIRM |
cisco -- small_business_spa_series_phones | A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586. | 2017-09-21 | not yet calculated | CVE-2017-12219 BID SECTRACK CONFIRM |
cisco -- ucs_central_software | A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this vulnerability by entering a specific command with crafted arguments. An exploit could allow the attacker to gain shell access to the underlying system. Cisco Bug IDs: CSCve70762. | 2017-09-21 | not yet calculated | CVE-2017-12255 BID SECTRACK CONFIRM |
cisco -- unified_customer_voice_portal | A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. This vulnerability affects Cisco Unified Customer Voice Portal (CVP) running software release 10.5, 11.0, or 11.5. Cisco Bug IDs: CSCve92752. | 2017-09-21 | not yet calculated | CVE-2017-12214 BID SECTRACK CONFIRM |
cisco -- unified_intelligence_center_software | A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. The vulnerability is due to insufficient input validation of some parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting the malicious code. An exploit could allow the attacker to execute arbitrary code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856. | 2017-09-21 | not yet calculated | CVE-2017-12254 BID SECTRACK CONFIRM |
cisco -- unified_intelligence_center_software | A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCve76872. | 2017-09-21 | not yet calculated | CVE-2017-12253 BID SECTRACK CONFIRM |
cisco -- unified_intelligence_center_software | A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76835. | 2017-09-21 | not yet calculated | CVE-2017-12248 BID SECTRACK CONFIRM |
cisco -- wide_area_application_services | A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related process to restart, causing a partial denial of service (DoS) condition. The vulnerability is due to lack of input validation of user-supplied input parameters within an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048. | 2017-09-21 | not yet calculated | CVE-2017-12250 BID SECTRACK CONFIRM |
codeigniter -- codeigniter | CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. | 2017-09-19 | not yet calculated | CVE-2014-8686 MISC MISC CONFIRM MISC |
codeigniter_and_kohana -- codeigniter_and_kohana | CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes. | 2017-09-19 | not yet calculated | CVE-2014-8684 MISC FULLDISC CONFIRM MISC |
coreutils -- coreutils | fts.c in coreutils 8.4 allows local users to delete arbitrary files. | 2017-09-20 | not yet calculated | CVE-2015-1865 BID CONFIRM |
cyberlink -- cyberlink_labelprint | Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file. | 2017-09-23 | not yet calculated | CVE-2017-14627 MISC |
d-link_and_trendnet -- d-link_and_trendnet | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | 2017-09-21 | not yet calculated | CVE-2015-1187 MISC MISC FULLDISC CONFIRM BID MISC |
denyall -- waf | DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | 2017-09-22 | not yet calculated | CVE-2017-14706 MISC MISC MISC |
denyall -- waf | DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | 2017-09-22 | not yet calculated | CVE-2017-14705 MISC MISC MISC |
dovecot -- dovecot | The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | 2017-09-19 | not yet calculated | CVE-2015-3420 FEDORA FEDORA FEDORA MLIST MLIST BID CONFIRM MLIST MLIST |
edeploy -- edeploy | eDeploy makes it easier for remote attackers to execute arbitrary code by leveraging use of HTTP to download files. | 2017-09-19 | not yet calculated | CVE-2014-8174 CONFIRM MISC |
ember.js -- ember.js | Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2. | 2017-09-20 | not yet calculated | CVE-2015-1866 MLIST BID CONFIRM |
emc -- vipr_srm | In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call. | 2017-09-21 | not yet calculated | CVE-2017-8007 CONFIRM BID SECTRACK SECTRACK |
emc -- vipr_srm | In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of service (DoS) condition. Attackers with knowledge of JMX agent user credentials could potentially exploit this vulnerability to create arbitrary files on the affected system and create a DoS condition by leveraging inherent JMX protocol capabilities. | 2017-09-21 | not yet calculated | CVE-2017-8012 CONFIRM SECTRACK SECTRACK |
epesi -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. | 2017-09-22 | not yet calculated | CVE-2017-14713 MISC |
epesi -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | 2017-09-22 | not yet calculated | CVE-2017-14712 MISC |
epesi -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | 2017-09-22 | not yet calculated | CVE-2017-14714 MISC |
epesi -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. | 2017-09-22 | not yet calculated | CVE-2017-14716 MISC |
epesi -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | 2017-09-22 | not yet calculated | CVE-2017-14717 MISC |
