SB17-345: Vulnerability Summary for the Week of December 4, 2017
Original release date: December 11, 2017
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://ift.tt/2C4mZCg
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no medium vulnerabilities recorded this week. | ||||
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16382 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space. | 2017-12-09 | not yet calculated | CVE-2017-16391 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | 2017-12-09 | not yet calculated | CVE-2017-16374 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the XPS to PDF conversion module, when processing TIFF files. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2017-12-09 | not yet calculated | CVE-2017-16413 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16393 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources. | 2017-12-09 | not yet calculated | CVE-2017-16419 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine API. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16390 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16411 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16388 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of Acrobat's page display functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16405 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript API module responsible for form field computation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16414 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value when processing TIFF files embedded within an XPS document. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16381 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document. | 2017-12-09 | not yet calculated | CVE-2017-16383 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | 2017-12-09 | not yet calculated | CVE-2017-16384 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine. | 2017-12-09 | not yet calculated | CVE-2017-16379 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16364 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt. | 2017-12-09 | not yet calculated | CVE-2017-16380 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | 2017-12-09 | not yet calculated | CVE-2017-16363 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the MakeAccessible plugin. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16376 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaSscript API engine. In this scenario, the JavaScript input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16375 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16396 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. | 2017-12-09 | not yet calculated | CVE-2017-16362 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized; the computation occurs during internal AST thread manipulation. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory. | 2017-12-09 | not yet calculated | CVE-2017-16378 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS2PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16386 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc. | 2017-12-09 | not yet calculated | CVE-2017-16369 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory. | 2017-12-09 | not yet calculated | CVE-2017-16377 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack. | 2017-12-09 | not yet calculated | CVE-2017-16367 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaScript engine. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16371 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16372 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16409 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16370 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | 2017-12-09 | not yet calculated | CVE-2017-16365 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin. | 2017-12-09 | not yet calculated | CVE-2017-16366 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory. | 2017-12-09 | not yet calculated | CVE-2017-16368 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16385 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files. | 2017-12-09 | not yet calculated | CVE-2017-16361 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16399 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack. | 2017-12-09 | not yet calculated | CVE-2017-16406 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16395 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the JPEG processing module. Crafted input with an unexpected JPEG file segment size causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16392 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2017-12-09 | not yet calculated | CVE-2017-16416 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16420 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2017-12-09 | not yet calculated | CVE-2017-16415 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16403 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16418 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the font parsing module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16417 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16389 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2017-12-09 | not yet calculated | CVE-2017-16404 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JPEG 2000 module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16402 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16398 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16412 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16394 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 parser. