SB17-352: Vulnerability Summary for the Week of December 11, 2017
Original release date: December 18, 2017
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://ift.tt/2Bt5FXz
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16360 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack. | 2017-12-09 | 9.3 | CVE-2017-16362 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | 2017-12-09 | 9.3 | CVE-2017-16363 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16364 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | 2017-12-09 | 9.3 | CVE-2017-16365 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack. | 2017-12-09 | 9.3 | CVE-2017-16367 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory. | 2017-12-09 | 9.3 | CVE-2017-16368 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16370 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaScript engine. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16371 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16372 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16373 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | 2017-12-09 | 9.3 | CVE-2017-16374 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaSscript API engine. In this scenario, the JavaScript input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16375 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the MakeAccessible plugin. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16376 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory. | 2017-12-09 | 9.3 | CVE-2017-16377 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized; the computation occurs during internal AST thread manipulation. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory. | 2017-12-09 | 9.3 | CVE-2017-16378 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine. | 2017-12-09 | 9.3 | CVE-2017-16379 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt. | 2017-12-09 | 9.3 | CVE-2017-16380 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value when processing TIFF files embedded within an XPS document. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16381 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16382 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document. | 2017-12-09 | 9.3 | CVE-2017-16383 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc. | 2017-12-09 | 9.3 | CVE-2017-16384 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16385 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS2PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16386 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16387 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16388 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16389 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine API. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16390 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space. | 2017-12-09 | 9.3 | CVE-2017-16391 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the JPEG processing module. Crafted input with an unexpected JPEG file segment size causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16392 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16393 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16394 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16395 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16396 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16397 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | 9.3 | CVE-2017-16398 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16399 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 parser. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16400 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of an image conversion, specifically in Enhanced Metafile Format Plus (EMF +) processing modules. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16401 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JPEG 2000 module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16402 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16403 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2017-12-09 | 9.3 | CVE-2017-16404 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of Acrobat's page display functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16405 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack. | 2017-12-09 | 9.3 | CVE-2017-16406 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of handling an EMF EMR_BITBLT record. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2017-12-09 | 9.3 | CVE-2017-16407 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16408 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16409 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space. | 2017-12-09 | 9.3 | CVE-2017-16410 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16411 BID SECTRACK CONFIRM |
| adobe -- acrobat_and_reader | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16412 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the XPS to PDF conversion module, when processing TIFF files. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2017-12-09 | 9.3 | CVE-2017-16413 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript API module responsible for form field computation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16414 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2017-12-09 | 9.3 | CVE-2017-16415 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | 2017-12-09 | 9.3 | CVE-2017-16416 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the font parsing module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16417 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16418 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | 9.3 | CVE-2017-16420 BID SECTRACK CONFIRM |
| adobe -- photoshop | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | 7.5 | CVE-2017-11303 BID SECTRACK CONFIRM |
| adobe -- photoshop | An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | 7.5 | CVE-2017-11304 BID SECTRACK CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files. | 2017-12-09 | 4.3 | CVE-2017-16361 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin. | 2017-12-09 | 5.0 | CVE-2017-16366 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc. | 2017-12-09 | 4.3 | CVE-2017-16369 BID SECTRACK CONFIRM |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources. | 2017-12-09 | 4.3 | CVE-2017-16419 BID SECTRACK CONFIRM |
| adobe -- connect | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | 2017-12-09 | 4.3 | CVE-2017-11287 BID SECTRACK CONFIRM |
