SB17-289: Vulnerability Summary for the Week of October 9, 2017
Original release date: October 16, 2017
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://ift.tt/2gmJwUQ
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| phpbugtracker_project -- phpbugtracker | Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. | 2017-10-06 | 7.5 | CVE-2015-2146 MLIST CONFIRM |
| phpbugtracker_project -- phpbugtracker | Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 2017-10-06 | 7.5 | CVE-2015-2147 MISC MLIST |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cozmoslabs -- profile_builder | Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter. | 2017-10-06 | 4.3 | CVE-2014-8492 MISC MISC |
| docker -- docker | Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. | 2017-10-06 | 4.6 | CVE-2014-0047 MLIST BID CONFIRM |
| formget -- easy_contact_form_solution | Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php. | 2017-10-06 | 4.3 | CVE-2014-7240 MISC MISC |
| intelliants -- subrion_cms | There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. | 2017-10-06 | 6.8 | CVE-2017-15063 MISC |
| lame_project -- lame | LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. | 2017-10-06 | 4.3 | CVE-2017-15045 MISC |
| lame_project -- lame | LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. | 2017-10-06 | 4.3 | CVE-2017-15046 MISC |
| libcsoap_project -- libcsoap | nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header. | 2017-10-06 | 5.0 | CVE-2015-2297 MLIST |
| phpbugtracker_project -- phpbugtracker | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php. | 2017-10-06 | 6.0 | CVE-2015-2142 MLIST CONFIRM |
| phpbugtracker_project -- phpbugtracker | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters. | 2017-10-06 | 6.8 | CVE-2015-2143 MLIST |
| qnap -- qts_helpdesk | QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack. | 2017-10-06 | 5.0 | CVE-2017-13068 MISC |
| rapid7 -- metasploit | The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | 2017-10-06 | 4.3 | CVE-2017-15084 CONFIRM |
| tech-banker -- gallery_bank | Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php. | 2017-10-06 | 4.3 | CVE-2014-8758 MISC MISC |
| wpmudev -- smush_image_compression_and_optimization | The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | 2017-10-06 | 5.0 | CVE-2017-15079 CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| openkm -- openkm | Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. | 2017-10-06 | 3.5 | CVE-2014-8957 MISC BID MISC |
| phpbugtracker_project -- phpbugtracker | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php. | 2017-10-06 | 3.5 | CVE-2015-2144 MLIST CONFIRM |
| phpbugtracker_project -- phpbugtracker | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2017-10-06 | 3.5 | CVE-2015-2145 MLIST |
| phpbugtracker_project -- phpbugtracker | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2017-10-06 | 3.5 | CVE-2015-2148 MLIST |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accellion -- file_transfer_appliance | Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie. | 2017-10-10 | not yet calculated | CVE-2015-2856 MISC |
| airtame -- airtame | /bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change. | 2017-10-14 | not yet calculated | CVE-2017-15304 MISC |
| apache -- gridgrain | Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path. | 2017-10-09 | not yet calculated | CVE-2017-14614 MLIST |
| apache -- nifi | An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | 2017-10-10 | not yet calculated | CVE-2017-12623 CONFIRM |
| apache -- openmeetings | Apache Openmeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. | 2017-10-12 | not yet calculated | CVE-2016-8736 MISC BID |
| apache -- ranger | In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role. | 2017-10-13 | not yet calculated | CVE-2016-6815 BID CONFIRM |
| apache -- roller | The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | 2017-10-09 | not yet calculated | CVE-2014-0030 CONFIRM MLIST |
| apache -- solr | Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. | 2017-10-14 | not yet calculated | CVE-2017-12629 MISC BID MISC MISC MISC |
| apache-- zookeeper | Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later. | 2017-10-09 | not yet calculated | CVE-2017-5637 BID CONFIRM MLIST |
| asterisk -- asterisk | In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. | 2017-10-09 | not yet calculated | CVE-2017-14603 CONFIRM DEBIAN CONFIRM |
| atlassian -- fisheye_and_crucible | Various resources in Atlassian FishEye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. | 2017-10-11 | not yet calculated | CVE-2017-14588 BID MISC MISC |
| atlassian -- fisheye_and_crucible | The administration user deletion resource in Atlassian FishEye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter. | 2017-10-11 | not yet calculated | CVE-2017-14587 MISC MISC |
| atutor -- lms | Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | 2017-10-10 | not yet calculated | CVE-2015-6521 MLIST CONFIRM |
| bamboo -- bamboo | Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo. | 2017-10-12 | not yet calculated | CVE-2017-9514 CONFIRM |
| cacti -- cacti | include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. | 2017-10-10 | not yet calculated | CVE-2017-15194 SECTRACK CONFIRM CONFIRM |
| cisco -- firmware | Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. | 2017-10-12 | not yet calculated | CVE-2015-6358 CISCO CERT-VN BID SECTRACK SECTRACK SECTRACK SECTRACK |
| cybozu -- office | Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | 2017-10-12 | not yet calculated | CVE-2017-10857 JVN CONFIRM |
| dotcms -- dotcms | The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. | 2017-10-10 | not yet calculated | CVE-2017-15219 MISC |