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16400 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16373 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-16360 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space. | 2017-12-09 | not yet calculated | CVE-2017-16410 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16397 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of handling an EMF EMR_BITBLT record. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2017-12-09 | not yet calculated | CVE-2017-16407 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16408 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of an image conversion, specifically in Enhanced Metafile Format Plus (EMF +) processing modules. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16401 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11293 SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-16387 BID SECTRACK CONFIRM |
| adobe -- connect | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | 2017-12-09 | not yet calculated | CVE-2017-11289 BID SECTRACK CONFIRM |
| adobe -- connect | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | 2017-12-09 | not yet calculated | CVE-2017-11291 BID SECTRACK CONFIRM |
| adobe -- connect | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | 2017-12-09 | not yet calculated | CVE-2017-11287 BID SECTRACK CONFIRM |
| adobe -- connect | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | 2017-12-09 | not yet calculated | CVE-2017-11288 BID SECTRACK CONFIRM |
| adobe -- connect | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks. | 2017-12-09 | not yet calculated | CVE-2017-11290 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | 2017-12-09 | not yet calculated | CVE-2017-11299 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | 2017-12-09 | not yet calculated | CVE-2017-11298 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | 2017-12-09 | not yet calculated | CVE-2017-11297 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | 2017-12-09 | not yet calculated | CVE-2017-11301 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure. | 2017-12-09 | not yet calculated | CVE-2017-11273 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | 2017-12-09 | not yet calculated | CVE-2017-11300 BID SECTRACK CONFIRM |
| adobe -- dng_converter | An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11295 BID CONFIRM |
| adobe -- experience_manager | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. | 2017-12-09 | not yet calculated | CVE-2017-11296 BID SECTRACK CONFIRM |
| adobe -- experience_manager | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. | 2017-12-09 | not yet calculated | CVE-2017-3111 BID SECTRACK CONFIRM |
| adobe -- experience_manager | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet. | 2017-12-09 | not yet calculated | CVE-2017-3109 BID SECTRACK CONFIRM |
| adobe -- flash | Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. | 2017-12-01 | not yet calculated | CVE-2017-11282 MISC BID SECTRACK REDHAT MISC CONFIRM GENTOO EXPLOIT-DB MISC |
| adobe -- flash | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11225 BID SECTRACK REDHAT CONFIRM GENTOO |
| adobe -- flash | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11215 BID SECTRACK REDHAT CONFIRM GENTOO |
| adobe -- flash | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-3114 BID SECTRACK REDHAT CONFIRM GENTOO |
| adobe -- flash | Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. | 2017-12-01 | not yet calculated | CVE-2017-11281 BID SECTRACK REDHAT CONFIRM GENTOO EXPLOIT-DB EXPLOIT-DB MISC |
| adobe -- flash | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-11213 BID SECTRACK REDHAT CONFIRM GENTOO |
| adobe -- flash | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-3112 BID SECTRACK REDHAT CONFIRM GENTOO |
| adobe -- indesign | An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11302 BID SECTRACK CONFIRM |
| adobe -- photoshop | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11304 BID SECTRACK CONFIRM |
| adobe -- photoshop | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11303 BID SECTRACK CONFIRM |
| adobe -- shockwave | An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11294 BID SECTRACK CONFIRM |
| amag_technology -- symmetry_door_edge_network_controllers | Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command. | 2017-12-09 | not yet calculated | CVE-2017-16241 MISC MISC MISC |
| apache -- qpid_broker-j | In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected. | 2017-12-01 | not yet calculated | CVE-2017-15702 BID CONFIRM MLIST CONFIRM |
| apache -- qpid_broker-j | In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected. | 2017-12-01 | not yet calculated | CVE-2017-15701 BID CONFIRM MLIST CONFIRM |
| apache-- struts | In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | 2017-12-01 | not yet calculated | CVE-2017-15707 BID SECTRACK CONFIRM |
| artica_tech -- web_proxy | Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php. | 2017-12-06 | not yet calculated | CVE-2017-17055 MISC MISC FULLDISC EXPLOIT-DB |
| atlassian -- bitbucket | It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket. | 2017-12-05 | not yet calculated | CVE-2017-16857 CONFIRM |
| atlassian -- confluence | The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme. | 2017-12-05 | not yet calculated | CVE-2017-16856 BID CONFIRM |