| adobe -- connect | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | 2017-12-09 | 4.3 | CVE-2017-11288 BID SECTRACK CONFIRM |
| adobe -- connect | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure. | 2017-12-09 | 4.3 | CVE-2017-11289 BID SECTRACK CONFIRM |
| adobe -- connect | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks. | 2017-12-09 | 4.3 | CVE-2017-11290 BID SECTRACK CONFIRM |
| adobe -- connect | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls. | 2017-12-09 | 6.4 | CVE-2017-11291 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure. | 2017-12-09 | 4.3 | CVE-2017-11273 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | 2017-12-09 | 5.0 | CVE-2017-11297 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | 2017-12-09 | 5.0 | CVE-2017-11298 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | 2017-12-09 | 5.0 | CVE-2017-11299 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | 2017-12-09 | 5.0 | CVE-2017-11300 BID SECTRACK CONFIRM |
| adobe -- digital_editions | An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | 2017-12-09 | 5.0 | CVE-2017-11301 BID SECTRACK CONFIRM |
| adobe -- experience_manager | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager. | 2017-12-09 | 4.3 | CVE-2017-11296 BID SECTRACK CONFIRM |
| adobe -- experience_manager | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet. | 2017-12-09 | 4.3 | CVE-2017-3109 BID SECTRACK CONFIRM |
| adobe -- experience_manager | An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances. | 2017-12-09 | 5.0 | CVE-2017-3111 BID SECTRACK CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abiword -- abiword | af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17529 MISC |
| acdsee -- acdsee_ultimate_10.0.0.292 | A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability. | 2017-12-11 | not yet calculated | CVE-2017-2886 BID MISC |
| acti -- acti_cameras | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials. | 2017-12-15 | not yet calculated | CVE-2017-3186 BID MISC MISC CERT-VN |
| acti -- acti_cameras | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://ift.tt/2mxsDrj page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186). | 2017-12-15 | not yet calculated | CVE-2017-3184 BID MISC MISC CERT-VN |
| acti -- acti_cameras | ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources. | 2017-12-15 | not yet calculated | CVE-2017-3185 BID MISC MISC CERT-VN |
| adobe -- acrobat | An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11293 BID SECTRACK CONFIRM |
| adobe -- dng | An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11295 BID CONFIRM |
| adobe -- flash_player | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11225 BID SECTRACK REDHAT CONFIRM GENTOO |
| adobe -- flash_player | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-3114 BID SECTRACK REDHAT CONFIRM GENTOO |
| adobe -- flash_player | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11215 BID SECTRACK REDHAT CONFIRM GENTOO |
| adobe -- flash_player | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-11213 BID SECTRACK REDHAT CONFIRM GENTOO |
| adobe -- flash_player | A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. | 2017-12-13 | not yet calculated | CVE-2017-11305 BID SECTRACK CONFIRM |
| adobe -- flash_player | An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | 2017-12-09 | not yet calculated | CVE-2017-3112 BID SECTRACK REDHAT CONFIRM GENTOO |
| adobe -- indesign | An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11302 BID SECTRACK CONFIRM |
| adobe -- shockwave | An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. | 2017-12-09 | not yet calculated | CVE-2017-11294 BID SECTRACK CONFIRM |
| amag_technologies -- symmetry_edge_network_door_controllers | Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command. | 2017-12-09 | not yet calculated | CVE-2017-16241 MISC MISC MISC |
| apache -- fineract | In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query. | 2017-12-14 | not yet calculated | CVE-2017-5663 MLIST |
| apache -- synapse | Due to the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions, Apache Synapse 3.0.0 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. To mitigate the issue upgrading to 3.0.1 version is required. In Synapse 3.0.1 version, Commons Collection has been updated to 3.2.2 version which contains the fix for the above mentioned vulnerability. | 2017-12-11 | not yet calculated | CVE-2017-15708 BID MLIST |
| asterisk -- multiple_products | A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack. | 2017-12-13 | not yet calculated | CVE-2017-17664 MISC BID MISC MISC |
| atlassian -- bamboo | Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability. | 2017-12-13 | not yet calculated | CVE-2017-14590 BID CONFIRM CONFIRM |
| atlassian -- bamboo | It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability. | 2017-12-13 | not yet calculated | CVE-2017-14589 BID CONFIRM CONFIRM |
| aubio -- aubio | A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file. | 2017-12-11 | not yet calculated | CVE-2017-17554 MISC |
| bernard_parisse_giac -- bernard_parisse_giac | Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17526 MISC |
| bob_hepple_gjots2 -- bob_hepple_gjots2 | lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17535 MISC |
boxug -- trape | Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | 2017-12-16 | not yet calculated | CVE-2017-17714 MISC MISC MISC |
boxug -- trape | Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | 2017-12-16 | not yet calculated | CVE-2017-17713 MISC MISC MISC MISC MISC |
| cisco -- asa_5500_series_routers | A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652. | 2017-12-15 | not yet calculated | CVE-2017-12373 CONFIRM |
| citrix -- multiple_products | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | 2017-12-13 | not yet calculated | CVE-2017-17382 BID SECTRACK MISC CONFIRM CERT-VN |
| citrix -- multiple_products | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. | 2017-12-13 | not yet calculated | CVE-2017-17549 BID SECTRACK CONFIRM |
| commvault -- edge_communication_service | Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges. | 2017-12-15 | not yet calculated | CVE-2017-3195 CONFIRM MISC BID EXPLOIT-DB CERT-VN |
| crowdfunding_software -- realestate_crowdfunding_script | Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17591 MISC |
| d-link -- dir-130_firmware_version_1.23_and_dir-330_firmware_version_1.12 | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials. | 2017-12-15 | not yet calculated | CVE-2017-3191 MISC CERT-VN MISC MISC |