| dream -- multimedia_dreambox_devices | There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | 2017-10-12 | not yet calculated | CVE-2017-15287 MISC EXPLOIT-DB |
| emc -- network_configuration_manager | EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 2017-10-11 | not yet calculated | CVE-2017-8017 CONFIRM BID SECTRACK |
| epson -- software | The Epson "EasyMP" software (tested on version 2.86) is designed to remotely stream a user's computer to supporting projectors. These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming. In addition to the password, each projector (tested on PowerLite Pro G5650W and G6050W) has a hardcoded "backdoor" code (2270), which authenticates to all devices. | 2017-10-10 | not yet calculated | CVE-2017-12860 MISC |
| epson -- software | The Epson "EasyMP" software (tested on version 2.86) is designed to remotely stream a user's computer to supporting projectors. These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming. All Epson projectors (tested on PowerLite Pro G5650W and G6050W)supporting the "EasyMP" software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device. | 2017-10-10 | not yet calculated | CVE-2017-12861 MISC |
| eyesofnetwork -- eyesofnetwork | A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php. | 2017-10-10 | not yet calculated | CVE-2017-15188 MISC |
| flexense -- vx_search_enterprise | Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code. | 2017-10-11 | not yet calculated | CVE-2017-15220 EXPLOIT-DB |
| flyspray -- flyspray | Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. | 2017-10-10 | not yet calculated | CVE-2017-15214 MISC MISC MISC |
| flyspray -- flyspray | Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl. | 2017-10-10 | not yet calculated | CVE-2017-15213 MISC MISC MISC |
| freebsd -- sys_amd64 | The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). | 2017-10-10 | not yet calculated | CVE-2015-5675 MISC BUGTRAQ BID SECTRACK FREEBSD |
| git -- git | Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. | 2017-10-14 | not yet calculated | CVE-2017-15298 MISC MISC |
| gnu -- binutils | _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. | 2017-10-10 | not yet calculated | CVE-2017-15225 CONFIRM CONFIRM |
| gnu -- libextractor | In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. | 2017-10-11 | not yet calculated | CVE-2017-15267 MISC MISC MISC |
| gnu -- libextractor | In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. | 2017-10-11 | not yet calculated | CVE-2017-15266 MISC MISC MISC |
| gnu -- mpfr | Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str. | 2017-10-09 | not yet calculated | CVE-2014-9474 FEDORA FEDORA CONFIRM MLIST BID CONFIRM CONFIRM MLIST GENTOO |
| graphicsmagick -- graphicsmagick | ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. | 2017-10-10 | not yet calculated | CVE-2017-15238 CONFIRM CONFIRM CONFIRM |
| gurunavi -- app_for_ios | Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | 2017-10-10 | not yet calculated | CVE-2015-7778 JVN JVNDB BID |
| hitachi -- hibun_confidential_file_decryption | Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865. | 2017-10-12 | not yet calculated | CVE-2017-10863 CONFIRM JVN |
| hitachi -- hibun_confidential_file_decryption | Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863. | 2017-10-12 | not yet calculated | CVE-2017-10865 CONFIRM JVN |
| hitachi -- hibun_confidential_file_viewer | Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-10-12 | not yet calculated | CVE-2017-10864 CONFIRM JVN |
| horde -- groupware | The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. | 2017-10-10 | not yet calculated | CVE-2017-15235 MISC |
| hpe -- intelligent_management_center | The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | 2017-10-11 | not yet calculated | CVE-2017-5791 BID BID SECTRACK MISC MISC CONFIRM |
| hpe -- operations_orchestration | A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. | 2017-10-10 | not yet calculated | CVE-2017-8994 BID CONFIRM |
| hpe -- performance_center | HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. | 2017-10-11 | not yet calculated | CVE-2017-5789 BID BID SECTRACK SECTRACK MISC MISC CONFIRM |
| huawei -- fusionserver | Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. | 2017-10-09 | not yet calculated | CVE-2015-7842 BID CONFIRM |
| ibm -- financial_transaction_manager_for_ach_services_for_multi-platform | IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. | 2017-10-10 | not yet calculated | CVE-2017-1538 CONFIRM BID MISC |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. | 2017-10-10 | not yet calculated | CVE-2017-1503 CONFIRM BID SECTRACK MISC |
| identicard -- two-reader_controller_configuration_manager | IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page). | 2017-10-09 | not yet calculated | CVE-2017-14973 MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. | 2017-10-10 | not yet calculated | CVE-2017-15218 BID CONFIRM |
| imagemagick -- imagemagick | ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. | 2017-10-10 | not yet calculated | CVE-2017-15217 BID CONFIRM |
| imagemagick -- imagemagick | ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." | 2017-10-12 | not yet calculated | CVE-2017-15281 CONFIRM |
| imagemagick_and_graphicsmagick -- imagemagick_and_graphicsmagick | ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. | 2017-10-12 | not yet calculated | CVE-2017-15277 MISC MISC MISC |
| infocus -- mondopad | Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim's NetNTLMv2 hash. | 2017-10-09 | not yet calculated | CVE-2017-14971 MISC |
| infocus -- mondopad | InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file. | 2017-10-09 | not yet calculated | CVE-2017-14972 MISC |