| audible -- amazon_audible_for_windows | ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file. | 2017-12-06 | not yet calculated | CVE-2017-17069 BID MISC MISC |
| auth0/auth0.js -- auth0/auth0.js | A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback(). | 2017-12-06 | not yet calculated | CVE-2017-17068 CONFIRM |
| buffalo -- multiple_products | Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 2017-12-08 | not yet calculated | CVE-2017-10896 CONFIRM JVN |
| buffalo -- multiple_products | Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors. | 2017-12-08 | not yet calculated | CVE-2017-10897 CONFIRM JVN |
| cisco -- umbrella_virtual_appliance | The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established. | 2017-12-01 | not yet calculated | CVE-2017-6679 BID MISC MISC MISC |
| claymore -- dual_gpu_miner | The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile. | 2017-12-05 | not yet calculated | CVE-2017-16929 MISC MISC |
| claymore -- dual_gpu_miner | The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging. | 2017-12-05 | not yet calculated | CVE-2017-16930 MISC MISC |
| debian -- debian | The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql. | 2017-12-05 | not yet calculated | CVE-2016-1255 UBUNTU UBUNTU CONFIRM MLIST |
| debian -- debian | The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. | 2017-12-05 | not yet calculated | CVE-2016-1252 MISC UBUNTU MISC CONFIRM DEBIAN EXPLOIT-DB |
| debian -- debian | The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file. | 2017-12-05 | not yet calculated | CVE-2016-1253 MLIST BID CONFIRM MLIST |
| dell -- 2335dn_and_2355dn_multifunction_laser_printers | The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website. | 2017-12-07 | not yet calculated | CVE-2017-14386 CONFIRM CONFIRM |
| dell -- storage_manager | The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance). | 2017-12-05 | not yet calculated | CVE-2017-14374 CONFIRM |
| digium -- asterisk_open_source | An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind. | 2017-12-01 | not yet calculated | CVE-2017-17090 CONFIRM BID CONFIRM |
| elastic -- packetbeat | Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic. | 2017-12-08 | not yet calculated | CVE-2017-11480 CONFIRM |
| elastic-- kibana | The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | 2017-12-08 | not yet calculated | CVE-2017-11482 CONFIRM |
| elastic-- kibana | Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 2017-12-08 | not yet calculated | CVE-2017-11481 CONFIRM |
| fiyo_cms -- fiyo_cms | Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name']. | 2017-12-04 | not yet calculated | CVE-2017-17104 MISC |
| fiyo_cms -- fiyo_cms | Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. | 2017-12-04 | not yet calculated | CVE-2017-17103 MISC |
| fiyo_cms -- fiyo_cms | Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link']. | 2017-12-04 | not yet calculated | CVE-2017-17102 MISC |
| flexsense_ltd -- syncbreeze_enterprise | There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account. | 2017-12-03 | not yet calculated | CVE-2017-17099 MISC EXPLOIT-DB |
| fluentd -- fluentd | Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. | 2017-12-08 | not yet calculated | CVE-2017-10906 CONFIRM CONFIRM MISC |
| fossil -- fossil | http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117. | 2017-12-07 | not yet calculated | CVE-2017-17459 CONFIRM CONFIRM CONFIRM |
| game_music_emu -- game_music_emu | The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file. | 2017-12-06 | not yet calculated | CVE-2017-17446 MISC MISC |
| genixcms -- genixcms | GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765. | 2017-12-05 | not yet calculated | CVE-2017-17431 MISC |
| geovap -- reliance_scada | A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code. | 2017-12-04 | not yet calculated | CVE-2017-16721 BID MISC |
| glibc -- glibc | The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. | 2017-12-05 | not yet calculated | CVE-2017-17426 CONFIRM CONFIRM |
| gnu -- binutils | The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file. | 2017-12-04 | not yet calculated | CVE-2017-17122 MISC MISC |
| gnu -- binutils | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section. | 2017-12-04 | not yet calculated | CVE-2017-17121 MISC MISC |
| gnu -- binutils | The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file. | 2017-12-04 | not yet calculated | CVE-2017-17123 MISC MISC |
| gnu -- binutils | The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary. | 2017-12-04 | not yet calculated | CVE-2017-17124 MISC MISC |
| gnu -- binutils | The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers. | 2017-12-04 | not yet calculated | CVE-2017-17126 MISC MISC |
| gnu -- binutils | nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file. | 2017-12-04 | not yet calculated | CVE-2017-17125 MISC MISC |
| gnu -- libextractor | GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c. | 2017-12-06 | not yet calculated | CVE-2017-17440 BID MISC MISC MISC MISC MISC MISC MISC |
| google -- android | A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533. | 2017-12-06 | not yet calculated | CVE-2017-13148 CONFIRM |
| google -- android | An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772. | 2017-12-06 | not yet calculated | CVE-2017-13159 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086. | 2017-12-06 | not yet calculated | CVE-2017-13171 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. | 2017-12-06 | not yet calculated | CVE-2017-13156 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854. | 2017-12-06 | not yet calculated | CVE-2017-13153 CONFIRM |
