Vulnerability Summary for the Week of August 14, 2017
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11211 BID SECTRACK MISC CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11212 BID SECTRACK MISC CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11214 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11216 BID SECTRACK MISC CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11218 BID SECTRACK MISC CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11219 BID SECTRACK MISC CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11220 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11221 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11222 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11223 BID SECTRACK MISC CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11224 BID SECTRACK MISC CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11226 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11227 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11228 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11231 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11234 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11235 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11237 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11241 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11251 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11256 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11257 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11259 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11260 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11261 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11262 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11267 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11268 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11269 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11270 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11271 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3016 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3113 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3116 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3117 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3120 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3121 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3123 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 10.0 | CVE-2017-3124 BID SECTRACK CONFIRM |
adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 10.0 | CVE-2017-11274 BID SECTRACK CONFIRM |
adobe -- experience_manager | Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | 2017-08-11 | 7.5 | CVE-2017-3108 BID SECTRACK CONFIRM |
adobe -- flash_player | Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3106 BID SECTRACK CONFIRM EXPLOIT-DB |
google -- android | In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value. | 2017-08-16 | 7.6 | CVE-2016-5853 BID CONFIRM MISC |
google -- android | In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow. | 2017-08-16 | 7.6 | CVE-2016-5859 BID CONFIRM MISC |
google -- android | In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow. | 2017-08-16 | 7.6 | CVE-2016-5860 BID CONFIRM MISC |
google -- android | In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow. | 2017-08-16 | 8.3 | CVE-2016-5861 SECTRACK CONFIRM MISC |
google -- android | When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs. | 2017-08-16 | 7.6 | CVE-2016-5862 BID CONFIRM MISC |
google -- android | In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. | 2017-08-16 | 9.3 | CVE-2016-5863 BID CONFIRM MISC |
google -- android | In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access. | 2017-08-16 | 9.3 | CVE-2016-5864 SECTRACK CONFIRM MISC |
google -- android | In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | 2017-08-16 | 7.6 | CVE-2016-5867 BID CONFIRM MISC |
google -- android | A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file. | 2017-08-16 | 9.3 | CVE-2017-8243 BID CONFIRM |
nexusphp_project -- nexusphp | SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. | 2017-08-17 | 7.5 | CVE-2017-12908 MISC |
nexusphp_project -- nexusphp | SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | 2017-08-17 | 7.5 | CVE-2017-12909 MISC |
nexusphp_project -- nexusphp | SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. | 2017-08-17 | 7.5 | CVE-2017-12910 MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11209 BID SECTRACK MISC CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11210 BID SECTRACK MISC CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11217 BID SECTRACK MISC CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF). | 2017-08-11 | 6.8 | CVE-2017-11229 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11230 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11232 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11233 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11236 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11238 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11239 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11242 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11243 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11244 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11245 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing JPEG data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11246 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11248 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11249 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11252 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 6.8 | CVE-2017-11254 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11255 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11258 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 6.8 | CVE-2017-11263 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11265 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document. | 2017-08-11 | 4.3 | CVE-2017-3115 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments. | 2017-08-11 | 4.3 | CVE-2017-3118 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 6.8 | CVE-2017-3119 BID SECTRACK CONFIRM |
adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-3122 BID SECTRACK CONFIRM |
adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability. | 2017-08-11 | 5.0 | CVE-2017-11272 BID SECTRACK CONFIRM |
adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11275 BID SECTRACK CONFIRM |
adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11276 BID SECTRACK CONFIRM |
adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11277 BID SECTRACK CONFIRM |
adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11278 BID SECTRACK CONFIRM |
adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11279 BID SECTRACK CONFIRM |
adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11280 BID SECTRACK CONFIRM |
adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-3091 BID SECTRACK CONFIRM |
adobe -- experience_manager | Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. | 2017-08-11 | 5.0 | CVE-2017-3107 BID SECTRACK CONFIRM |
adobe -- experience_manager | Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. | 2017-08-11 | 5.0 | CVE-2017-3110 BID SECTRACK CONFIRM |
adobe -- flash_player | Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | 2017-08-11 | 5.0 | CVE-2017-3085 BID SECTRACK MISC MISC CONFIRM |
cacti -- cacti | A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | 2017-08-17 | 4.3 | CVE-2017-12927 SECTRACK CONFIRM CONFIRM |
google -- android | In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow. | 2017-08-16 | 5.8 | CVE-2017-6421 SECTRACK CONFIRM MISC |
google -- android | An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. | 2017-08-11 | 4.3 | CVE-2017-8258 BID CONFIRM |
google -- android | In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer. | 2017-08-11 | 6.8 | CVE-2017-8259 BID CONFIRM |
google -- android | A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. | 2017-08-11 | 6.8 | CVE-2017-8264 BID CONFIRM |
google -- android | Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory. | 2017-08-11 | 4.3 | CVE-2017-8269 BID CONFIRM |
google -- android | Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter. | 2017-08-11 | 6.8 | CVE-2017-8271 BID CONFIRM |
google -- android | In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur. | 2017-08-11 | 6.8 | CVE-2017-8273 BID CONFIRM |
graphicsmagick -- graphicsmagick | The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. | 2017-08-18 | 6.8 | CVE-2017-12935 MISC MISC |
graphicsmagick -- graphicsmagick | The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. | 2017-08-18 | 6.8 | CVE-2017-12936 MISC MISC |
graphicsmagick -- graphicsmagick | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | 2017-08-18 | 6.8 | CVE-2017-12937 MISC MISC |
ibm -- emptoris_strategic_supply_management | IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881. | 2017-08-14 | 4.3 | CVE-2016-6029 CONFIRM MISC |
ibm -- emptoris_strategic_supply_management | IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559. | 2017-08-14 | 6.2 | CVE-2017-1190 CONFIRM MISC |
minidjvu_project -- minidjvu | The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | 2017-08-17 | 4.3 | CVE-2017-12441 FULLDISC |
minidjvu_project -- minidjvu | The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | 2017-08-17 | 4.3 | CVE-2017-12442 FULLDISC |
minidjvu_project -- minidjvu | The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | 2017-08-17 | 4.3 | CVE-2017-12443 FULLDISC |
minidjvu_project -- minidjvu | The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | 2017-08-17 | 4.3 | CVE-2017-12444 FULLDISC |
minidjvu_project -- minidjvu | The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | 2017-08-17 | 4.3 | CVE-2017-12445 FULLDISC |
nexusphp_project -- nexusphp | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php. | 2017-08-17 | 4.3 | CVE-2017-12907 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
fortinet -- fortimanager_firmware | Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. | 2017-08-11 | 3.5 | CVE-2015-3615 SECTRACK CONFIRM |
google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver. | 2017-08-16 | 2.6 | CVE-2016-5347 BID CONFIRM MISC MISC |
google -- android | In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace. | 2017-08-16 | 2.6 | CVE-2016-5854 BID CONFIRM MISC |
google -- android | In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough. | 2017-08-16 | 2.6 | CVE-2016-5855 BID CONFIRM MISC |
google -- android | In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs. | 2017-08-16 | 2.6 | CVE-2016-5858 BID CONFIRM MISC MISC |
ibm -- emptoris_strategic_supply_management | IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755. | 2017-08-14 | 3.5 | CVE-2016-6021 CONFIRM MISC |
synology -- video_station | Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. | 2017-08-11 | 3.5 | CVE-2017-9556 CONFIRM |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
