SB18-001: Vulnerability Summary for the Week of December 25, 2017
Original release date: January 01, 2018
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://ift.tt/2lAkMHu
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-25 | 9.3 | CVE-2017-13861 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-25 | 9.3 | CVE-2017-13862 BID SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-25 | 9.3 | CVE-2017-13867 BID SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-25 | 9.3 | CVE-2017-13876 BID SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-27 | 9.3 | CVE-2017-7162 CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-25 | 9.3 | CVE-2017-13847 BID SECTRACK SECTRACK CONFIRM CONFIRM EXPLOIT-DB |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-25 | 9.3 | CVE-2017-13879 BID SECTRACK CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-12-25 | 9.3 | CVE-2017-13848 BID SECTRACK CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-12-25 | 9.3 | CVE-2017-13858 BID SECTRACK CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app. | 2017-12-25 | 9.3 | CVE-2017-13875 BID SECTRACK CONFIRM EXPLOIT-DB |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-25 | 9.3 | CVE-2017-13883 BID SECTRACK CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-27 | 9.3 | CVE-2017-7155 CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-27 | 9.3 | CVE-2017-7159 CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-12-27 | 9.3 | CVE-2017-7163 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. | 2017-12-27 | 7.1 | CVE-2017-17914 CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion. | 2017-12-25 | 4.3 | CVE-2017-13855 BID SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-12-25 | 6.8 | CVE-2017-13856 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-12-25 | 4.3 | CVE-2017-13865 BID SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-12-25 | 6.8 | CVE-2017-13866 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-12-25 | 4.3 | CVE-2017-13868 BID SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-12-25 | 4.3 | CVE-2017-13869 BID SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-12-25 | 6.8 | CVE-2017-13870 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door. | 2017-12-25 | 5.0 | CVE-2017-13903 BID SECTRACK CONFIRM CONFIRM MISC |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash). | 2017-12-27 | 5.6 | CVE-2017-7154 CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-12-27 | 6.8 | CVE-2017-7156 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-12-27 | 6.8 | CVE-2017-7157 BID SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-12-27 | 6.8 | CVE-2017-7160 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- icloud | An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates. | 2017-12-25 | 4.3 | CVE-2017-13864 BID SECTRACK CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption. | 2017-12-25 | 4.3 | CVE-2017-13860 BID SECTRACK SECTRACK CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection. | 2017-12-25 | 5.0 | CVE-2017-13874 BID SECTRACK CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site. | 2017-12-27 | 4.3 | CVE-2017-7152 CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient. | 2017-12-25 | 5.0 | CVE-2017-13871 BID SECTRACK CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash). | 2017-12-25 | 5.6 | CVE-2017-13878 BID SECTRACK CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access. | 2017-12-27 | 6.8 | CVE-2017-7158 CONFIRM |
| graphicsmagick -- graphicsmagick | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. | 2017-12-27 | 6.8 | CVE-2017-17912 CONFIRM CONFIRM |
| graphicsmagick -- graphicsmagick | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. | 2017-12-27 | 6.8 | CVE-2017-17913 CONFIRM CONFIRM |
| graphicsmagick -- graphicsmagick | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. | 2017-12-27 | 6.8 | CVE-2017-17915 CONFIRM CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. | 2017-12-27 | 6.8 | CVE-2017-17879 BID CONFIRM DEBIAN |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. | 2017-12-27 | 6.8 | CVE-2017-17880 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. | 2017-12-27 | 4.3 | CVE-2017-17881 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. | 2017-12-27 | 4.3 | CVE-2017-17882 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. | 2017-12-27 | 4.3 | CVE-2017-17883 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. | 2017-12-27 | 4.3 | CVE-2017-17884 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. | 2017-12-27 | 4.3 | CVE-2017-17885 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. | 2017-12-27 | 4.3 | CVE-2017-17886 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. | 2017-12-27 | 4.3 | CVE-2017-17887 CONFIRM |