| google -- android | An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341. | 2017-12-06 | not yet calculated | CVE-2017-13157 BID CONFIRM |
| google -- android | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872. | 2017-12-06 | not yet calculated | CVE-2017-13149 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573. | 2017-12-06 | not yet calculated | CVE-2017-13154 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233. | 2017-12-06 | not yet calculated | CVE-2017-13168 CONFIRM |
| google -- android | An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384. | 2017-12-06 | not yet calculated | CVE-2017-13152 CONFIRM |
| google -- android | An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193. | 2017-12-06 | not yet calculated | CVE-2017-13164 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280. | 2017-12-06 | not yet calculated | CVE-2017-13170 BID CONFIRM |
| google -- android | An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375. | 2017-12-06 | not yet calculated | CVE-2017-13169 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993. | 2017-12-06 | not yet calculated | CVE-2017-13167 CONFIRM |
| google -- android | A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456. | 2017-12-06 | not yet calculated | CVE-2017-13151 CONFIRM |
| google -- android | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132. | 2017-12-06 | not yet calculated | CVE-2017-13150 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361. | 2017-12-06 | not yet calculated | CVE-2017-13173 BID CONFIRM |
| google -- android | NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android: A-63802421. References: N-CVE-2017-6276. | 2017-12-06 | not yet calculated | CVE-2017-6276 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036. | 2017-12-06 | not yet calculated | CVE-2017-13162 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473. | 2017-12-06 | not yet calculated | CVE-2017-13174 BID CONFIRM |
| google -- android | NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to improper usage of the list_for_each kernel macro which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38046353. References: N-CVE-2017-6263. | 2017-12-06 | not yet calculated | CVE-2017-6263 BID CONFIRM |
| google -- android | NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38045794. References: N-CVE-2017-6262. | 2017-12-06 | not yet calculated | CVE-2017-6262 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287. References: M-ALPS03495791. | 2017-12-06 | not yet calculated | CVE-2017-13172 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. References: BC-V2017092501. | 2017-12-06 | not yet calculated | CVE-2017-13161 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972. | 2017-12-06 | not yet calculated | CVE-2017-13163 CONFIRM |
| google -- android | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362. | 2017-12-06 | not yet calculated | CVE-2017-13160 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937. | 2017-12-06 | not yet calculated | CVE-2017-13165 CONFIRM |
| google -- android | An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167. | 2017-12-06 | not yet calculated | CVE-2017-13166 CONFIRM |
| google -- android | An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915. | 2017-12-06 | not yet calculated | CVE-2017-13158 BID CONFIRM |
| google -- android | An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175. | 2017-12-06 | not yet calculated | CVE-2017-13175 CONFIRM |
| google-- android | A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255. | 2017-12-06 | not yet calculated | CVE-2017-0873 CONFIRM |
| google-- android | A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012. | 2017-12-06 | not yet calculated | CVE-2017-0880 CONFIRM |
| google-- android | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028. | 2017-12-06 | not yet calculated | CVE-2017-0879 CONFIRM |
| google-- android | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675. | 2017-12-06 | not yet calculated | CVE-2017-0876 CONFIRM |
| google-- android | An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64340921. | 2017-12-06 | not yet calculated | CVE-2017-0837 CONFIRM |
| google-- android | An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807. | 2017-12-06 | not yet calculated | CVE-2017-0870 CONFIRM |
| google-- android | A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932. | 2017-12-06 | not yet calculated | CVE-2017-0874 CONFIRM |
| google-- android | A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291. | 2017-12-06 | not yet calculated | CVE-2017-0878 CONFIRM |
| google-- android | A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937. | 2017-12-06 | not yet calculated | CVE-2017-0877 CONFIRM |
| google-- android | An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159. | 2017-12-06 | not yet calculated | CVE-2017-0871 CONFIRM |
| google-- android | A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323. | 2017-12-06 | not yet calculated | CVE-2017-0872 CONFIRM |
| heimdal -- heimdal_security | In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. | 2017-12-06 | not yet calculated | CVE-2017-17439 MISC CONFIRM CONFIRM CONFIRM DEBIAN |
| hpe -- connected_backup | A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. | 2017-12-05 | not yet calculated | CVE-2017-14355 BUGTRAQ BID CONFIRM |