| intel -- nuc_firmware | Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery. | 2017-10-10 | not yet calculated | CVE-2017-5701 BID CONFIRM |
| intel -- nuc_firmware | Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. | 2017-10-10 | not yet calculated | CVE-2017-5722 BID CONFIRM |
| intel -- nuc_firmware | Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory. | 2017-10-10 | not yet calculated | CVE-2017-5721 CONFIRM |
| intel -- nuc_firmware | Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage. | 2017-10-10 | not yet calculated | CVE-2017-5700 BID CONFIRM |
| ipv6 -- ipv6 | Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on line card resets and lead to an extended service outage. This issue only affects E Series routers with IPv6 licensed and enabled. Routers not configured to process IPv6 traffic are unaffected by this vulnerability. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. | 2017-10-13 | not yet calculated | CVE-2016-4925 BID SECTRACK CONFIRM |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x00000000000568a4." | 2017-10-11 | not yet calculated | CVE-2017-15243 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x0000000000057b35." | 2017-10-11 | not yet calculated | CVE-2017-15261 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a." | 2017-10-11 | not yet calculated | CVE-2017-15257 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb." | 2017-10-11 | not yet calculated | CVE-2017-15252 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2." | 2017-10-11 | not yet calculated | CVE-2017-15253 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5." | 2017-10-11 | not yet calculated | CVE-2017-15254 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5." | 2017-10-11 | not yet calculated | CVE-2017-15241 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c." | 2017-10-11 | not yet calculated | CVE-2017-15258 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59." | 2017-10-11 | not yet calculated | CVE-2017-15260 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x00000000000166c4." | 2017-10-11 | not yet calculated | CVE-2017-15263 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c." | 2017-10-11 | not yet calculated | CVE-2017-15262 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4." | 2017-10-11 | not yet calculated | CVE-2017-15264 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a." | 2017-10-11 | not yet calculated | CVE-2017-15259 MISC |
| irfanview -- irfanview | IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4." | 2017-10-11 | not yet calculated | CVE-2017-15239 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76." | 2017-10-11 | not yet calculated | CVE-2017-15245 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe." | 2017-10-11 | not yet calculated | CVE-2017-15242 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x0000000000019fc8." | 2017-10-11 | not yet calculated | CVE-2017-15256 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d." | 2017-10-11 | not yet calculated | CVE-2017-15244 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19." | 2017-10-11 | not yet calculated | CVE-2017-15250 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef." | 2017-10-11 | not yet calculated | CVE-2017-15240 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6." | 2017-10-11 | not yet calculated | CVE-2017-15248 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b." | 2017-10-11 | not yet calculated | CVE-2017-15246 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000001168a1." | 2017-10-11 | not yet calculated | CVE-2017-15247 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0." | 2017-10-11 | not yet calculated | CVE-2017-15255 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6." | 2017-10-11 | not yet calculated | CVE-2017-15249 MISC |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x00000000000e7326." | 2017-10-11 | not yet calculated | CVE-2017-15251 MISC |
| jantek -- jtc-200 | An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication. | 2017-10-12 | not yet calculated | CVE-2016-5791 MISC |
| jantek -- jtc-200 | A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. | 2017-10-12 | not yet calculated | CVE-2016-5789 MISC |
| javascript -- node | Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. | 2017-10-10 | not yet calculated | CVE-2015-7384 BID CONFIRM CONFIRM |
| juniper -- contrail | The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). | 2017-10-13 | not yet calculated | CVE-2017-10616 CONFIRM |
| juniper -- contrail | The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). | 2017-10-13 | not yet calculated | CVE-2017-10617 CONFIRM |
| juniper -- junos_os | Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this issue can only be triggered by a packet sent directly to the IP address of the router. Repeated crashes of the rpd daemon can result in an extended denial of service condition. This issue only affects devices running Junos OS 16.1R1 and services releases based off of 16.1R1 (e.g. 16.1R1-S1, 16.1R1-S2, 16.1R1-S3). No prior versions of Junos OS are affected by this vulnerability, and this issue was resolved in Junos OS 16.2 prior to 16.2R1. No other Juniper Networks products or platforms are affected by this issue. This issue was found during internal product security testing. | 2017-10-13 | not yet calculated | CVE-2017-10607 CONFIRM |
| juniper -- junos_os | Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. | 2017-10-13 | not yet calculated | CVE-2017-10623 CONFIRM |
| juniper -- junos_space | A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. | 2017-10-13 | not yet calculated | CVE-2017-10612 BID CONFIRM |
| juniper -- junos_space | An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher. | 2017-10-13 | not yet calculated | CVE-2017-10622 BID CONFIRM |