| imagemagick -- imagemagick | ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. | 2017-12-27 | 5.0 | CVE-2017-17934 CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 2daybiz.com -- readymade_job_site_script | Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | 2017-12-27 | not yet calculated | CVE-2017-17895 MISC |
| 2daybiz.com -- readymade_job_site_script | Readymade Job Site Script has CSRF via the /job URI. | 2017-12-27 | not yet calculated | CVE-2017-17894 MISC |
| 2daybiz.com -- readymade_job_site_script | Readymade Job Site Script has XSS via the keyword parameter to the /job URI. | 2017-12-27 | not yet calculated | CVE-2017-17896 MISC |
| airlive -- multiple_products | cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests. | 2017-12-27 | not yet calculated | CVE-2014-8389 MISC FULLDISC BUGTRAQ BID MISC |
| allmediaserver -- allplayer | A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888. | 2017-12-28 | not yet calculated | CVE-2017-17932 EXPLOIT-DB |
| anti-web -- anti-web | cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. | 2017-12-27 | not yet calculated | CVE-2017-17888 MISC MISC MISC |
| apache -- flexblaze_ds | Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution. | 2017-12-28 | not yet calculated | CVE-2017-5641 MLIST BID SECTRACK CONFIRM CERT-VN |
| archon -- archon | packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. | 2017-12-27 | not yet calculated | CVE-2017-17911 MISC |
| artifex -- mupdf | pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. | 2017-12-27 | not yet calculated | CVE-2017-17866 CONFIRM CONFIRM |
| asterisk -- asterisk | An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point. | 2017-12-27 | not yet calculated | CVE-2017-17850 CONFIRM SECTRACK CONFIRM |
| auth0/passport-wsfed-saml2_library -- auth0/passport-wsfed-saml2_library | A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response). | 2017-12-27 | not yet calculated | CVE-2017-16897 CONFIRM |
| ba_systems -- bas_web | BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account. | 2017-12-29 | not yet calculated | CVE-2017-17974 MISC MISC |
| biometric_shift_employee_management_system -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | 2017-12-29 | not yet calculated | CVE-2017-17995 MISC |
| biometric_shift_employee_management_system -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | 2017-12-29 | not yet calculated | CVE-2017-17993 MISC |
| biometric_shift_employee_management_system -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | 2017-12-29 | not yet calculated | CVE-2017-17990 MISC |
| biometric_shift_employee_management_system -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | 2017-12-29 | not yet calculated | CVE-2017-17991 MISC |
| biometric_shift_employee_management_system -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | 2017-12-29 | not yet calculated | CVE-2017-17989 MISC |
| biometric_shift_employee_management_system -- biometric_shift_employee_management_system | Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | 2017-12-29 | not yet calculated | CVE-2017-17992 MISC |
| biometric_shift_employee_management_system -- biometric_shift_employee_management_system | Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | 2017-12-29 | not yet calculated | CVE-2017-17994 MISC |
| biometric_shift_employee_management_system -- biometric_shift_employee_management_system | Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | 2017-12-27 | not yet calculated | CVE-2017-17876 EXPLOIT-DB |
| cells -- cells_blog | Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | 2017-12-28 | not yet calculated | CVE-2017-17950 MISC |
| cells -- cells_blog | Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. | 2017-12-28 | not yet calculated | CVE-2017-17949 MISC |
| cells -- cells_blog | Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. | 2017-12-28 | not yet calculated | CVE-2017-17948 MISC |
| dolibarr -- erp/crm | SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | 2017-12-27 | not yet calculated | CVE-2017-17900 CONFIRM |
| dolibarr -- erp/crm | Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | 2017-12-27 | not yet calculated | CVE-2017-17898 CONFIRM CONFIRM |
| dolibarr -- erp/crm | SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | 2017-12-27 | not yet calculated | CVE-2017-17899 CONFIRM |
| dolibarr -- erp/crm | SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 2017-12-27 | not yet calculated | CVE-2017-17897 CONFIRM |
| dolibarr -- erp/crm | The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | 2017-12-29 | not yet calculated | CVE-2017-17971 MISC |
| dozer -- dozer | Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object. | 2017-12-29 | not yet calculated | CVE-2014-9515 CONFIRM MISC MISC |
| enigmail -- enigmail | An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001. | 2017-12-27 | not yet calculated | CVE-2017-17845 MISC MISC DEBIAN MISC |