| i2pd -- i2pd | The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug. | 2017-12-05 | not yet calculated | CVE-2017-17066 MISC MISC |
| ibm -- atlas_ediscovery_process_management | IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682. | 2017-12-07 | not yet calculated | CVE-2017-1355 BID MISC CONFIRM |
| ibm -- atlas_ediscovery_process_management | IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683. | 2017-12-07 | not yet calculated | CVE-2017-1356 BID MISC CONFIRM |
| ibm -- atlas_ediscovery_process_management | IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681. | 2017-12-07 | not yet calculated | CVE-2017-1354 MISC CONFIRM |
| ibm -- atlas_ediscovery_process_management | IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680. | 2017-12-07 | not yet calculated | CVE-2017-1353 MISC CONFIRM |
| ibm -- connections | IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020. | 2017-12-07 | not yet calculated | CVE-2017-1498 CONFIRM BID MISC |
| ibm -- sterling_b2b_intergrator_standard_edition | IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620. | 2017-12-07 | not yet calculated | CVE-2017-1482 CONFIRM BID MISC |
| ibm -- sterling_b2b_intergrator_standard_edition | IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619. | 2017-12-07 | not yet calculated | CVE-2017-1481 CONFIRM BID MISC |
| ibm -- sterling_file_gateway | IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626. | 2017-12-07 | not yet calculated | CVE-2017-1487 CONFIRM BID MISC |
| ibm -- sterling_file_gateway | IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695. | 2017-12-07 | not yet calculated | CVE-2017-1497 CONFIRM MISC |
| ibm -- tririga | IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464. | 2017-12-07 | not yet calculated | CVE-2017-1465 CONFIRM MISC |
| ibm -- websphere_mq | IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. | 2017-12-07 | not yet calculated | CVE-2017-1341 CONFIRM BID MISC |
| ibm -- websphere_mq | IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. | 2017-12-07 | not yet calculated | CVE-2017-1433 CONFIRM MISC |
| ibm -- infosphere_biginsights | IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244. | 2017-12-07 | not yet calculated | CVE-2017-1336 CONFIRM BID MISC |
| ibm -- insights_foundation_for_energy | IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457. | 2017-12-07 | not yet calculated | CVE-2017-1342 CONFIRM MISC |
| ibm -- security_guardium | IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746. | 2017-12-07 | not yet calculated | CVE-2017-1271 CONFIRM BID SECTRACK MISC |
| icodechecker -- icodechecker | A Regular expression Denial of Service (ReDoS) vulnerability in the file marked.js of the marked npm package (tested on version 0.3.7) allows a remote attacker to overload and crash a server by passing a maliciously crafted string. | 2017-12-07 | not yet calculated | CVE-2017-17461 MISC |
| ispconfig -- ispconfig | ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job. | 2017-12-07 | not yet calculated | CVE-2017-17384 CONFIRM |
| japan_agency_for_local_authority_information_systems -- jpki | Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-12-08 | not yet calculated | CVE-2017-10893 JVN |
| jenkins -- jenkins | Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624. | 2017-12-06 | not yet calculated | CVE-2017-17383 CONFIRM |
| johnson_and_johnson -- ethicon_endo-surgery_generator_gen11 | An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability. | 2017-12-05 | not yet calculated | CVE-2017-14018 BID MISC |
| k7_computing -- k7_antivirus | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request. | 2017-12-08 | not yet calculated | CVE-2017-17464 MISC |
| k7_computing -- k7_antivirus | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request. | 2017-12-08 | not yet calculated | CVE-2017-17465 MISC |
| kaspersky -- embedded_systems_security | Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | 2017-12-08 | not yet calculated | CVE-2017-12823 CONFIRM |
| libav -- libav | The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file. | 2017-12-04 | not yet calculated | CVE-2017-17128 MISC |
| libav -- libav | The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. | 2017-12-04 | not yet calculated | CVE-2017-17129 MISC |
| libav -- libav | The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | 2017-12-04 | not yet calculated | CVE-2017-17127 MISC |
| libav -- libav | The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv. | 2017-12-04 | not yet calculated | CVE-2017-17130 MISC |
| libsndfile -- libsndfile | The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245. | 2017-12-07 | not yet calculated | CVE-2017-17456 MISC |
| libsndfile -- libsndfile | The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246. | 2017-12-07 | not yet calculated | CVE-2017-17457 MISC |
| libtiff -- libtiff | tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file. | 2017-12-02 | not yet calculated | CVE-2017-17095 MISC MISC |
| libxcursor -- libxcursor | libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. | 2017-12-01 | not yet calculated | CVE-2017-16612 CONFIRM MLIST UBUNTU CONFIRM CONFIRM MLIST DEBIAN |
| libxfont_libxfont2 -- libxfont_libxfont2 | In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files. | 2017-12-01 | not yet calculated | CVE-2017-16611 MISC MLIST UBUNTU CONFIRM MLIST MLIST |