| d-link -- dir-130_firmware_version_1.23_and_dir-330_firmware_version_1.12 | D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device. | 2017-12-15 | not yet calculated | CVE-2017-3192 MISC CERT-VN MISC MISC |
| d-link -- multiple_devices | Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | 2017-12-15 | not yet calculated | CVE-2017-3193 BID MISC MISC CERT-VN MISC |
| elemental_path -- cognitoys_dino_smart_toys | Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server. | 2017-12-11 | not yet calculated | CVE-2017-8866 MISC |
| elemental_path -- cognitoys_dino_smart_toys | Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device. | 2017-12-11 | not yet calculated | CVE-2017-8867 MISC |
| elemental_path -- cognitoys_dino_smart_toys | Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device. | 2017-12-11 | not yet calculated | CVE-2017-8865 MISC |
| embedthis -- goahead | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0. | 2017-12-12 | not yet calculated | CVE-2017-17562 MISC MISC |
| emc -- isilon_onefs | In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode. | 2017-12-13 | not yet calculated | CVE-2017-14380 CONFIRM |
| erlang -- erlang | The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack). | 2017-12-12 | not yet calculated | CVE-2017-1000385 MLIST MLIST MLIST BID MISC DEBIAN CERT-VN |
| exiv2 -- exiv2 | There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. | 2017-12-13 | not yet calculated | CVE-2017-17669 MISC |
| ffmpeg -- libswresample | The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. | 2017-12-11 | not yet calculated | CVE-2017-17555 MISC |
| flash_seats -- flash_seats_mobile_app_for_android | Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | 2017-12-15 | not yet calculated | CVE-2017-3190 BID CERT-VN MISC |
| flippa-clone.com -- website_auction_marketplace | Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17592 MISC |
| fontforge -- fontforge | uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534. | 2017-12-14 | not yet calculated | CVE-2017-17521 MISC |
| fortinet -- forticlient_fortios | An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. | 2017-12-13 | not yet calculated | CVE-2017-7738 BID CONFIRM |
| fortinet -- forticlient_windows | A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. | 2017-12-14 | not yet calculated | CVE-2017-7344 BID CONFIRM |
| fortinet -- forticlient | An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. | 2017-12-15 | not yet calculated | CVE-2017-14184 BID CONFIRM |
| fortunescripts.com -- N/A | Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. | 2017-12-13 | not yet calculated | CVE-2017-17642 MISC |
| fs -- amazon_clone | FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. | 2017-12-13 | not yet calculated | CVE-2017-17572 MISC |
| fs -- care_clone | FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. | 2017-12-13 | not yet calculated | CVE-2017-17574 MISC |
| fs -- crowdfunding_clone | FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17578 MISC |
| fs -- expedia_clone | FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter. | 2017-12-13 | not yet calculated | CVE-2017-17570 MISC |
| fs -- expedia_clone | FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17573 MISC |
| fs -- foodpanda_clone | FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter. | 2017-12-13 | not yet calculated | CVE-2017-17571 MISC |
| fs -- freelancer_clone | FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. | 2017-12-13 | not yet calculated | CVE-2017-17579 MISC |
| fs -- gigs_clone | FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. | 2017-12-13 | not yet calculated | CVE-2017-17576 MISC |
| fs -- groupon_clone | FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17575 MISC |
| fs -- grubhub_clone | FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter. | 2017-12-13 | not yet calculated | CVE-2017-17582 MISC |
| fs -- imdb_clone | FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17588 MISC |
| fs -- indiamart_clone | FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter. | 2017-12-13 | not yet calculated | CVE-2017-17587 MISC |
| fs -- linkedin_clone | FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17580 MISC |
| fs -- makemytrip_clone | FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. | 2017-12-13 | not yet calculated | CVE-2017-17584 MISC |
| fs -- monster_clone | FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17585 MISC |
| fs -- olx_clone | FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17586 MISC |
| fs -- quibids_clone | FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17581 MISC |
| fs -- shutterstock_clone | FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter. | 2017-12-13 | not yet calculated | CVE-2017-17583 MISC |
| fs -- stackoverflow_clone | FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter. | 2017-12-13 | not yet calculated | CVE-2017-17590 MISC |
| fs -- thumbtack_clone | FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter. | 2017-12-13 | not yet calculated | CVE-2017-17589 MISC |
| fs -- trademe_clone | FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17577 MISC |
| geomview -- geomview | common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17530 MISC |
| gnu_global -- gnu_global | gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17531 MISC |
| graphicsmagick -- graphicsmagick | ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file. | 2017-12-10 | not yet calculated | CVE-2017-17500 CONFIRM BID CONFIRM |
| graphicsmagick -- graphicsmagick | WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file. | 2017-12-10 | not yet calculated | CVE-2017-17501 CONFIRM BID CONFIRM |
| graphicsmagick -- graphicsmagick | ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file. | 2017-12-10 | not yet calculated | CVE-2017-17502 CONFIRM CONFIRM |
| graphicsmagick -- graphicsmagick | ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file. | 2017-12-10 | not yet calculated | CVE-2017-17503 CONFIRM CONFIRM |
| graphicsmagick -- graphicsmagick | WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 2017-12-10 | not yet calculated | CVE-2017-17498 CONFIRM BID CONFIRM |
| harbor -- harbor | The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | 2017-12-15 | not yet calculated | CVE-2017-17697 MISC |
| hdf5 -- hdf5 | In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | 2017-12-10 | not yet calculated | CVE-2017-17507 MISC |
| hdf5 -- hdf5 | In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | 2017-12-10 | not yet calculated | CVE-2017-17505 MISC |