epesi -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. | 2017-09-22 | not yet calculated | CVE-2017-14715 MISC |
f5 -- multiple_products | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. | 2017-09-18 | not yet calculated | CVE-2017-6147 CONFIRM |
foxit -- foxit_reader | Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f." | 2017-09-22 | not yet calculated | CVE-2017-14694 MISC |
freeipa -- freeipa | FreeIPA might display user data improperly via vectors involving non-printable characters. | 2017-09-20 | not yet calculated | CVE-2015-5179 CONFIRM MISC |
freeipa -- freeipa | ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | 2017-09-21 | not yet calculated | CVE-2015-5284 CONFIRM CONFIRM CONFIRM MLIST |
gnome -- nautilus | GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field. | 2017-09-20 | not yet calculated | CVE-2017-14604 MISC MISC MISC MISC MISC MISC |
go-ldap -- go-ldap | In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind. | 2017-09-20 | not yet calculated | CVE-2017-14623 CONFIRM CONFIRM |
good_technology -- good_fore_enterprise_application | The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application. | 2017-09-20 | not yet calculated | CVE-2015-9232 MISC MISC MISC |
graphicsmagick -- graphicsmagick | ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). | 2017-09-21 | not yet calculated | CVE-2017-14649 MISC BID MISC MISC |
iball -- baton_adsl2+_router | An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi. | 2017-09-17 | not yet calculated | CVE-2017-14244 EXPLOIT-DB MISC |
ibm -- security_siteprotector_system | IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. | 2017-09-20 | not yet calculated | CVE-2015-0162 BID XF CONFIRM |
imagemagick -- imagemagick | A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line. | 2017-09-21 | not yet calculated | CVE-2017-14650 MISC MISC MISC |
imagemagick -- imagemagick | In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file. | 2017-09-21 | not yet calculated | CVE-2017-14684 CONFIRM |
imagemagick -- imagemagick | GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. | 2017-09-21 | not yet calculated | CVE-2017-14682 CONFIRM |
instack-undercloud -- instack-undercloud | A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. | 2017-09-21 | not yet calculated | CVE-2017-7549 BID CONFIRM |
ipython -- ipython | Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path. | 2017-09-21 | not yet calculated | CVE-2015-4706 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
ipython -- ipython | Cross-site request forgery in the REST API in IPython 2 and 3. | 2017-09-20 | not yet calculated | CVE-2015-5607 FEDORA FEDORA MLIST CONFIRM CONFIRM CONFIRM |
ipython -- ipython | Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. | 2017-09-20 | not yet calculated | CVE-2015-4707 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
irfanview -- irfanview | IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613." | 2017-09-22 | not yet calculated | CVE-2017-14693 MISC |
iterm2 -- iterm2 | iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the user being aware. | 2017-09-20 | not yet calculated | CVE-2015-9231 MISC MISC MISC MISC MISC MISC MISC MISC |
joomla! -- joomla! | In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. | 2017-09-20 | not yet calculated | CVE-2017-14595 BID SECTRACK CONFIRM |
joomla! -- joomla! | In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. | 2017-09-20 | not yet calculated | CVE-2017-14596 BID SECTRACK CONFIRM |
kallithea -- kallithea | Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | 2017-09-21 | not yet calculated | CVE-2015-0276 MLIST BID CONFIRM |
kallithea -- kallithea | Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description. | 2017-09-19 | not yet calculated | CVE-2015-1864 MLIST BID CONFIRM CONFIRM |
kaltura -- kaltura | Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php. | 2017-09-19 | not yet calculated | CVE-2017-14142 CONFIRM CONFIRM MISC |
kaltura -- kaltura | The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie. | 2017-09-19 | not yet calculated | CVE-2017-14143 CONFIRM MISC |
kaltura -- kaltura | The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | 2017-09-19 | not yet calculated | CVE-2017-14141 CONFIRM MISC |
kannel -- kannel | The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox. | 2017-09-20 | not yet calculated | CVE-2017-14609 MISC |
landesk -- landesk_management_suite | The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx. | 2017-09-19 | not yet calculated | CVE-2014-5362 MISC BUGTRAQ BID SECTRACK |
lenovo -- lxca | Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. | 2017-09-22 | not yet calculated | CVE-2017-3770 CONFIRM |
lenovo -- lxca | An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2. | 2017-09-22 | not yet calculated | CVE-2017-3763 CONFIRM |