| linux -- linux_kernel | The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application. | 2017-12-05 | not yet calculated | CVE-2017-15868 CONFIRM BID CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. | 2017-12-05 | not yet calculated | CVE-2017-8824 MISC MISC BID |
| linux -- linux_kernel | net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces. | 2017-12-06 | not yet calculated | CVE-2017-17448 BID MISC |
| linux -- linux_kernel | The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. | 2017-12-06 | not yet calculated | CVE-2017-17449 MISC |
| linux -- linux_kernel | net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. | 2017-12-06 | not yet calculated | CVE-2017-17450 BID MISC |
| linux -- linux_kernel | The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes). | 2017-12-07 | not yet calculated | CVE-2017-1000410 MLIST BID |
| mercurial -- mercurial | In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically. | 2017-12-07 | not yet calculated | CVE-2017-17458 MISC MISC MISC |
| microsoft -- malware_protection_engine | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". | 2017-12-07 | not yet calculated | CVE-2017-11937 BID SECTRACK CONFIRM |
| microsoft -- malware_protection_engine | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937. | 2017-12-08 | not yet calculated | CVE-2017-11940 BID SECTRACK CONFIRM |
| microsoft -- windows | ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request. | 2017-12-04 | not yet calculated | CVE-2017-17113 MISC |
| microsoft -- windows | ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request. | 2017-12-04 | not yet calculated | CVE-2017-17112 MISC |
| microsoft -- windows | ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 have a Memory Corruption vulnerability via a 0x83000084 DeviceIoControl request. | 2017-12-04 | not yet calculated | CVE-2017-17114 MISC |
| mistserver -- mistserver | Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts. | 2017-12-06 | not yet calculated | CVE-2017-16884 MISC MISC FULLDISC CONFIRM EXPLOIT-DB |
| open_ticket_request_system -- open_ticket_request_system | In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. | 2017-12-08 | not yet calculated | CVE-2017-16921 CONFIRM |
| open_ticket_request_system -- open_ticket_request_system | In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. | 2017-12-08 | not yet calculated | CVE-2017-16854 CONFIRM |
| openafs -- openafs | OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value. | 2017-12-05 | not yet calculated | CVE-2017-17432 CONFIRM CONFIRM |
| openjpg -- openjpg | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | 2017-12-08 | not yet calculated | CVE-2017-17479 MISC |
| openjpg -- openjpg | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | 2017-12-08 | not yet calculated | CVE-2017-17480 MISC |
| openssl -- openssl | OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. | 2017-12-07 | not yet calculated | CVE-2017-3737 BID SECTRACK CONFIRM CONFIRM |
| openssl -- openssl | There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. | 2017-12-07 | not yet calculated | CVE-2017-3738 BID SECTRACK CONFIRM CONFIRM |
| openstack/nova -- openstack/nova | An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected. | 2017-12-05 | not yet calculated | CVE-2017-17051 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| puppet -- puppet_agent | Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0. | 2017-12-06 | not yet calculated | CVE-2016-5713 CONFIRM |
| qemu -- qemu | The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. | 2017-12-06 | not yet calculated | CVE-2017-17381 MLIST BID MLIST |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning. | 2017-12-05 | not yet calculated | CVE-2017-11006 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a graphics driver ioctl handler, the lack of copy_from_user() function calls may result in writes to kernel memory. | 2017-12-05 | not yet calculated | CVE-2017-11047 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improperly specified offset/size values for a submission command could cause a math operation to overflow and could result in an access to arbitrary memory. The combined pointer will overflow and possibly pass further checks intended to avoid accessing unintended memory. | 2017-12-05 | not yet calculated | CVE-2017-9698 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7. | 2017-12-05 | not yet calculated | CVE-2017-14903 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition. | 2017-12-05 | not yet calculated | CVE-2017-11044 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur. | 2017-12-05 | not yet calculated | CVE-2017-14918 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control. | 2017-12-05 | not yet calculated | CVE-2017-11042 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free condition. | 2017-12-05 | not yet calculated | CVE-2017-11031 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the get_metadata was not closed even though the buffer allocated to the fd was freed. This resulted in a failure during exit sequence. | 2017-12-05 | not yet calculated | CVE-2017-11019 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation. Ultimately this can result in a kernel memory overwrite. | 2017-12-05 | not yet calculated | CVE-2017-14896 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key. | 2017-12-05 | not yet calculated | CVE-2017-14907 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur. | 2017-12-05 | not yet calculated | CVE-2017-14905 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify. | 2017-12-05 | not yet calculated | CVE-2017-14908 