| juniper -- junos_space | Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. | 2017-10-13 | not yet calculated | CVE-2017-10624 BID CONFIRM |
| juniper -- srx_series_devices | A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue. | 2017-10-13 | not yet calculated | CVE-2017-10615 CONFIRM |
| juniper -- srx_series_devices | A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55; 12.3X48 prior to 12.3X48-D35; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue. | 2017-10-13 | not yet calculated | CVE-2017-10613 CONFIRM |
| juniper -- srx_series_devices | A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D50; 14.1 prior to 14.1R8-S5, 14.1R9; 14.1X53 prior to 14.1X53-D50; 14.2 prior to 14.2R7-S9, 14.2R8; 15.1 prior to 15.1F2-S16, 15.1F5-S7, 15.1F6-S6, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D90; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R4-S1, 16.1R5; 16.2 prior to 16.2R1-S3, 16.2R2; | 2017-10-13 | not yet calculated | CVE-2017-10621 CONFIRM |
| juniper -- srx_series_devices | A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47. | 2017-10-13 | not yet calculated | CVE-2017-10614 CONFIRM |
| juniper -- srx_series_devices | Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue. | 2017-10-13 | not yet calculated | CVE-2017-10606 CONFIRM |
| juniper -- srx_series_devices | On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D71, 12.3X48 prior to 12.3X48-D55, 15.1X49 prior to 15.1X49-D100 on SRX Series. No other Juniper Networks products or platforms are affected by this issue. | 2017-10-13 | not yet calculated | CVE-2017-10610 CONFIRM MISC |
| juniper -- srx_series_devices | If extended statistics are enabled via 'set chassis extended-statistics', when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart. Repeated crashes of PFE processing can result in an extended denial of service condition. This issue only affects the following platforms: (1) EX2200, EX3300, XRE200 (2) MX Series routers with MPC7E/8E/9E PFEs installed, and only if 'extended-statistics' are enabled under the [edit chassis] configuration. Affected releases are Juniper Networks Junos OS 14.1 prior to 14.1R8-S5, 14.1R9 on MX Series; 14.1X53 prior to 14.1X53-D46, 14.1X53-D50 on EX2200, EX3300, XRE200; 14.2 prior to 14.2R7-S9, 14.2R8 on MX Series; 15.1 prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S3, 15.1R6 on MX Series; 16.1 prior to 16.1R4-S5, 16.1R5, 16.1R6 on MX Series; 16.1X65 prior to 16.1X65-D45 on EX2200, EX3300, XRE200; 16.2 prior to 16.2R2-S1, 16.2R3 on MX Series; 17.1 prior to 17.1R2-S2, 17.1R3 on MX Series; 17.2 prior to 17.2R1-S3, 17.2R2 on MX Series; 17.2X75 prior to 17.2X75-D50 on MX Series; 17.3 prior to 17.3R1-S1, 17.3R2 on MX Series. No other Juniper Networks products or platforms are affected by this issue. | 2017-10-13 | not yet calculated | CVE-2017-10611 CONFIRM |
| juniper -- srx_series_devices | When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster configuration mode, certain multicast packets might cause the flowd process to crash, halting or interrupting traffic from flowing through the device and triggering RG1+ (data-plane) fail-over to the secondary node. Repeated crashes of the flowd process may constitute an extended denial of service condition. This service is not enabled by default and is only supported in high-end SRX platforms. Affected releases are Juniper Networks Junos OS 12.3X48 prior to 12.3X48-D45, 15.1X49 prior to 15.1X49-D80 on SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800. | 2017-10-13 | not yet calculated | CVE-2017-10619 CONFIRM |
| juniper -- srx_series_devices | When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have 'bgp-error-tolerance' configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6, 15.1R6-S2, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R5; 16.2 prior to 16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S2, 17.2R2; 17.2X75 prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue. | 2017-10-13 | not yet calculated | CVE-2017-10618 CONFIRM MISC MISC |
| juniper -- srx_series_devices | Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110; | 2017-10-13 | not yet calculated | CVE-2017-10620 CONFIRM |
| juniper -- srx_series_devices | Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target. Repeated traffic in a cluster may cause repeated flip-flop failure operations or full failure to the flowd daemon halting traffic on all nodes. Only IPv6 traffic is affected by this issue. IPv4 traffic is unaffected. This issues is not seen with to-host traffic. This issue has no relation with HA services themselves, only the ALG service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55 on SRX; 12.1X47 prior to 12.1X47-D45 on SRX; 12.3X48 prior to 12.3X48-D32, 12.3X48-D35 on SRX; 15.1X49 prior to 15.1X49-D60 on SRX. | 2017-10-13 | not yet calculated | CVE-2017-10608 CONFIRM |
| juniper -- j-web | J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). | 2017-10-13 | not yet calculated | CVE-2016-1261 CONFIRM |
| juniper -- j-web | Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D40; 12.1X47 prior to 12.1X47-D30; 12.3 prior to 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2X51 prior to 13.2X51-D39, 13.2X51-D40; 13.3 prior to 13.3R9; 14.1 prior to 14.1R6; 14.2 prior to 14.2R6; 15.1 prior to 15.1R3; 15.1X49 prior to 15.1X49-D20; 15.1X53 prior to 15.1X53-D57. | 2017-10-13 | not yet calculated | CVE-2016-4923 BID CONFIRM |
| juniper -- junos_os | An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8 | 2017-10-13 | not yet calculated | CVE-2016-4924 BID CONFIRM |
| juniper -- junos_os | Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X46 prior to 12.1X46-D60; 12.1X47 prior to 12.1X47-D45; 12.3 prior to 12.3R12; 12.3X48 prior to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 prior to 13.3R4-S11, 13.3R9; 14.1 prior to 14.1R4-S12, 14.1R7; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70. | 2017-10-13 | not yet calculated | CVE-2016-4922 BID SECTRACK CONFIRM |