libexif -- libexif | libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. | 2017-09-21 | not yet calculated | CVE-2017-7544 MISC |
libpgf -- libpgf | Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. | 2017-09-20 | not yet calculated | CVE-2015-6673 MLIST MISC MISC MISC MISC MISC |
libraw -- libraw | In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. | 2017-09-20 | not yet calculated | CVE-2017-14608 CONFIRM CONFIRM |
libsndfile -- libsndfile | In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. | 2017-09-21 | not yet calculated | CVE-2017-14634 MISC |
libsndfile -- libsndfile | An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | 2017-09-21 | not yet calculated | CVE-2017-14246 MISC |
libsndfile -- libsndfile | An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | 2017-09-21 | not yet calculated | CVE-2017-14245 MISC |
linux -- linux_kernel | The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | 2017-09-19 | not yet calculated | CVE-2015-7837 REDHAT REDHAT MLIST BID CONFIRM CONFIRM |
linux -- linux_kernel | node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | 2017-09-20 | not yet calculated | CVE-2015-2927 MLIST MISC CONFIRM |
linux -- linux_kernel | The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. | 2017-09-15 | not yet calculated | CVE-2017-14340 CONFIRM CONFIRM CONFIRM BID CONFIRM CONFIRM |
linux -- linux_kernel | A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. | 2017-09-21 | not yet calculated | CVE-2017-12153 CONFIRM BID CONFIRM CONFIRM CONFIRM CONFIRM |
micro_focus -- visibroker | An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | 2017-09-21 | not yet calculated | CVE-2017-9283 MISC |
micro_focus -- visibroker | An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | 2017-09-21 | not yet calculated | CVE-2017-9282 MISC |
micro_focus -- visibroker | An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | 2017-09-21 | not yet calculated | CVE-2017-9281 MISC |
mirasvit -- helpdesk_mx | Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files. | 2017-09-21 | not yet calculated | CVE-2017-14320 MISC |
mirasvit -- helpdesk_mx | Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket. | 2017-09-21 | not yet calculated | CVE-2017-14321 MISC |
mirion_technologies -- telemetry_enabled_device | An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). Decryption of data is possible at the hardware level. | 2017-09-20 | not yet calculated | CVE-2017-9645 BID MISC |
mirion_technologies -- telemetry_enabled_device | A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware. | 2017-09-20 | not yet calculated | CVE-2017-9649 BID MISC |
moodle -- moodle | In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. | 2017-09-18 | not yet calculated | CVE-2017-12157 BID CONFIRM |
my_bb -- tapatalk_plugin | SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC encoded document sent as part of the user registration process. | 2017-09-21 | not yet calculated | CVE-2017-14652 MISC MISC |
netmechanica -- netdecision | The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call. | 2017-09-19 | not yet calculated | CVE-2017-14311 EXPLOIT-DB |
netsweeper -- netsweeper | The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. | 2017-09-19 | not yet calculated | CVE-2014-9618 MISC EXPLOIT-DB |
netsweeper -- netsweeper | Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif. | 2017-09-19 | not yet calculated | CVE-2014-9619 MISC EXPLOIT-DB |
netsweeper -- netsweeper | Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page. | 2017-09-19 | not yet calculated | CVE-2014-9616 MISC |
netsweeper -- netsweeper | Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php. | 2017-09-19 | not yet calculated | CVE-2014-9610 MISC EXPLOIT-DB |
netsweeper -- netsweeper | Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. | 2017-09-19 | not yet calculated | CVE-2014-9611 MISC EXPLOIT-DB |
newsbeuter -- newsbeuter | Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904. | 2017-09-17 | not yet calculated | CVE-2017-14500 MISC MISC MISC MISC |
nodebb -- nodebb | Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | 2017-09-21 | not yet calculated | CVE-2015-3296 MLIST BID CONFIRM |
nvidia -- display_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges. | 2017-09-22 | not yet calculated | CVE-2017-6269 CONFIRM |
nvidia -- display_driver | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. | 2017-09-22 | not yet calculated | CVE-2017-6266 CONFIRM |
nvidia -- display_driver | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. | 2017-09-22 | not yet calculated | CVE-2017-6267 CONFIRM |
nvidia -- display_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service. | 2017-09-22 | not yet calculated | CVE-2017-6270 CONFIRM |
nvidia -- display_driver | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges. | 2017-09-22 | not yet calculated | CVE-2017-6272 CONFIRM |