| hdf5 -- hdf5 | In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | 2017-12-10 | not yet calculated | CVE-2017-17506 MISC |
| hdf5 -- hdf5 | In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file. | 2017-12-10 | not yet calculated | CVE-2017-17509 MISC |
| hdf5 -- hdf5 | In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | 2017-12-10 | not yet calculated | CVE-2017-17508 MISC |
| huawei -- multiple_products | Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe. | 2017-12-11 | not yet calculated | CVE-2014-8358 CONFIRM BID MISC |
ibm -- connections_engagement_center | IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005. | 2017-12-11 | not yet calculated | CVE-2017-1683 CONFIRM BID MISC |
| ibm -- connections | IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954. | 2017-12-11 | not yet calculated | CVE-2017-1613 CONFIRM BID MISC |
| ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915. | 2017-12-13 | not yet calculated | CVE-2017-1546 CONFIRM BID MISC |
| ibm -- financial_transaction_manager_for_multi-platform | IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926. | 2017-12-11 | not yet calculated | CVE-2017-1606 CONFIRM BID MISC |
| ibm -- inotes | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2017-12-13 | not yet calculated | CVE-2017-1421 CONFIRM BID SECTRACK MISC |
| ibm -- jazz_foundation_products | IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619. | 2017-12-11 | not yet calculated | CVE-2017-1507 CONFIRM MISC |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548. | 2017-12-13 | not yet calculated | CVE-2017-1558 CONFIRM MISC |
| ibm -- sterling_file_gateway | IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290. | 2017-12-11 | not yet calculated | CVE-2017-1550 CONFIRM BID MISC |
| ibm -- sterling_file_gateway | IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289. | 2017-12-11 | not yet calculated | CVE-2017-1549 CONFIRM BID MISC |
| ibm -- sterling_file_gateway | IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288. | 2017-12-11 | not yet calculated | CVE-2017-1548 CONFIRM BID MISC |
| ibm -- sterling_file_gateway | IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178. | 2017-12-11 | not yet calculated | CVE-2017-1632 CONFIRM BID MISC |
| ibm -- support_tools_for_lotus_wcm | IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733. | 2017-12-11 | not yet calculated | CVE-2017-1536 CONFIRM BID MISC |
| ibm -- tivoli_monitoring | IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243. | 2017-12-13 | not yet calculated | CVE-2017-1635 CONFIRM BID MISC |
| ibm -- tivoli_workload_scheduler | IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638. | 2017-12-13 | not yet calculated | CVE-2017-1716 CONFIRM BID MISC |
| ibm -- websphere_mq | IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. | 2017-12-11 | not yet calculated | CVE-2017-1760 CONFIRM MISC |
| icu -- international_components_for_unicode_for_c/c++ | The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. | 2017-12-10 | not yet calculated | CVE-2017-17484 MISC MISC MISC MISC MISC MISC |
| idevicerestore -- idevicerestore | The socket_create function in socket.c in idevicerestore through 2017-12-10 allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket, a similar issue to CVE-2016-5104. | 2017-12-10 | not yet calculated | CVE-2017-17496 MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call. | 2017-12-14 | not yet calculated | CVE-2017-17682 CONFIRM |
| imagemagick -- imagemagick | ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage. | 2017-12-10 | not yet calculated | CVE-2017-17504 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file. | 2017-12-14 | not yet calculated | CVE-2017-17680 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. | 2017-12-14 | not yet calculated | CVE-2017-17681 CONFIRM |
| imagemagick -- imagemagick | ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. | 2017-12-10 | not yet calculated | CVE-2017-17499 BID CONFIRM CONFIRM CONFIRM |
| intel -- graphics_driver | Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access. | 2017-12-12 | not yet calculated | CVE-2017-5717 CONFIRM |
| k7 -- antivirus_15.1.0309 | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request. | 2017-12-15 | not yet calculated | CVE-2017-17700 MISC |
| k7 -- antivirus_15.1.0309 | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request. | 2017-12-15 | not yet calculated | CVE-2017-17701 MISC |
| k7 -- antivirus_15.1.0309 | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request. | 2017-12-15 | not yet calculated | CVE-2017-17699 MISC |
| kaspersky -- embedded_systems_security | Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation. | 2017-12-08 | not yet calculated | CVE-2017-12823 BID CONFIRM |
| kildclient -- kildclient | KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c. | 2017-12-14 | not yet calculated | CVE-2017-17511 MISC |
| kiwi -- kiwi | examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17532 MISC |
| landesk -- management_suite | In LANDESK Management Suite 2016.4 and 2017.x, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc. | 2017-12-11 | not yet calculated | CVE-2017-11463 MISC |
| legion_of_the_bouncy_castle -- bouncycastle_tls | BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." | 2017-12-12 | not yet calculated | CVE-2017-13098 CERT-VN BID CONFIRM MISC |
| lib/ecstatic.js -- lib/ecstatic.js | A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string. | 2017-12-14 | not yet calculated | CVE-2016-10703 MISC MISC |
| lilypond -- lilypond | lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. | 2017-12-11 | not yet calculated | CVE-2017-17523 MISC MISC MISC |
| linux -- kernel | The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device. | 2017-12-12 | not yet calculated | CVE-2017-17558 MISC MISC |
| linux -- kernel | The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges. | 2017-12-15 | not yet calculated | CVE-2017-17712 CONFIRM CONFIRM |
| linux -- kernel | The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. | 2017-12-11 | not yet calculated | CVE-2017-1000407 MLIST BID CONFIRM MLIST |
| maplesoft -- maple_t.a. | A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688. | 2017-12-16 | not yet calculated | CVE-2017-14134 MISC |
| mathias_kettner -- check_mk | A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page. | 2017-12-11 | not yet calculated | CVE-2017-11507 CONFIRM MISC |