| enigmail -- enigmail | An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002. | 2017-12-27 | not yet calculated | CVE-2017-17843 MISC MISC DEBIAN MISC |
| enigmail -- enigmail | An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format. | 2017-12-27 | not yet calculated | CVE-2017-17847 MISC MISC MISC DEBIAN MISC |
| enigmail -- enigmail | An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text. | 2017-12-27 | not yet calculated | CVE-2017-17848 MISC MISC DEBIAN |
| enigmail -- enigmail | An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003. | 2017-12-27 | not yet calculated | CVE-2017-17846 MISC MISC DEBIAN MISC |
| enigmail -- enigmail | An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 "replay" issue. | 2017-12-27 | not yet calculated | CVE-2017-17844 MISC MISC DEBIAN MISC |
| ffmpeg -- ffmpeg | The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. | 2017-12-27 | not yet calculated | CVE-2017-9608 MLIST MLIST BID CONFIRM CONFIRM CONFIRM DEBIAN |
| flexsense -- sysguage_server | In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221. | 2017-12-28 | not yet calculated | CVE-2017-15667 EXPLOIT-DB |
| fortunescripts.com -- fs_lynda_clone | FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | 2017-12-27 | not yet calculated | CVE-2017-17903 MISC |
| fortunescripts.com -- fs_lynda_clone | FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. | 2017-12-27 | not yet calculated | CVE-2017-17904 MISC |
| getgo_software -- getgo_download_manager | A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response. | 2017-12-27 | not yet calculated | CVE-2017-17849 MISC EXPLOIT-DB |
| google -- play | XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data. | 2017-12-29 | not yet calculated | CVE-2014-3630 CONFIRM CONFIRM MISC CONFIRM |
| hoermann -- bisecur_devices | On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices. | 2017-12-29 | not yet calculated | CVE-2017-17910 MISC MISC |
| ibm -- rational_collaborative_lifecycle_managment | An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661. | 2017-12-27 | not yet calculated | CVE-2017-1191 CONFIRM MISC |
| ibm -- team_concert | IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858. | 2017-12-27 | not yet calculated | CVE-2017-1365 CONFIRM MISC |
| ibm -- websphere_portal | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390. | 2017-12-27 | not yet calculated | CVE-2017-1698 CONFIRM BID SECTRACK MISC |
| jboss -- keycloak | JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation. | 2017-12-29 | not yet calculated | CVE-2014-3651 CONFIRM CONFIRM |
| joomla! -- joomla! | The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action. | 2017-12-27 | not yet calculated | CVE-2017-17875 EXPLOIT-DB |
| joomla! -- joomla! | The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter. | 2017-12-27 | not yet calculated | CVE-2017-17871 EXPLOIT-DB |
| joomla! -- joomla! | The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. | 2017-12-27 | not yet calculated | CVE-2017-17870 MISC EXPLOIT-DB |
| joomla! -- joomla! | Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment. | 2017-12-27 | not yet calculated | CVE-2015-7324 FULLDISC CONFIRM MISC |
| joomla! -- joomla! | The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. | 2017-12-27 | not yet calculated | CVE-2017-17872 EXPLOIT-DB |
| kingsoft -- wps_office | pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482. | 2017-12-28 | not yet calculated | CVE-2017-17967 MISC |
| libtiff -- libtiff | In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. | 2017-12-28 | not yet calculated | CVE-2017-17942 MISC BID |
| libtiff -- libtiff | In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. | 2017-12-29 | not yet calculated | CVE-2017-17973 MISC |
| liferay -- liferay_portal | In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | 2017-12-27 | not yet calculated | CVE-2017-17868 MISC |
| linux -- linux_kernel | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations. | 2017-12-27 | not yet calculated | CVE-2017-17853 MISC MISC MISC |
| linux -- linux_kernel | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service. | 2017-12-27 | not yet calculated | CVE-2017-17862 MISC SECTRACK MISC MISC DEBIAN MISC |
| linux -- linux_kernel | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. | 2017-12-27 | not yet calculated | CVE-2017-17854 MISC MISC MISC |
| linux -- linux_kernel | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. | 2017-12-27 | not yet calculated | CVE-2017-17856 MISC MISC MISC |
| linux -- linux_kernel | The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. | 2017-12-27 | not yet calculated | CVE-2017-17857 MISC MISC MISC |
| linux -- linux_kernel | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. | 2017-12-27 | not yet calculated | CVE-2017-17855 MISC MISC MISC |