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space. | 2017-12-05 | not yet calculated | CVE-2017-14897 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, IOCTL interface to send QMI NOTIFY REQ messages can be called from multiple contexts which can result in buffer overflow of msg cache. | 2017-12-05 | not yet calculated | CVE-2017-9710 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer overflow. | 2017-12-05 | not yet calculated | CVE-2017-11049 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_MAC_ADDR contains fewer than 6 bytes, a buffer overrun occurs. | 2017-12-05 | not yet calculated | CVE-2017-14900 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. | 2017-12-05 | not yet calculated | CVE-2017-14916 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur. | 2017-12-05 | not yet calculated | CVE-2017-14902 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs. | 2017-12-05 | not yet calculated | CVE-2017-14901 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, a buffer overrun occurs. | 2017-12-05 | not yet calculated | CVE-2017-14899 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated. | 2017-12-05 | not yet calculated | CVE-2017-14909 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs. | 2017-12-05 | not yet calculated | CVE-2017-14898 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer. | 2017-12-05 | not yet calculated | CVE-2017-14904 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer overwrite is possible in fw_name_store if image name is 64 characters. | 2017-12-05 | not yet calculated | CVE-2017-9700 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information. | 2017-12-05 | not yet calculated | CVE-2017-14895 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the HDMI video driver function hdmi_edid_sysfs_rda_res_info(), userspace can perform an arbitrary write into kernel memory. | 2017-12-05 | not yet calculated | CVE-2017-11030 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite. | 2017-12-05 | not yet calculated | CVE-2017-9718 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow occurs. | 2017-12-05 | not yet calculated | CVE-2017-9722 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the coresight-tmc driver, a simultaneous read and enable of the ETR device after changing the buffer size may result in a Use After Free condition of the previous buffer. | 2017-12-05 | not yet calculated | CVE-2017-11033 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function "msm_camera_config_single_vreg". | 2017-12-05 | not yet calculated | CVE-2017-9708 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qbt1000 driver implements an alternative channel for usermode applications to talk to QSEE applications. | 2017-12-05 | not yet calculated | CVE-2017-9716 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition. | 2017-12-05 | not yet calculated | CVE-2017-11045 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony. | 2017-12-05 | not yet calculated | CVE-2017-9709 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur. | 2017-12-05 | not yet calculated | CVE-2017-6211 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition. | 2017-12-05 | not yet calculated | CVE-2017-9703 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash. | 2017-12-05 | not yet calculated | CVE-2017-11007 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur. | 2017-12-05 | not yet calculated | CVE-2017-11043 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path. | 2017-12-05 | not yet calculated | CVE-2017-11005 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated. | 2017-12-05 | not yet calculated | CVE-2017-14917 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared. | 2017-12-05 | not yet calculated | CVE-2017-11016 CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale. | 2017-12-05 | not yet calculated | CVE-2017-14914 BID CONFIRM |
| qualcomm -- msm | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs. | 2017-12-05 | not yet calculated | CVE-2017-15813 CONFIRM |
| red_hat -- red_hat_enterprise_linux | A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. | 2017-12-06 | not yet calculated | CVE-2017-15121 CONFIRM |
| rsync -- rsync | The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. | 2017-12-05 | not yet calculated | CVE-2017-17434 MISC MISC |
| rsync -- rsync | The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. | 2017-12-05 | not yet calculated | CVE-2017-17433 MISC |
| sangoma -- netborder_session_controller | Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface. | 2017-12-07 | not yet calculated | CVE-2017-17430 CONFIRM |
| sap -- business_objects_financial_consolidation | Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292. | 2017-12-03 | not yet calculated | CVE-2017-14516 CONFIRM |
| synology -- calendar | Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. | 2017-12-08 | not yet calculated | CVE-2017-15891 CONFIRM |
| synology -- diskstation_manager | Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | 2017-12-04 | not yet calculated | CVE-2017-15889 CONFIRM |
| synology -- diskstation_manager | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | 2017-12-08 | not yet calculated | CVE-2017-15894 CONFIRM |
| synology -- file_station | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | 2017-12-08 | not yet calculated | CVE-2017-15893 CONFIRM |
| synology -- photo_station | Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. | 2017-12-04 | not yet calculated | CVE-2017-12079 CONFIRM |