| mckesson_medical_imaging_company -- conserus_image_repository_archive_solution | A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker. | 2017-12-15 | not yet calculated | CVE-2017-14101 MISC |
| mckesson_medical_imaging_company -- conserus_workflow_intelligence_application | Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users. | 2017-12-15 | not yet calculated | CVE-2017-16776 MISC |
| meinberg -- lantime_devices | Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | 2017-12-15 | not yet calculated | CVE-2017-16788 FULLDISC |
| meinberg -- lantime_devices | The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. | 2017-12-15 | not yet calculated | CVE-2017-16787 FULLDISC FULLDISC |
| mensis -- mensis | uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521. | 2017-12-14 | not yet calculated | CVE-2017-17534 MISC |
| metview -- metview | etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17515 MISC |
| micro_focus -- project_and_portfolio_management_center | Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack. | 2017-12-12 | not yet calculated | CVE-2017-14361 CONFIRM |
| micro_focus -- project_and_portfolio_management_center | Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. | 2017-12-12 | not yet calculated | CVE-2017-14362 CONFIRM |
| microsoft -- chakracore | ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11916 BID CONFIRM |
microsoft -- device_guard | Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability". | 2017-12-12 | not yet calculated | CVE-2017-11899 BID SECTRACK CONFIRM |
| microsoft -- exchance_server | Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". | 2017-12-12 | not yet calculated | CVE-2017-11932 BID SECTRACK CONFIRM |
microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919. | 2017-12-12 | not yet calculated | CVE-2017-11887 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11901 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11903 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11913 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11907 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919. | 2017-12-12 | not yet calculated | CVE-2017-11906 BID SECTRACK CONFIRM |
| microsoft -- malware_protection_engine | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937. | 2017-12-08 | not yet calculated | CVE-2017-11940 BID SECTRACK CONFIRM |
microsoft -- multiple_products | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". | 2017-12-12 | not yet calculated | CVE-2017-11888 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11912 BID SECTRACK SECTRACK CONFIRM |
microsoft -- multiple_products | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11893 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11918 BID SECTRACK CONFIRM |
microsoft -- multiple_products | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11894 BID SECTRACK SECTRACK CONFIRM |
microsoft -- multiple_products | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11895 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- multiple_products | ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11911 BID SECTRACK CONFIRM |
microsoft -- multiple_products | Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11890 BID SECTRACK CONFIRM |
microsoft -- multiple_products | ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11889 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11909 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11910 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11908 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11914 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916. | 2017-12-12 | not yet calculated | CVE-2017-11930 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11905 BID SECTRACK CONFIRM |
| microsoft -- multiple_products | ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906. | 2017-12-12 | not yet calculated | CVE-2017-11919 BID SECTRACK CONFIRM |
| microsoft -- office_2016_click-to-run | Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". | 2017-12-12 | not yet calculated | CVE-2017-11935 BID SECTRACK CONFIRM |
| microsoft -- office_2016_click-to-run | Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability". | 2017-12-12 | not yet calculated | CVE-2017-11939 BID SECTRACK CONFIRM |
| microsoft -- office | Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability". | 2017-12-12 | not yet calculated | CVE-2017-11934 BID SECTRACK CONFIRM |
| microsoft -- sharepoint_enterprise_server_2016 | Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | 2017-12-12 | not yet calculated | CVE-2017-11936 BID SECTRACK CONFIRM |
microsoft -- windows | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability". | 2017-12-12 | not yet calculated | CVE-2017-11885 BID SECTRACK CONFIRM |
microsoft -- windows | Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | 2017-12-12 | not yet calculated | CVE-2017-11886 BID SECTRACK CONFIRM |
| microsoft -- windows | Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability". | 2017-12-12 | not yet calculated | CVE-2017-11927 BID SECTRACK CONFIRM |
| mikrotik -- multiple_devices | MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. | 2017-12-13 | not yet calculated | CVE-2017-17538 EXPLOIT-DB |
| mikrotik -- routerboard | MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS. | 2017-12-13 | not yet calculated | CVE-2017-17537 EXPLOIT-DB |
| mobotap -- dolphin_browser_for_android | The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. Every time the Dolphin Browser is launched, it will attempt to run the malicious executable from disk, thus executing the attacker's code. | 2017-12-11 | not yet calculated | CVE-2017-17551 MISC |
| mobotap -- dolphin_browser_for_android | The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser. | 2017-12-11 | not yet calculated | CVE-2017-17553 MISC |
| nip2 -- nip2 | ** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable. | 2017-12-14 | not yet calculated | CVE-2017-17514 MISC |
| node.js -- node.js | Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption. | 2017-12-11 | not yet calculated | CVE-2017-15896 CONFIRM |
| node.js -- node.js | Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases. | 2017-12-11 | not yet calculated | CVE-2017-15897 CONFIRM |
| ocaml -- ocaml_batteries_included | batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17519 MISC |
| octopus -- octopus_deploy | In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access. | 2017-12-13 | not yet calculated | CVE-2017-17665 CONFIRM |
| openstack -- openstack | A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. | 2017-12-12 | not yet calculated | CVE-2017-12155 CONFIRM CONFIRM |