| juniper -- junos_os | By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router. Transit traffic does not trigger the vulnerability. This issue only affects devices with IPv6 enabled and configured. Devices not configured to process IPv6 traffic are unaffected by this vulnerability. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.3 prior to 12.3R3-S4; 12.3X48 prior to 12.3X48-D30; 13.3 prior to 13.3R10, 13.3R4-S11; 14.1 prior to 14.1R2-S8, 14.1R4-S12, 14.1R8; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R6; 15.1 prior to 15.1F2-S5, 15.1F5-S2, 15.1F6, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70. | 2017-10-13 | not yet calculated | CVE-2016-4921 BID SECTRACK CONFIRM |
| juniper -- junos_space | A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | 2017-10-13 | not yet calculated | CVE-2016-1265 CONFIRM |
| jwt-scala -- jwt-scala | jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token. | 2017-10-12 | not yet calculated | CVE-2017-10862 MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15210 MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15211 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15206 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15209 MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15212 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15207 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15204 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15205 MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15203 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15196 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15195 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15200 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15208 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15201 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15202 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15197 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. | 2017-10-10 | not yet calculated | CVE-2017-15198 MISC MISC MISC MISC |
| kanboard -- kanboard | In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. | 2017-10-10 | not yet calculated | CVE-2017-15199 MISC MISC MISC MISC |
| lansweeper -- lansweeper | XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705. | 2017-10-10 | not yet calculated | CVE-2017-13706 MISC FULLDISC CONFIRM |
| lava -- ether-serial_link | An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator. | 2017-10-11 | not yet calculated | CVE-2017-14003 BID MISC |
| libcurl -- libcurl | libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](http://ift.tt/2y0H4JG), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. | 2017-10-06 | not yet calculated | CVE-2017-1000254 BID SECTRACK CONFIRM CONFIRM |
| libjpeg-turbo -- libjpeg-turbo | libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. | 2017-10-10 | not yet calculated | CVE-2017-15232 MISC MISC |
| libjpeg-turbo -- libjpeg-turbo | libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. | 2017-10-10 | not yet calculated | CVE-2014-9092 FEDORA FEDORA FEDORA FEDORA MISC MLIST BID CONFIRM MISC |
| libmp3splt -- libmp3splt | plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2017-10-09 | not yet calculated | CVE-2017-15185 MISC MISC MISC EXPLOIT-DB |
| libxfont -- libxfont | In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. | 2017-10-11 | not yet calculated | CVE-2017-13722 CONFIRM CONFIRM CONFIRM CONFIRM |
| libxfont -- libxfont | In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because '\0' characters are incorrectly skipped in situations involving ? characters. | 2017-10-11 | not yet calculated | CVE-2017-13720 CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively. Android ID: A-36817548. References: QC-CR#2058447, QC-CR#2054770. | 2017-10-10 | not yet calculated | CVE-2017-11060 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address sanity check which may potentially lead to the use of an out-of-range pointer offset. | 2017-10-10 | not yet calculated | CVE-2017-11067 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively. Android ID: A-36815952. References: QC-CR#2054770, QC-CR#2058447, QC-CR#2066628, QC-CR#2087785 | 2017-10-10 | not yet calculated | CVE-2017-11064 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address. | 2017-10-10 | not yet calculated | CVE-2017-11057 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow. | 2017-10-10 | not yet calculated | CVE-2017-11059 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur. | 2017-10-10 | not yet calculated | CVE-2017-11052 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver. | 2017-10-10 | not yet calculated | CVE-2017-9706 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that controls ipa ipc log which will lead to the double-free in ipc_log_context_destroy(). Another issue is the Use-After-Free which can happen due to the race condition when the ipc log is deallocated via the debugfs call during a log print. | 2017-10-10 | not yet calculated | CVE-2017-9687 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur. | 2017-10-10 | not yet calculated | CVE-2017-11054 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently attributes are not validated in __wlan_hdd_cfg80211_do_acs which can potentially lead to a buffer overread. | 2017-10-10 | not yet calculated | CVE-2017-11062 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when the pktlogconf tool gives a pktlog buffer of size less than the minimal possible source data size in the host driver, a buffer overflow can potentially occur. | 2017-10-10 | not yet