nvidia -- display_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. | 2017-09-22 | not yet calculated | CVE-2017-6268 CONFIRM |
nvidia -- display_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service. | 2017-09-22 | not yet calculated | CVE-2017-6271 CONFIRM |
nvidia -- display_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. | 2017-09-22 | not yet calculated | CVE-2017-6277 CONFIRM |
openlitespeed -- openlitespeed | Use-after-free vulnerability in Open Litespeed before 1.3.10. | 2017-09-20 | not yet calculated | CVE-2015-3890 MISC |
otrs -- open_ticket_request_system | In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection. | 2017-09-21 | not yet calculated | CVE-2017-14635 CONFIRM |
p3scan -- p3scan | The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan. | 2017-09-21 | not yet calculated | CVE-2017-14681 MISC |
perl -- perl | Buffer overflow in the regular expression parser in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (crash) or leak data from memory via vectors involving use of RExC_parse in the vFAIL macro. | 2017-09-19 | not yet calculated | CVE-2017-12883 CONFIRM BID CONFIRM CONFIRM CONFIRM CONFIRM |
perl -- perl | Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (crash) via a crafted regular expression with the case-insensitive modifier. | 2017-09-19 | not yet calculated | CVE-2017-12837 BID CONFIRM CONFIRM CONFIRM CONFIRM |
phpbb -- phpbb | Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 2017-09-19 | not yet calculated | CVE-2015-3880 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
phpmyfaq -- phpmyfaq | Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module. | 2017-09-20 | not yet calculated | CVE-2017-14619 MISC |
phpmyfaq -- phpmyfaq | Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action. | 2017-09-20 | not yet calculated | CVE-2017-14618 MISC EXPLOIT-DB |
poppler -- poppler | In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. | 2017-09-20 | not yet calculated | CVE-2017-14617 CONFIRM |
portus -- portus | Portus 2.2.0 has XSS via the Team field, related to typeahead. | 2017-09-20 | not yet calculated | CVE-2017-14621 CONFIRM |
proxychains_ng -- proxychains_ng | Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path. | 2017-09-21 | not yet calculated | CVE-2015-3887 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
puppetlabs -- apache | Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. | 2017-09-15 | not yet calculated | CVE-2017-2299 BID CONFIRM |
pure-ftpd -- pure-ftpd | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd. | 2017-09-21 | not yet calculated | CVE-2017-12170 CONFIRM |
qnap_systems -- nas | In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application. | 2017-09-19 | not yet calculated | CVE-2017-10700 CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read. | 2017-09-21 | not yet calculated | CVE-2017-11001 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write. | 2017-09-21 | not yet calculated | CVE-2017-11000 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks. | 2017-09-21 | not yet calculated | CVE-2017-10999 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur. | 2017-09-21 | not yet calculated | CVE-2017-11002 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to. | 2017-09-21 | not yet calculated | CVE-2017-11040 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur. | 2017-09-21 | not yet calculated | CVE-2017-9677 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context switch. | 2017-09-21 | not yet calculated | CVE-2017-8280 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being called more than once, however put_pid being called only once in function "msm_close". | 2017-09-21 | not yet calculated | CVE-2017-8247 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur. | 2017-09-21 | not yet calculated | CVE-2017-8278 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time. | 2017-09-21 | not yet calculated | CVE-2017-8277 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negative. | 2017-09-21 | not yet calculated | CVE-2017-8250 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. | 2017-09-21 | not yet calculated | CVE-2017-8281 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. | 2017-09-21 | not yet calculated | CVE-2017-9720 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another. | 2017-09-21 | not yet calculated | CVE-2017-11041 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle. | 2017-09-21 | not yet calculated | CVE-2017-8251 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. If the buffer length is large enough then the address + length operation could overflow and produce a result far below the valid region. | 2017-09-21 | not yet calculated | CVE-2017-10998 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory. | 2017-09-21 | not yet calculated | CVE-2017-10997 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. | 2017-09-21 | not yet calculated | CVE-2017-9725 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. This error is not fatal, however the device might crash/reboot with memory violation/out of bounds access. | 2017-09-21 | not yet calculated | CVE-2017-10996 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock. | 2017-09-21 | not yet calculated | CVE-2017-9676 BID CONFIRM |