| palo_alto_networks -- globalprotect_agent | Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking." | 2017-12-11 | not yet calculated | CVE-2017-15870 BID CONFIRM |
| palo_alto_networks -- pan-os | The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | 2017-12-11 | not yet calculated | CVE-2017-15943 BID SECTRACK CONFIRM |
| palo_alto_networks -- pan-os | Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface. | 2017-12-11 | not yet calculated | CVE-2017-15942 BID SECTRACK CONFIRM |
| palo_alto_networks -- pan-os | The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 2017-12-11 | not yet calculated | CVE-2017-15940 BID SECTRACK CONFIRM |
| palo_alto_networks -- pan-os | Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. | 2017-12-11 | not yet calculated | CVE-2017-15944 BID SECTRACK CONFIRM |
| panda_security -- panda_global_protection | Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request. | 2017-12-14 | not yet calculated | CVE-2017-17684 MISC |
| panda_security -- panda_global_protection | Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request. | 2017-12-14 | not yet calculated | CVE-2017-17683 MISC |
| pandora -- ios_app | Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | 2017-12-15 | not yet calculated | CVE-2017-3194 BID MISC CERT-VN MISC |
| pasdoc -- pasdoc | ** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used. | 2017-12-14 | not yet calculated | CVE-2017-17527 MISC |
| pcausa -- rawether_framework | PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges. | 2017-12-15 | not yet calculated | CVE-2017-3196 MISC BID MISC CERT-VN |
| phabricator -- phabricator | Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring. | 2017-12-11 | not yet calculated | CVE-2017-17536 MISC MISC |
| phoenix_contact -- fl_comserver | A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution. | 2017-12-11 | not yet calculated | CVE-2017-16723 BID MISC MISC |
| phpscriptsmall.com -- advance_b2b_script | Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17602 MISC |
| phpscriptsmall.com -- advance_online_learning_managment_script | Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17599 MISC |
| phpscriptsmall.com -- advanced_real_estate_script | Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter. | 2017-12-13 | not yet calculated | CVE-2017-17603 MISC |
| phpscriptsmall.com -- advanced_world_database | Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. | 2017-12-13 | not yet calculated | CVE-2017-17640 MISC |
| phpscriptsmall.com -- affiliate_mlm_script | Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. | 2017-12-13 | not yet calculated | CVE-2017-17598 MISC |
| phpscriptsmall.com -- basic_b2b_script | Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17600 MISC |
| phpscriptsmall.com -- beauty_parlour_booking_script | Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17595 MISC |
| phpscriptsmall.com -- cab_booking_script | Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17601 MISC |
| phpscriptsmall.com -- car_rental_script | Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. | 2017-12-13 | not yet calculated | CVE-2017-17637 MISC |
| phpscriptsmall.com -- chartered_accountant_booking_script | Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17609 MISC |
| phpscriptsmall.com -- child_care_script | Child Care Script 1.0 has SQL Injection via the /list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17608 MISC |
| phpscriptsmall.com -- cms_auditor_website | CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. | 2017-12-13 | not yet calculated | CVE-2017-17607 MISC |
| phpscriptsmall.com -- co-work_space_search_script | Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17606 MISC |
| phpscriptsmall.com -- consumer_complaints_clone_script | Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17605 MISC |
| phpscriptsmall.com -- doctor_search_script | Doctor Search Script 1.0 has SQL Injection via the /list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17611 MISC |
| phpscriptsmall.com -- domainsale_php_script | DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17594 MISC |
| phpscriptsmall.com -- e-commerce_mlm_software | E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17610 MISC |
| phpscriptsmall.com -- entrepreneur_bus_booking_script | Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. | 2017-12-13 | not yet calculated | CVE-2017-17604 MISC |
| phpscriptsmall.com -- entrepreneur_dating_script | Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17648 EXPLOIT-DB |
| phpscriptsmall.com -- entrepreneur_job_portal_script | Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. | 2017-12-13 | not yet calculated | CVE-2017-17596 MISC |
| phpscriptsmall.com -- event_search_script | Event Search Script 1.0 has SQL Injection via the /event-list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17616 MISC |
phpscriptsmall.com -- facebook_clone_script | Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17615 MISC |
| phpscriptsmall.com -- food_order_script | Food Order Script 1.0 has SQL Injection via the /list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17614 MISC |
| phpscriptsmall.com -- foodspotting_clone_script | Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. | 2017-12-13 | not yet calculated | CVE-2017-17617 MISC |
| phpscriptsmall.com -- freelance_website_script | Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17613 MISC |
| phpscriptsmall.com -- groupon_clone_script | Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17638 MISC |
| phpscriptsmall.com -- hot_scripts_clone | Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17612 MISC |
| phpscriptsmall.com -- kickstarter_clone_script | Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17618 MISC |
| phpscriptsmall.com -- laundry_booking_script | Laundry Booking Script 1.0 has SQL Injection via the /list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17619 MISC MISC |
| phpscriptsmall.com -- lawyer_search_script | Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17620 MISC |
| phpscriptsmall.com -- mlm_forced_matrix | MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17636 MISC |
| phpscriptsmall.com -- mlm_forex_market_plan_script | MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17635 MISC |
| phpscriptsmall.com -- multiplex_movie_theater_booking_script | Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17633 MISC |
| phpscriptsmall.com -- multireligion_responsive_matrimonial | Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17631 MISC |