| linux -- linux_kernel | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops. | 2017-12-27 | not yet calculated | CVE-2017-17852 MISC MISC MISC |
| linux -- linux_kernel | kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact. | 2017-12-27 | not yet calculated | CVE-2017-17863 SECTRACK MISC DEBIAN MISC |
| linux -- linux_kernel | Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. | 2017-12-29 | not yet calculated | CVE-2017-17975 MISC |
| linux -- linux_kernel | The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension. | 2017-12-27 | not yet calculated | CVE-2017-16995 MISC MISC BID MISC MISC DEBIAN |
| linux -- linux_kernel | The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | 2017-12-29 | not yet calculated | CVE-2016-3695 CONFIRM CONFIRM |
| linux -- linux_kernel | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling. | 2017-12-27 | not yet calculated | CVE-2017-16996 MISC MISC BID MISC MISC |
| linux -- linux_kernel | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." | 2017-12-27 | not yet calculated | CVE-2017-17864 SECTRACK MISC MISC DEBIAN |
| magento -- magento | Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503. | 2017-12-30 | not yet calculated | CVE-2016-10704 CONFIRM |
| mediawiki -- mediawiki | The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | 2017-12-29 | not yet calculated | CVE-2015-8008 FEDORA FEDORA FEDORA MLIST BID SECTRACK CONFIRM MLIST CONFIRM |
| mistune -- mistune | Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | 2017-12-29 | not yet calculated | CVE-2017-16876 CONFIRM CONFIRM CONFIRM FEDORA |
| mozilla -- network_security_services | Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. | 2017-12-27 | not yet calculated | CVE-2017-11696 MISC FULLDISC MISC BID SECTRACK |
| mozilla -- network_security_services | Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. | 2017-12-27 | not yet calculated | CVE-2017-11698 MISC FULLDISC MISC BID SECTRACK |
| mozilla -- network_security_services | The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. | 2017-12-27 | not yet calculated | CVE-2017-11697 MISC FULLDISC MISC BID SECTRACK |
| mozilla -- network_security_services | Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. | 2017-12-27 | not yet calculated | CVE-2017-11695 MISC FULLDISC MISC BID SECTRACK |
| mqtt.js -- mqtt.js | MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition. | 2017-12-27 | not yet calculated | CVE-2017-10910 MISC MISC JVN |
| nettransport_download_manager -- nettransport_download_manager | A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response. | 2017-12-29 | not yet calculated | CVE-2017-17968 EXPLOIT-DB |
| netwin -- surgeftp | cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. | 2017-12-29 | not yet calculated | CVE-2017-17933 MISC |
| open-iscsi -- open-iscsi | An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation. | 2017-12-27 | not yet calculated | CVE-2017-17840 MISC MISC |
| opencv -- opencv | OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. | 2017-12-29 | not yet calculated | CVE-2017-17760 MISC MISC |
| oracle -- jarsigner | jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. | 2017-12-29 | not yet calculated | CVE-2013-4578 CONFIRM MLIST MLIST REDHAT CONFIRM |
| pdf-xchange_viewer -- pdf-xchange_viewer | The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file. | 2017-12-27 | not yet calculated | CVE-2017-13056 MISC |
| phpjabbers -- file_sharing_script | PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section. | 2017-12-30 | not yet calculated | CVE-2017-12813 MISC |
| phpjabbers -- night_club_booking_software | PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab. | 2017-12-30 | not yet calculated | CVE-2017-12812 MISC |
| phpjabbers -- php_newsletter_script | PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel. | 2017-12-30 | not yet calculated | CVE-2017-12810 MISC |
| phpjabbers -- star_rating_script | PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. | 2017-12-30 | not yet calculated | CVE-2017-12811 MISC |
| phpmybackuppro -- phpmybackuppro | SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. | 2017-12-27 | not yet calculated | CVE-2015-3637 MLIST SECTRACK |
| phpscriptsmall.com -- muslim_matrimonial_script | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | 2017-12-29 | not yet calculated | CVE-2017-17984 MISC |
| phpscriptsmall.com -- muslim_matrimonial_script | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | 2017-12-29 | not yet calculated | CVE-2017-17985 MISC |
| phpscriptsmall.com -- muslim_matrimonial_script | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | 2017-12-29 | not yet calculated | CVE-2017-17981 MISC |
| phpscriptsmall.com -- muslim_matrimonial_script | PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. | 2017-12-29 | not yet calculated | CVE-2017-17987 MISC |