calculated | CVE-2017-11050 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero. | 2017-10-10 | not yet calculated | CVE-2017-11051 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur. | 2017-10-10 | not yet calculated | CVE-2017-11063 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used. | 2017-10-10 | not yet calculated | CVE-2017-9686 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large. | 2017-10-10 | not yet calculated | CVE-2017-9683 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur. | 2017-10-10 | not yet calculated | CVE-2017-9715 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a buffer over-read can occur. | 2017-10-10 | not yet calculated | CVE-2017-11055 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qos map configure action frame, a buffer overflow can potentially occur in ConvertQosMapsetFrame(). | 2017-10-10 | not yet calculated | CVE-2017-11053 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is directly accessed in kernel space potentially leading to a page fault. | 2017-10-10 | not yet calculated | CVE-2017-11056 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request. | 2017-10-10 | not yet calculated | CVE-2017-9714 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur. | 2017-10-10 | not yet calculated | CVE-2017-9717 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer over-read can occur. | 2017-10-10 | not yet calculated | CVE-2017-11061 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur. | 2017-10-10 | not yet calculated | CVE-2017-11046 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table. | 2017-10-10 | not yet calculated | CVE-2017-9697 BID CONFIRM |
| linux -- code_aurora_forum_android | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur. | 2017-10-10 | not yet calculated | CVE-2017-11048 BID CONFIRM |
| linux -- kernel | security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. | 2017-10-11 | not yet calculated | CVE-2017-15274 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. | 2017-10-14 | not yet calculated | CVE-2017-15299 MISC MISC MISC MISC |
| linux -- linux_kernel | arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." | 2017-10-11 | not yet calculated | CVE-2017-12188 BID CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel. | 2017-10-11 | not yet calculated | CVE-2017-12192 CONFIRM MISC |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11808 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11809 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11806 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11807 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11797 BID CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11811 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11812 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11796 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11805 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11799 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11804 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11802 BID SECTRACK CONFIRM |
| microsoft -- chakracore | ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11801 BID CONFIRM |
| microsoft -- chakracore | ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812. | 2017-10-13 | not yet calculated | CVE-2017-11821 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11800 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11798 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8726 and CVE-2017-11803. | 2017-10-13 | not yet calculated | CVE-2017-11794 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11790 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11813. | 2017-10-13 | not yet calculated | CVE-2017-11822 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11810 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11793 BID SECTRACK CONFIRM |
| microsoft -- lync | Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability." | 2017-10-13 | not yet calculated | CVE-2017-11786 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory. | 2017-10-13 | not yet calculated | CVE-2017-11826 BID SECTRACK CONFIRM |
| microsoft -- office | Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka "Microsoft Office Remote Code Execution Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11825 BID SECTRACK CONFIRM |
| microsoft -- outlook | Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability." | 2017-10-13 | not yet calculated | CVE-2017-11776 BID SECTRACK CONFIRM |
| microsoft -- outlook | Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability." | 2017-10-13 | not yet calculated | CVE-2017-11774 BID SECTRACK CONFIRM |
| microsoft -- sharepoint | Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820. | 2017-10-13 | not yet calculated | CVE-2017-11775 BID SECTRACK CONFIRM |
| microsoft -- sharepoint | Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777. | 2017-10-13 | not yet calculated | CVE-2017-11820 BID SECTRACK CONFIRM |
| microsoft -- sharepoint | Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11820. | 2017-10-13 | not yet calculated | CVE-2017-11777 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11824 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass". | 2017-10-13 | not yet calculated | CVE-2017-8715 BID SECTRACK CONFIRM |
| microsoft -- windows | Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | 2017-10-13 | not yet calculated | CVE-2017-11829 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka "Windows Information Disclosure Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11817 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-8693 BID SECTRACK CONFIRM |
| microsoft -- windows | Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows Elevation of Privilege Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11783 BID SECTRACK CONFIRM |