| phpscriptsmall.com -- multivendor_penny_auction_clone_script | Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI. | 2017-12-13 | not yet calculated | CVE-2017-17621 MISC MISC |
| phpscriptsmall.com -- muslim_matrimonial_script | Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17639 MISC |
| phpscriptsmall.com -- nearbuy_clone_script | Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. | 2017-12-13 | not yet calculated | CVE-2017-17597 MISC |
| phpscriptsmall.com -- online_exam_test_application_script | Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter. | 2017-12-13 | not yet calculated | CVE-2017-17622 MISC MISC |
| phpscriptsmall.com -- opensource_classified_ads_script | Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter. | 2017-12-13 | not yet calculated | CVE-2017-17623 MISC |
| phpscriptsmall.com -- php_multivendor_ecommerce | PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter. | 2017-12-13 | not yet calculated | CVE-2017-17624 MISC |
| phpscriptsmall.com -- professional_service_script | Professional Service Script 1.0 has SQL Injection via the service-list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17625 MISC |
| phpscriptsmall.com -- readymade_php_classified_script | Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17626 MISC |
| phpscriptsmall.com -- readymade_video_sharing_script | Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. | 2017-12-13 | not yet calculated | CVE-2017-17627 MISC |
| phpscriptsmall.com -- responsive_events_and_movie_ticket_booking_script | Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | 2017-12-13 | not yet calculated | CVE-2017-17632 MISC |
| phpscriptsmall.com -- responsive_realestate_script | Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter. | 2017-12-13 | not yet calculated | CVE-2017-17628 MISC |
| phpscriptsmall.com -- resume_clone_script | Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. | 2017-12-13 | not yet calculated | CVE-2017-17641 MISC |
| phpscriptsmall.com -- secure_e-commerce_script | Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter. | 2017-12-13 | not yet calculated | CVE-2017-17629 MISC |
| phpscriptsmall.com -- single_theater_booking_script | Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | 2017-12-13 | not yet calculated | CVE-2017-17634 MISC |
| phpscriptsmall.com -- yoga_class_script | Yoga Class Script 1.0 has SQL Injection via the /list city parameter. | 2017-12-13 | not yet calculated | CVE-2017-17630 MISC |
| phusion_passenger -- phusion_passenger | In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml. | 2017-12-14 | not yet calculated | CVE-2017-16355 CONFIRM CONFIRM |
| posty -- readymade_classifieds_script | Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request. | 2017-12-11 | not yet calculated | CVE-2017-17111 MISC |
| posty -- scubez_posty_readymade_classifieds | Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. | 2017-12-13 | not yet calculated | CVE-2017-17567 MISC |
| posty -- scubez_posty_readymade_classifieds | Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter. | 2017-12-13 | not yet calculated | CVE-2017-17569 MISC |
| posty -- scubez_posty_readymade_classifieds | Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | 2017-12-13 | not yet calculated | CVE-2017-17568 MISC |
ppm_2000 -- perspective_icm | Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms. | 2017-12-11 | not yet calculated | CVE-2017-11319 MISC |
| puppet -- puppet_enterprise | Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect. | 2017-12-11 | not yet calculated | CVE-2015-6502 CONFIRM |
| puppet -- puppet_enterprise | The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 2017-12-11 | not yet calculated | CVE-2015-8470 CONFIRM |
| puppet -- puppetlabs-apache | The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | 2017-12-11 | not yet calculated | CVE-2014-3250 CONFIRM CONFIRM |
| python -- python | Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17522 MISC |
| qnap -- qsync_for_windows | A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines. | 2017-12-11 | not yet calculated | CVE-2017-13070 CONFIRM |
| qt_company -- qt_for_android | A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. | 2017-12-15 | not yet calculated | CVE-2017-10905 CONFIRM JVN |
| qt_company -- qt_for_android | Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2017-12-15 | not yet calculated | CVE-2017-10904 CONFIRM JVN |
| radware -- alteon_devices | Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations. | 2017-12-13 | not yet calculated | CVE-2017-17427 BID MISC CONFIRM CERT-VN |
| rapid7 -- nexpose | Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack. | 2017-12-14 | not yet calculated | CVE-2017-5264 CONFIRM |
| reddit -- reddit_terminal_viewer | scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17516 MISC |
| ruby -- ruby | Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. | 2017-12-15 | not yet calculated | CVE-2017-17405 CONFIRM CONFIRM |
| sap -- business_intelligence_promotion_management_application | Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded. | 2017-12-12 | not yet calculated | CVE-2017-16681 BID CONFIRM CONFIRM |
| sap -- business_intelligence_promotion_management_application | SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | 2017-12-12 | not yet calculated | CVE-2017-16684 BID CONFIRM CONFIRM |
| sap -- business_objects_platform | Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service. | 2017-12-12 | not yet calculated | CVE-2017-16683 BID CONFIRM CONFIRM |
| sap -- business_warehouse_universal_data_integration | Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs. | 2017-12-12 | not yet calculated | CVE-2017-16685 BID CONFIRM CONFIRM |
| sap -- hana | The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid. | 2017-12-12 | not yet calculated | CVE-2017-16687 BID CONFIRM CONFIRM |
| sap -- hana | Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct. | 2017-12-12 | not yet calculated | CVE-2017-16680 BID CONFIRM CONFIRM |
| sap -- kernel | A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. | 2017-12-12 | not yet calculated | CVE-2017-16689 BID CONFIRM CONFIRM |
| sap -- netweaver_internet_transaction_server | SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | 2017-12-12 | not yet calculated | CVE-2017-16682 BID CONFIRM CONFIRM |
| sap -- netweaver_knowledge_management_configuration_service | Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | 2017-12-12 | not yet calculated | CVE-2017-16678 BID CONFIRM CONFIRM |