qualcomm -- android_releases | In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address. | 2017-09-21 | not yet calculated | CVE-2017-9724 BID CONFIRM |
red_hat -- feedhenry_enterprise_mobile_application_platform | Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. | 2017-09-20 | not yet calculated | CVE-2015-5248 CONFIRM MISC |
red_hat -- jboss_enterprise_application_platform | AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. | 2017-09-19 | not yet calculated | CVE-2015-1849 CONFIRM CONFIRM CONFIRM CONFIRM |
rockwell_automation -- micrologix_1100_controllers | An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition. | 2017-09-20 | not yet calculated | CVE-2017-7924 BID MISC |
ruby -- ruby | Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. | 2017-09-15 | not yet calculated | CVE-2017-0898 BID SECTRACK MISC MISC MISC |
ruby -- ruby | The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. | 2017-09-19 | not yet calculated | CVE-2017-14033 BID SECTRACK CONFIRM CONFIRM CONFIRM |
ruby -- ruby | The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. | 2017-09-19 | not yet calculated | CVE-2017-10784 BID SECTRACK CONFIRM CONFIRM CONFIRM |
sam2p -- sam2p | In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp. | 2017-09-21 | not yet calculated | CVE-2017-14628 MISC |
sam2p -- sam2p | Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element. | 2017-09-22 | not yet calculated | CVE-2017-14636 MISC |
sam2p -- sam2p | In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. | 2017-09-21 | not yet calculated | CVE-2017-14629 MISC |
sam2p -- sam2p | In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integer signedness error leading to a heap-based buffer overflow. | 2017-09-21 | not yet calculated | CVE-2017-14631 MISC |
sam2p -- sam2p | In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation. | 2017-09-21 | not yet calculated | CVE-2017-14630 MISC |
sam2p -- sam2p | In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address. | 2017-09-22 | not yet calculated | CVE-2017-14637 MISC |
sap -- e-recruiting | An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798. | 2017-09-17 | not yet calculated | CVE-2017-14511 MISC MISC MISC |
sap -- netweaver_as_java | The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181. | 2017-09-19 | not yet calculated | CVE-2017-14581 MISC |
sogo -- sogo | Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. | 2017-09-20 | not yet calculated | CVE-2015-5395 MLIST CONFIRM MISC MISC CONFIRM |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917." | 2017-09-22 | not yet calculated | CVE-2017-14688 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a." | 2017-09-22 | not yet calculated | CVE-2017-14691 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7." | 2017-09-22 | not yet calculated | CVE-2017-14690 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e." | 2017-09-22 | not yet calculated | CVE-2017-14689 MISC |
stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b." | 2017-09-22 | not yet calculated | CVE-2017-14692 MISC |
tecnovision -- dlx_spot_player4 | Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | 2017-09-21 | not yet calculated | CVE-2017-12929 MISC |
tecnovision -- dlx_spot_player4 | A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials. | 2017-09-21 | not yet calculated | CVE-2017-12928 MISC |
tecnovision -- dlx_spot_player4 | SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password. | 2017-09-21 | not yet calculated | CVE-2017-12930 MISC |
tor_project -- tor | The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit. | 2017-09-18 | not yet calculated | CVE-2017-0380 CONFIRM CONFIRM |
trend_micro -- mobile_security | Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 2017-09-22 | not yet calculated | CVE-2017-14081 MISC MISC CONFIRM |
trend_micro -- mobile_security | SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 2017-09-22 | not yet calculated | CVE-2017-14078 MISC CONFIRM |
trend_micro -- mobile_security | Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | 2017-09-22 | not yet calculated | CVE-2017-14080 MISC CONFIRM |
trend_micro -- mobile_security | Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 2017-09-22 | not yet calculated | CVE-2017-14079 MISC MISC MISC MISC CONFIRM |
trend_micro -- smart_protection_server | Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. | 2017-09-22 | not yet calculated | CVE-2017-11395 MISC BID CONFIRM |