| microsoft -- windows | The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka "Windows SMB Remote Code Execution Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11780 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11779 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka "TRIE Remote Code Execution Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11769 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763. | 2017-10-13 | not yet calculated | CVE-2017-11762 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11771 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11815 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11814. | 2017-10-13 | not yet calculated | CVE-2017-11785 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11818 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11785, and CVE-2017-11814. | 2017-10-13 | not yet calculated | CVE-2017-11784 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785. | 2017-10-13 | not yet calculated | CVE-2017-11814 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Windows GDI Information Disclosure Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11816 BID SECTRACK CONFIRM |
| microsoft -- windows | ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | 2017-10-13 | not yet calculated | CVE-2017-11792 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8718. | 2017-10-13 | not yet calculated | CVE-2017-8717 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8717. | 2017-10-13 | not yet calculated | CVE-2017-8718 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka "Microsoft Search Information Disclosure Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11772 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814. | 2017-10-13 | not yet calculated | CVE-2017-11765 BID SECTRACK CONFIRM |
| microsoft -- windows | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803. | 2017-10-13 | not yet calculated | CVE-2017-8726 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689. | 2017-10-13 | not yet calculated | CVE-2017-8694 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-11763. | 2017-10-13 | not yet calculated | CVE-2017-11763 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8694. | 2017-10-13 | not yet calculated | CVE-2017-8689 BID SECTRACK CONFIRM |
| microsoft -- windows | Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services Framework handles objects in memory, aka "Windows Shell Memory Corruption Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-8727 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-8703 BID SECTRACK CONFIRM |
| microsoft -- windows | Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11819 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Elevation of Privilege Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11782 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". | 2017-10-13 | not yet calculated | CVE-2017-11781 BID SECTRACK CONFIRM |
| microsoft -- windows | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass". | 2017-10-13 | not yet calculated | CVE-2017-11823 BID SECTRACK CONFIRM |
| mirasys -- video_management_system | Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality. | 2017-10-12 | not yet calculated | CVE-2017-15290 MISC MISC |
| misp -- misp | MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js. | 2017-10-10 | not yet calculated | CVE-2017-15216 CONFIRM CONFIRM |
| nexusphp -- nexusphp | XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. | 2017-10-14 | not yet calculated | CVE-2017-15305 MISC MISC |
| niconico -- app_for_iOS | niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | 2017-10-10 | not yet calculated | CVE-2015-5639 MISC JVN JVNDB BID |
| octobercms -- octobercms | Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account. | 2017-10-12 | not yet calculated | CVE-2017-15284 MISC EXPLOIT-DB |
| opentext -- documentum_content_server | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem. | 2017-10-13 | not yet calculated | CVE-2017-15014 MISC |
| opentext -- documentum_content_server | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. | 2017-10-13 | not yet calculated | CVE-2017-15013 MISC |
| opentext -- documentum_content_server | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. | 2017-10-13 | not yet calculated | CVE-2017-15276 MISC |
| opentext -- documentum_content_server | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. | 2017-10-13 | not yet calculated | CVE-2017-15012 MISC |
| piwigo -- piwigo | Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php. | 2017-10-10 | not yet calculated | CVE-2016-10513 CONFIRM CONFIRM CONFIRM |
| piwigo -- url_check_format | url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring other than the http:// or https:// substring. | 2017-10-10 | not yet calculated | CVE-2016-10514 CONFIRM CONFIRM CONFIRM |
| pure_storage -- purity | Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration > SNMP > Add SNMP Trap Manager' screen. | 2017-10-11 | not yet calculated | CVE-2017-7352 MISC |
| qemu -- qemu | Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | 2017-10-12 | not yet calculated | CVE-2017-15268 CONFIRM MLIST |
| qemu -- qemu | Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. | 2017-10-09 | not yet calculated | CVE-2017-15038 MLIST MLIST |
| rakuten -- rakuten_card | Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | 2017-10-10 | not yet calculated | CVE-2015-2988 JVN JVNDB BID |
| rsa_archer -- grc_platform | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | 2017-10-11 | not yet calculated | CVE-2017-8016 CONFIRM SECTRACK |
| rsa_archer -- grc_platform | RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records. | 2017-10-11 | not yet calculated | CVE-2017-14369 CONFIRM BID SECTRACK |