| sap -- note_assistant_tool | SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted. | 2017-12-12 | not yet calculated | CVE-2017-16691 CONFIRM CONFIRM |
| sap -- plant_connectivity | A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed. | 2017-12-12 | not yet calculated | CVE-2017-16690 BID CONFIRM CONFIRM |
| sap -- startup_service | URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site. | 2017-12-12 | not yet calculated | CVE-2017-16679 BID CONFIRM CONFIRM |
| scummvm -- scummvm | backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17528 MISC |
| seacms -- seacms | SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php. | 2017-12-12 | not yet calculated | CVE-2017-17561 MISC MISC |
| sensible-utils -- sensible-utils | sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. | 2017-12-11 | not yet calculated | CVE-2017-17512 MISC MISC |
| sinology -- mailplus_server | Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | 2017-12-15 | not yet calculated | CVE-2017-15890 CONFIRM |
| swi-prolog -- swi-prolog | library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17524 MISC |
| sylpheed -- sylpheed | libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17517 MISC |
| symantec -- norton_family_android_app | Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings. | 2017-12-13 | not yet calculated | CVE-2017-15530 BID CONFIRM |
| symantec -- norton_family_android_app | Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network. | 2017-12-13 | not yet calculated | CVE-2017-15529 BID CONFIRM |
| synaptics -- touchpad_drivers | A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys. | 2017-12-15 | not yet calculated | CVE-2017-17556 HP CONFIRM MISC |
| techno -- portfolio_management_panel | Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. | 2017-12-11 | not yet calculated | CVE-2017-17110 MISC |
| techno -- portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | 2017-12-15 | not yet calculated | CVE-2017-17695 MISC |
| techno -- portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php. | 2017-12-15 | not yet calculated | CVE-2017-17696 MISC |
| techno -- portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. | 2017-12-15 | not yet calculated | CVE-2017-17694 MISC |
| techno -- portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback. | 2017-12-15 | not yet calculated | CVE-2017-17693 MISC |
| telegram – telegram_messenger | The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | 2017-12-16 | not yet calculated | CVE-2017-17715 MISC |
| tex_live -- tex_live | TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua. | 2017-12-14 | not yet calculated | CVE-2017-17513 MISC |
| tibbr -- tibbr_community_and_tibbr_enterprise | The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0. | 2017-12-12 | not yet calculated | CVE-2017-5530 CONFIRM |
| tibbr -- tibbr_community_and_tibbr_enterprise | The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0. | 2017-12-12 | not yet calculated | CVE-2017-5534 CONFIRM |
| tibco -- businessworks_process_monitor | Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface. | 2017-12-10 | not yet calculated | CVE-2017-16789 MISC |
| tidy -- tidy | In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value. | 2017-12-10 | not yet calculated | CVE-2017-17497 CONFIRM |
| tin -- tin | ** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs." | 2017-12-14 | not yet calculated | CVE-2017-17520 MISC |
| tkabber -- tkabber | default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17533 MISC |
| trend_micro -- encryption_for_mail | A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. | 2017-12-15 | not yet calculated | CVE-2017-11397 MISC CONFIRM |
| trend_micro -- scanmail_for_exchange | The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. | 2017-12-15 | not yet calculated | CVE-2017-14093 CONFIRM MISC |
| trend_micro -- scanmail_for_exchange | The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | 2017-12-15 | not yet calculated | CVE-2017-14092 CONFIRM MISC |
| trend_micro -- scanmail_for_exchange | A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted. | 2017-12-15 | not yet calculated | CVE-2017-14090 CONFIRM MISC |
| trend_micro -- scanmail_for_exchange | A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. | 2017-12-15 | not yet calculated | CVE-2017-14091 CONFIRM MISC |
| vbulletin -- vbulletin | vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. | 2017-12-13 | not yet calculated | CVE-2017-17671 MISC |
| vbulletin -- vbulletin | In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates. | 2017-12-13 | not yet calculated | CVE-2017-17672 MISC |
| videolan -- vlc_media_player | In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. | 2017-12-15 | not yet calculated | CVE-2017-17670 MISC |
| vmware -- airwatch_console | VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator. | 2017-12-12 | not yet calculated | CVE-2017-4942 BID SECTRACK CONFIRM |
| vmware -- vasa_provider | Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials. | 2017-12-11 | not yet calculated | CVE-2016-6904 CONFIRM |
| western_digital -- mycloud_pr4100_2.30.172_devices | An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root. | 2017-12-12 | not yet calculated | CVE-2017-17560 MISC MISC |
| white_dune -- white_dune | swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17518 MISC |
| wolfssl -- wolfssl | wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT." | 2017-12-12 | not yet calculated | CVE-2017-13099 CERT-VN BID CONFIRM MISC |
| xen -- xen | An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. | 2017-12-12 | not yet calculated | CVE-2017-17563 CONFIRM CONFIRM |
| xen -- xen | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P. | 2017-12-12 | not yet calculated | CVE-2017-17565 CONFIRM CONFIRM |
| xen -- xen | An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. | 2017-12-12 | not yet calculated | CVE-2017-17566 CONFIRM CONFIRM |
xen -- xen | An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode. | 2017-12-12 | not yet calculated | CVE-2017-17564 CONFIRM CONFIRM |
| xtuple_postbooks -- xtuple_postbooks | guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 2017-12-14 | not yet calculated | CVE-2017-17525 MISC |
| yourphpscript.com -- simple_chatting_system | Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. | 2017-12-13 | not yet calculated | CVE-2017-17593 MISC |
| zoho -- manageengine_password_manager_pro_9 | Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | 2017-12-15 | not yet calculated | CVE-2017-17698 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2Bt5FXz