trend_micro -- web_security_virtual_appliance | Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | 2017-09-22 | not yet calculated | CVE-2017-11396 CONFIRM |
twitter -- twitter_ios_client | The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. | 2017-09-18 | not yet calculated | CVE-2016-10511 BID MISC |
ubuntu -- ubuntu | Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | 2017-09-20 | not yet calculated | CVE-2015-1329 CONFIRM BID UBUNTU |
utstarcom -- wa3002g4_adsl_ modem | An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi. | 2017-09-17 | not yet calculated | CVE-2017-14243 EXPLOIT-DB MISC |
vbulletin_solutions -- vbulletin | vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. | 2017-09-19 | not yet calculated | CVE-2015-3419 MLIST CONFIRM |
watchguard -- fireware | An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the context of any logged in user in the Web UI visiting "Traffic Monitor" sections "Events" and "All." As a side effect, no further events will be visible in the Traffic Monitor until the device is restarted. | 2017-09-20 | not yet calculated | CVE-2017-14615 MISC MISC MISC |
watchguard -- fireware | An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing the failed login attempts, UI management of the device becomes impossible. | 2017-09-20 | not yet calculated | CVE-2017-14616 MISC MISC |
weechat -- weechat | logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. | 2017-09-23 | not yet calculated | CVE-2017-14727 CONFIRM CONFIRM CONFIRM |
wordpress -- wordpress | Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | 2017-09-23 | not yet calculated | CVE-2017-14722 MISC MISC |
wordpress -- wordpress | Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. | 2017-09-23 | not yet calculated | CVE-2017-14718 MISC MISC |
wordpress -- wordpress | WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information. | 2017-09-20 | not yet calculated | CVE-2015-2826 MISC FULLDISC MISC BUGTRAQ BID EXPLOIT-DB |
wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order. | 2017-09-19 | not yet calculated | CVE-2015-3299 MLIST BID CONFIRM |
wordpress -- wordpress | Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page. | 2017-09-19 | not yet calculated | CVE-2015-4089 MLIST CONFIRM |
wordpress -- wordpress | Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | 2017-09-23 | not yet calculated | CVE-2017-14719 MISC MISC |
wordpress -- wordpress | Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. | 2017-09-23 | not yet calculated | CVE-2017-14720 MISC MISC |
wordpress -- wordpress | Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | 2017-09-23 | not yet calculated | CVE-2017-14725 MISC MISC |
wordpress -- wordpress | Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. | 2017-09-23 | not yet calculated | CVE-2017-14726 MISC MISC |
wordpress -- wordpress | Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | 2017-09-23 | not yet calculated | CVE-2017-14724 MISC MISC |
wordpress -- wordpress | Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | 2017-09-23 | not yet calculated | CVE-2017-14723 MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. | 2017-09-23 | not yet calculated | CVE-2017-14721 MISC MISC |
wordpress -- wordpress | WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences. | 2017-09-17 | not yet calculated | CVE-2017-14530 MISC MISC |
ws02 -- data_analytics_server | WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. | 2017-09-21 | not yet calculated | CVE-2017-14651 MISC MISC |
xiph.org -- vorbis | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). | 2017-09-21 | not yet calculated | CVE-2017-14633 MISC |
xiph.org -- vorbis | The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted mp4 file. | 2017-09-21 | not yet calculated | CVE-2017-14160 MISC |
xiph.org -- vorbis | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | 2017-09-21 | not yet calculated | CVE-2017-14632 MISC |
yadifa -- yadifa | The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive. | 2017-09-20 | not yet calculated | CVE-2017-14339 CONFIRM MISC |
zcms -- javaserver_pages_content_management_system | Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1. | 2017-09-20 | not yet calculated | CVE-2015-7347 MISC EXPLOIT-DB |
zkteco -- zktime_web | ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document. | 2017-09-21 | not yet calculated | CVE-2017-14680 MISC MISC |
zte -- zxr10_1800-2s_routers | The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized actor, resulting in ordinary users being able to download configuration files to steal information like administrator accounts and passwords. | 2017-09-19 | not yet calculated | CVE-2017-10930 MISC |
zte -- zxr10_1800-2s_routers | The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. | 2017-09-19 | not yet calculated | CVE-2017-10931 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2y3FDLN