| synology -- photo_station | An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file. | 2017-12-04 | not yet calculated | CVE-2017-12080 CONFIRM |
| synology -- router_manager | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | 2017-12-08 | not yet calculated | CVE-2017-15895 CONFIRM |
| tg_soft -- vir.it_explorer_lite | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050. | 2017-12-08 | not yet calculated | CVE-2017-17473 MISC |
| tg_soft -- vir.it_explorer_lite | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068. | 2017-12-08 | not yet calculated | CVE-2017-17475 MISC |
| tg_soft -- vir.it_explorer_lite | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82732140. | 2017-12-08 | not yet calculated | CVE-2017-17471 MISC |
| tg_soft -- vir.it_explorer_lite | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730088. | 2017-12-08 | not yet calculated | CVE-2017-17466 MISC |
| tg_soft -- vir.it_explorer_lite | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730070. | 2017-12-08 | not yet calculated | CVE-2017-17474 MISC |
| tg_soft -- vir.it_explorer_lite | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730074. | 2017-12-08 | not yet calculated | CVE-2017-17467 MISC |
| tg_soft -- vir.it_explorer_lite | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730030. | 2017-12-08 | not yet calculated | CVE-2017-17472 MISC |
| tg_soft -- vir.it_explorer_lite | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050. | 2017-12-08 | not yet calculated | CVE-2017-17468 MISC |
| tg_soft -- vir.it_explorer_lite | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730054. | 2017-12-08 | not yet calculated | CVE-2017-17470 MISC |
| tg_soft -- vir.it_explorer_lite | TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730008, a different vulnerability than CVE-2017-16948. | 2017-12-08 | not yet calculated | CVE-2017-17469 MISC |
| tor -- tor | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012. | 2017-12-03 | not yet calculated | CVE-2017-8822 CONFIRM CONFIRM CONFIRM DEBIAN |
| tor -- tor | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010. | 2017-12-03 | not yet calculated | CVE-2017-8820 CONFIRM CONFIRM DEBIAN |
| tor -- tor | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013. | 2017-12-03 | not yet calculated | CVE-2017-8823 CONFIRM CONFIRM CONFIRM DEBIAN |
| tor -- tor | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011. | 2017-12-03 | not yet calculated | CVE-2017-8821 CONFIRM CONFIRM DEBIAN |
| tor -- tor | In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue. | 2017-12-03 | not yet calculated | CVE-2017-8819 CONFIRM CONFIRM DEBIAN |
| tor -- tor | Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. | 2017-12-05 | not yet calculated | CVE-2016-1254 SUSE SUSE CONFIRM CONFIRM FEDORA FEDORA CONFIRM DEBIAN |
| vaultek -- vt20_series_gun_safe | An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request, the safe does not check the PIN code, so an attacker can obtain authorization using any value. Once an attacker sees the Bluetooth Low Energy (BLE) advertisement for the safe, they need only to write a BLE characteristic to enable notifications, and send a crafted getAuthor packet that returns a temporary key, and an unlock packet including that temporary key. The safe then opens after the unlock packet is processed, with no verification of PIN or other credentials. | 2017-12-06 | not yet calculated | CVE-2017-17435 MISC |
| vaultek -- vt20_series_gun_safe | An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe. | 2017-12-06 | not yet calculated | CVE-2017-17436 MISC |
| vivo -- modems | Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields. | 2017-12-08 | not yet calculated | CVE-2017-17463 MISC |
| vmware -- vmware | The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity. | 2017-12-05 | not yet calculated | CVE-2017-4920 BID CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length. | 2017-12-01 | not yet calculated | CVE-2017-17085 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length. | 2017-12-01 | not yet calculated | CVE-2017-17084 BID CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer. | 2017-12-01 | not yet calculated | CVE-2017-17083 BID CONFIRM CONFIRM CONFIRM |
| wordpress -- wordpress | wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. | 2017-12-02 | not yet calculated | CVE-2017-17091 BID MISC MISC MISC MISC |
| wordpress -- wordpress | wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site. | 2017-12-02 | not yet calculated | CVE-2017-17093 BID MISC MISC MISC MISC |
| wordpress -- wordpress | The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. | 2017-12-06 | not yet calculated | CVE-2017-17451 MISC MISC MISC |
| wordpress -- wordpress | wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file. | 2017-12-02 | not yet calculated | CVE-2017-17092 BID MISC MISC MISC MISC |
| wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data. | 2017-12-03 | not yet calculated | CVE-2017-17096 CONFIRM MISC |
| wordpress -- wordpress | wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL. | 2017-12-02 | not yet calculated | CVE-2017-17094 BID MISC MISC MISC MISC |
| zktime -- web_software | The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software. | 2017-12-04 | not yet calculated | CVE-2017-17056 MISC BID |
| zktime -- web_software | There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browser in the context of the vulnerable application. | 2017-12-04 | not yet calculated | CVE-2017-17057 MISC BID |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2C4mZCg