| phpscriptsmall.com -- muslim_matrimonial_script | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | 2017-12-29 | not yet calculated | CVE-2017-17986 MISC |
| phpscriptsmall.com -- muslim_matrimonial_script | PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | 2017-12-29 | not yet calculated | CVE-2017-17983 MISC |
| phpscriptsmall.com -- muslim_matrimonial_script | PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php. | 2017-12-29 | not yet calculated | CVE-2017-17982 MISC |
| phpscriptsmall.com -- muslim_matrimonial_script | PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter. | 2017-12-29 | not yet calculated | CVE-2017-17988 MISC |
| phpscriptsmall.com -- php_scripts_mall_car_rental_script | PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | 2017-12-27 | not yet calculated | CVE-2017-17905 MISC |
| phpscriptsmall.com -- php_scripts_mall_car_rental_script | PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. | 2017-12-27 | not yet calculated | CVE-2017-17907 MISC |
| phpscriptsmall.com -- php_scripts_mall_car_rental_script | PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | 2017-12-27 | not yet calculated | CVE-2017-17906 MISC |
| phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. | 2017-12-28 | not yet calculated | CVE-2017-17958 MISC |
| phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce | PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | 2017-12-28 | not yet calculated | CVE-2017-17952 MISC |
| phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | 2017-12-28 | not yet calculated | CVE-2017-17953 MISC |
| phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | 2017-12-28 | not yet calculated | CVE-2017-17957 MISC |
| phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce | PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. | 2017-12-28 | not yet calculated | CVE-2017-17960 MISC |
| phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. | 2017-12-28 | not yet calculated | CVE-2017-17956 MISC |
| phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | 2017-12-28 | not yet calculated | CVE-2017-17959 MISC |
| phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | 2017-12-28 | not yet calculated | CVE-2017-17951 MISC |
| phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. | 2017-12-28 | not yet calculated | CVE-2017-17955 MISC |
| phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce | PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | 2017-12-28 | not yet calculated | CVE-2017-17954 MISC |
| phpscriptsmall.com -- php_scripts_mall_professional_services_script | PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | 2017-12-27 | not yet calculated | CVE-2017-17925 MISC |
| phpscriptsmall.com -- php_scripts_mall_professional_services_script | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | 2017-12-27 | not yet calculated | CVE-2017-17924 MISC |
| phpscriptsmall.com -- php_scripts_mall_professional_services_script | PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. | 2017-12-27 | not yet calculated | CVE-2017-17930 MISC |
| phpscriptsmall.com -- php_scripts_mall_professional_services_script | PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | 2017-12-27 | not yet calculated | CVE-2017-17928 MISC |
| phpscriptsmall.com -- php_scripts_mall_professional_services_script | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | 2017-12-27 | not yet calculated | CVE-2017-17927 MISC |
| phpscriptsmall.com -- php_scripts_mall_responsive_realestate_script | PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | 2017-12-27 | not yet calculated | CVE-2017-17908 MISC |
| phpscriptsmall.com -- php_scripts_mall_responsive_realestate_script | PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. | 2017-12-27 | not yet calculated | CVE-2017-17909 MISC |
| phpscriptsmall.com -- php_scripts_mall_resume_clone_script | PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | 2017-12-27 | not yet calculated | CVE-2017-17931 MISC |
| phpscriptsmall.com -- php_scripts_mall_single_theater_booking | PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | 2017-12-28 | not yet calculated | CVE-2017-17941 MISC |
| phpscriptsmall.com -- php_scripts_mall_single_theater_booking | PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | 2017-12-28 | not yet calculated | CVE-2017-17940 MISC |
| phpscriptsmall.com -- php_scripts_mall_single_theater_booking | PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | 2017-12-28 | not yet calculated | CVE-2017-17938 MISC |
| phpscriptsmall.com -- php_scripts_mall_single_theater_booking | PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | 2017-12-28 | not yet calculated | CVE-2017-17939 MISC |
| phpscriptsmall.com -- readymade_video_sharing_script | Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. | 2017-12-27 | not yet calculated | CVE-2017-17893 MISC |