| rsa_archer -- grc_platform | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | 2017-10-11 | not yet calculated | CVE-2017-14370 CONFIRM SECTRACK |
| rsa_archer -- grc_platform | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | 2017-10-11 | not yet calculated | CVE-2017-14372 CONFIRM BID SECTRACK |
| rsa_archer -- grc_platform | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application. | 2017-10-11 | not yet calculated | CVE-2017-14371 CONFIRM BID SECTRACK |
| rsa_archer -- grc_platform | RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server. | 2017-10-11 | not yet calculated | CVE-2017-8025 CONFIRM BID SECTRACK |
| rubygems -- rubygems | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. | 2017-10-11 | not yet calculated | CVE-2017-0903 MISC MISC MISC MISC |
| ruckus_wireless -- zonedirector_controller | Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system. | 2017-10-13 | not yet calculated | CVE-2017-6223 CONFIRM |
| ruckus_wireless -- zonedirector_controller | Ruckus Wireless ZoneDirector Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request. | 2017-10-13 | not yet calculated | CVE-2017-6224 CONFIRM |
| salt -- salt | salt before 2015.5.5 leaks git usernames and passwords to the log. | 2017-10-10 | not yet calculated | CVE-2015-6918 CONFIRM CONFIRM |
| sdl -- sdl | An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | 2017-10-11 | not yet calculated | CVE-2017-2888 BID MISC |
| sdl -- sdl | An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. | 2017-10-11 | not yet calculated | CVE-2017-2887 BID MISC |
| seagate -- blackarmor_nas | Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. | 2017-10-11 | not yet calculated | CVE-2013-6924 MISC BID XF |
| shaarli -- shaarli | Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users. | 2017-10-10 | not yet calculated | CVE-2017-15215 MISC MISC MISC |
| silverstripe -- silverstripe _cms | Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks. | 2017-10-12 | not yet calculated | CVE-2017-12849 CONFIRM |
| sqlite -- sqlite | SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. | 2017-10-12 | not yet calculated | CVE-2017-15286 MISC |
| sudo-- sudoers_plugin | The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. | 2017-10-10 | not yet calculated | CVE-2015-8239 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| symantec -- endpoint_encryption | A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | 2017-10-10 | not yet calculated | CVE-2017-13679 BID CONFIRM |
| symantec -- endpoint_encryption | A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | 2017-10-10 | not yet calculated | CVE-2017-13675 BID CONFIRM |
| sync_breeze -- enterprise | Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login. | 2017-10-09 | not yet calculated | CVE-2017-14980 MISC |
| teampass -- teampass | Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | 2017-10-12 | not yet calculated | CVE-2017-15278 CONFIRM CONFIRM CONFIRM |
| tiandy -- ip_cameras | Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt. | 2017-10-10 | not yet calculated | CVE-2017-15236 MISC |
| trapeze -- transitmaster | Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to http://ift.tt/2g7UoGc. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the "webwatch.(REDACTED).com" server mentioned in the reference. | 2017-10-10 | not yet calculated | CVE-2017-14943 MISC |
| ui-dialog -- ui-dialog | UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. | 2017-10-10 | not yet calculated | CVE-2008-7315 MLIST BID CONFIRM CONFIRM CONFIRM |
| umbraco_cms -- umbraco_cms | XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to http://ift.tt/1vsltnT. | 2017-10-12 | not yet calculated | CVE-2017-15280 CONFIRM CONFIRM |
| umbraco_cms -- umbraco_cms | Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to http://ift.tt/2hDfmJF and http://ift.tt/2yGj0xb. | 2017-10-12 | not yet calculated | CVE-2017-15279 CONFIRM CONFIRM |
| windows -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11822. | 2017-10-13 | not yet calculated | CVE-2017-11813 BID SECTRACK CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. | 2017-10-10 | not yet calculated | CVE-2017-15191 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. | 2017-10-10 | not yet calculated | CVE-2017-15190 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. | 2017-10-10 | not yet calculated | CVE-2017-15193 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. | 2017-10-10 | not yet calculated | CVE-2017-15189 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. | 2017-10-10 | not yet calculated | CVE-2017-15192 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| wordpress -- wordpress | WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. | 2017-10-12 | not yet calculated | CVE-2016-9263 MISC |
| wordpress -- wordpress | The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters. | 2017-10-06 | not yet calculated | CVE-2015-2673 MISC |
| x-cart -- x-cart | X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory. | 2017-10-12 | not yet calculated | CVE-2017-15285 MISC |
| x.org_foundation -- x.org_server | In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | 2017-10-09 | not yet calculated | CVE-2017-13723 MLIST BID CONFIRM MLIST |
| x.org_foundation -- x.org_server | In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | 2017-10-09 | not yet calculated | CVE-2017-13721 MLIST BID CONFIRM MLIST |
| zend_framework -- zend_framework | Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. | 2017-10-10 | not yet calculated | CVE-2015-7503 CONFIRM CONFIRM |
| zyxel -- zyxel | Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | 2017-10-10 | not yet calculated | CVE-2017-15226 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2gmJwUQ