| phpscriptsmall.com -- readymade_video_sharing_script | Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | 2017-12-27 | not yet calculated | CVE-2017-17892 MISC |
| phpscriptsmall.com -- readymade_video_sharing_script | Readymade Video Sharing Script has CSRF via user-profile-edit.php. | 2017-12-27 | not yet calculated | CVE-2017-17891 MISC |
| phpscriptssmall.com -- php_scripts_mall_professional_services_script | PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | 2017-12-27 | not yet calculated | CVE-2017-17929 MISC |
| phpscriptssmall.com -- php_scripts_mall_professional_services_script | PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | 2017-12-27 | not yet calculated | CVE-2017-17926 MISC |
| rawstudio -- rawstudio | The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph. | 2017-12-29 | not yet calculated | CVE-2014-4978 FEDORA MLIST BID CONFIRM CONFIRM XF CONFIRM |
| red_hat -- hawt.io | The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | 2017-12-29 | not yet calculated | CVE-2014-0121 CONFIRM CONFIRM MISC |
| red_hat -- hawt.io | Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | 2017-12-29 | not yet calculated | CVE-2014-0120 CONFIRM CONFIRM MISC |
| red_hat -- fedora | The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. | 2017-12-29 | not yet calculated | CVE-2014-8119 FEDORA FEDORA FEDORA REDHAT BID CONFIRM CONFIRM |
| red_lion -- hmi_panels | Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42. | 2017-12-30 | not yet calculated | CVE-2017-14855 MISC |
| rockwell_automation -- factorytalk_alarms_and_events | An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate. | 2017-12-22 | not yet calculated | CVE-2017-14022 BID MISC |
| ruby_on_rails -- ruby_on_rails | SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. | 2017-12-29 | not yet calculated | CVE-2017-17919 MISC |
| ruby_on_rails -- ruby_on_rails | SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. | 2017-12-29 | not yet calculated | CVE-2017-17917 MISC |
| ruby_on_rails -- ruby_on_rails | SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. | 2017-12-29 | not yet calculated | CVE-2017-17916 MISC |
| ruby_on_rails -- ruby_on_rails | SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. | 2017-12-29 | not yet calculated | CVE-2017-17920 MISC |
| samsung -- internet_browser | Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file. | 2017-12-27 | not yet calculated | CVE-2017-17859 MISC |
| samsung -- s6_edge | The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. | 2017-12-27 | not yet calculated | CVE-2015-7889 MISC BID CONFIRM EXPLOIT-DB |
| serverscheck_monitoring_software -- serverscheck_monitoring_software | ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page). | 2017-12-27 | not yet calculated | CVE-2017-17832 MISC CONFIRM |
| siemens -- 7kt_pac1200_data_manager | A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network. | 2017-12-27 | not yet calculated | CVE-2017-9944 BID CONFIRM |
| siemens -- logo!_soft_comfort | Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. | 2017-12-25 | not yet calculated | CVE-2017-12740 CONFIRM |
| siemens -- multiple_products | A vulnerability has been identified in the following Siemens industrial products: SIMATIC S7-200 Smart: All versions < V2.03.01, SIMATIC S7-400 PN V6: All versions < V6.0.6, SIMATIC S7-400 H V6: All versions < 6.0.8, SIMATIC S7-400 PN/DP V7: All versions, SIMATIC S7-410 V8: All versions, SIMATIC S7-300: All versions, SIMATIC S7-1200: All versions, SIMATIC S7-1500: All versions < 2.0, SIMATIC S7-1500 Software Controller: All versions < 2.0, SIMATIC WinAC RTX 2010 incl. F: All versions, SIMATIC ET 200AL: All versions, SIMATIC ET 200ecoPN: All versions, SIMATIC ET 200M: All versions, SIMATIC ET 200MP: All versions, SIMATIC ET 200pro: All versions, SIMATIC ET 200S: All versions, SIMATIC ET 200SP: All versions, DK Standard Ethernet Controller: All versions, EK-ERTEC 200P: All versions < V4.5, EK-ERTEC 200 PN IO: All versions, SIMOTION D: All versions < V5.1 HF1, SIMOTION C: All versions < V5.1 HF1, SIMOTION P: All versions < V5.1 HF1, SINAMICS DCM: All versions, SINAMICS DCP: All versions, SINAMICS G110M / G120(C/P/D) w. PN: All versions < V4.7 SP9 HF1, SINAMICS G130 and G150: All versions, SINAMICS S110 w. PN: All versions, SINAMICS S120: All versions, SINAMICS S150 V4.7 and V4.8: All versions, SINAMICS V90 w. PN: All versions, SINUMERIK 840D sl: All versions, SIMATIC Compact Field Unit: All versions, SIMATIC PN/PN Coupler: All versions, SIMOCODE pro V PROFINET: All versions, SIRIUS Soft starter 3RW44 PN: All versions. Specially crafted packets sent to port 161/UDP could cause a Denial-of-Service condition. The affected devices must be restarted manually. | 2017-12-25 | not yet calculated | CVE-2017-12741 BID CONFIRM |
| siemens -- ruggedcom_ros_for_rsl910_devices | A vulnerability has been identified in the following Siemens products: RUGGEDCOM ROS for RSL910 devices: All versions < ROS v5.0.1, RUGGEDCOM ROS for all other devices: All versions < ROS v4.3.4, SCALANCE XB-200/XC-200/XP-200/XR300-WG: All versions >= v3.0, SCALANCE XR-500/XM-400: All versions >= v6.1. After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions, potentially allowing users located in the adjacent network of the targeted device to perform unauthorized administrative actions. | 2017-12-25 | not yet calculated | CVE-2017-12736 BID SECTRACK SECTRACK CONFIRM |
| software_house -- istar_ultra_devices | A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible. | 2017-12-30 | not yet calculated | CVE-2017-17704 MISC |
| sony -- playstation | Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-12-27 | not yet calculated | CVE-2017-17010 JVN |
| synology -- mailplus_server | Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | 2017-12-27 | not yet calculated | CVE-2017-16768 CONFIRM |
| synology -- synology_chat | Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. | 2017-12-28 | not yet calculated | CVE-2017-15892 CONFIRM |
| synology -- synology_chat | Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI. | 2017-12-28 | not yet calculated | CVE-2017-15886 CONFIRM |
| tripwire -- ip360_vne_manager | The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands." | 2017-12-27 | not yet calculated | CVE-2015-6237 FULLDISC BUGTRAQ |
| typo3 -- typo3 | The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. | 2017-12-29 | not yet calculated | CVE-2013-7400 MLIST CONFIRM MISC |
| ubiquiti -- unifi_video | Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | 2017-12-27 | not yet calculated | CVE-2016-6914 MISC FULLDISC BID MISC EXPLOIT-DB |
| valve_steam_link -- valve_steam_link_build_643 | An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting). | 2017-12-27 | not yet calculated | CVE-2017-17878 MISC MISC MISC |
| valve_steam_link -- valve_steam_link_build_643 | An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless address autoconfiguration) by default, which makes it easier for remote attackers to obtain access by guessing 24 bits of the MAC address and attempting a root login. This can be exploited in conjunction with CVE-2017-17878. | 2017-12-27 | not yet calculated | CVE-2017-17877 MISC MISC MISC |
| vanguard -- marketplace_digital_products_php | Vanguard Marketplace Digital Products PHP has CSRF via /search. | 2017-12-28 | not yet calculated | CVE-2017-17936 MISC |
| vanguard -- marketplace_digital_products_php | Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. | 2017-12-27 | not yet calculated | CVE-2017-17874 EXPLOIT-DB |
| vanguard -- marketplace_digital_products_php | Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. | 2017-12-27 | not yet calculated | CVE-2017-17873 EXPLOIT-DB |
| vanguard -- marketplace_digital_products_php | Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | 2017-12-28 | not yet calculated | CVE-2017-17937 MISC |
| webmin -- webmin | custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | 2017-12-30 | not yet calculated | CVE-2017-17089 CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.11 and before, the MRDISC dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343. | 2017-12-30 | not yet calculated | CVE-2017-17997 MISC MISC MISC |
| wireshark -- wireshark | The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. | 2017-12-27 | not yet calculated | CVE-2017-17935 BID MISC MISC MISC |
| wordpress -- wordpress | The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." | 2017-12-29 | not yet calculated | CVE-2015-3302 MISC BUGTRAQ BID EXPLOIT-DB MISC |
| wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter. | 2017-12-27 | not yet calculated | CVE-2015-7667 BUGTRAQ CONFIRM MISC |
| wordpress -- wordpress | The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. | 2017-12-27 | not yet calculated | CVE-2017-17869 MISC |
| wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter. | 2017-12-27 | not yet calculated | CVE-2015-7666 BUGTRAQ CONFIRM CONFIRM MISC |
| wordpress -- wordpress | Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality." | 2017-12-27 | not yet calculated | CVE-2015-7669 BUGTRAQ CONFIRM MISC |
| wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter. | 2017-12-27 | not yet calculated | CVE-2015-7668 BUGTRAQ CONFIRM MISC |
| zend_framework -- zend_framework | The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | 2017-12-29 | not yet calculated | CVE-2014-4914 CONFIRM JVN MLIST SECUNIA BID DEBIAN |
| zyxel -- p-660hw_v3_devices | ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. | 2017-12-29 | not yet calculated | CVE-2017-17901 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2lAkMHu