389-ds-base -- 389-ds-base | 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. | 2017-08-16 | not yet calculated | CVE-2017-7551 CONFIRM |
apache -- attic | attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file". | 2017-08-18 | not yet calculated | CVE-2015-4082 MLIST BID CONFIRM CONFIRM |
apache -- openfire_xmpp_server | OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | 2017-08-18 | not yet calculated | CVE-2014-3451 MISC MLIST BUGTRAQ BID MISC |
apache -- sling | The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. | 2017-08-14 | not yet calculated | CVE-2017-9802 BID CONFIRM MLIST |
assa_abloy_aptus -- styra_porttelefonkort_4400 | Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. | 2017-08-18 | not yet calculated | CVE-2017-7278 CONFIRM |
asus -- dsl-n10s_devices | ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. | 2017-08-18 | not yet calculated | CVE-2017-12593 MISC |
asus -- dsl-n10s_devices | ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. | 2017-08-18 | not yet calculated | CVE-2017-12592 MISC |
asus -- dsl-n10s_devices | ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | 2017-08-18 | not yet calculated | CVE-2017-12591 MISC |
augeas -- augeas | Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. | 2017-08-17 | not yet calculated | CVE-2017-7555 BID MISC |
buffalo -- wcr-1166ds_devices | Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | 2017-08-18 | not yet calculated | CVE-2017-10811 CONFIRM JVN |
cisco -- anyconnect_secure_mobile_client_software | The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40). | 2017-08-17 | not yet calculated | CVE-2017-6788 BID SECTRACK CISCO |
cisco -- application_policy_infrastructure_controller | A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role. Cisco Bug IDs: CSCvc34335. Known Affected Releases: 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o); 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1). | 2017-08-17 | not yet calculated | CVE-2017-6767 BID SECTRACK CISCO |
cisco -- application_policy_infrastructure_controller | A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1). | 2017-08-17 | not yet calculated | CVE-2017-6768 BID SECTRACK CISCO |
cisco -- asr_5000_series_aggregated_services_routers
| A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839. | 2017-08-17 | not yet calculated | CVE-2017-6775 BID SECTRACK CISCO |
cisco -- asr_5000_series_aggregated_services_routers
| A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. | 2017-08-17 | not yet calculated | CVE-2017-6774 BID SECTRACK CISCO |
cisco -- asr_5000_series_aggregated_services_routers | A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839. | 2017-08-17 | not yet calculated | CVE-2017-6773 BID SECTRACK CISCO |
cisco -- elastic_services_controller | A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839. | 2017-08-17 | not yet calculated | CVE-2017-6778 BID CISCO |
cisco -- elastic_services_controller | A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1). | 2017-08-17 | not yet calculated | CVE-2017-6776 BID CISCO |
cisco -- elastic_services_controller | A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2). | 2017-08-17 | not yet calculated | CVE-2017-6772 BID CISCO |
cisco -- elastic_services_controller | A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2). | 2017-08-17 | not yet calculated | CVE-2017-6777 BID CISCO |
cisco -- elastic_services_controller | A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected system. Cisco Bug IDs: CSCvc76616. Known Affected Releases: 2.2(9.76). | 2017-08-17 | not yet calculated | CVE-2017-6786 BID CISCO |
cisco -- multiple_appliances | A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance). | 2017-08-17 | not yet calculated | CVE-2017-6783 BID SECTRACK SECTRACK SECTRACK CISCO |
cisco -- policy_suite_software | A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0. | 2017-08-17 | not yet calculated | CVE-2017-6781 BID CISCO |
cisco -- prime_infrastructure | A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0). | 2017-08-17 | not yet calculated | CVE-2017-6782 BID SECTRACK CISCO |
cisco -- rv340_series_routers | A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16. | 2017-08-17 | not yet calculated | CVE-2017-6784 BID SECTRACK CISCO |
cisco -- telepresence_video_communication_server | A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897. | 2017-08-17 | not yet calculated | CVE-2017-6790 BID SECTRACK CISCO |
cisco -- ultra_services_framework | A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839. | 2017-08-17 | not yet calculated | CVE-2017-6771 BID CISCO |
cisco -- unified_communications_manager | A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user's information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6). | 2017-08-17 | not yet calculated | CVE-2017-6785 BID SECTRACK CISCO |
cisco -- virtual_network_function_element_manager | A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to specify arbitrary commands that will run as root on the server. An attacker could use this setting to elevate privileges and run commands in the context of the root user on the server. Cisco Bug IDs: CSCvc76670. Known Affected Releases: prior to 5.0.4 and 5.1.4. | 2017-08-17 | not yet calculated | CVE-2017-6710 BID CISCO |
d-link -- dr-600_rev_bx_devices | D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. | 2017-08-18 | not yet calculated | CVE-2017-12943 MISC |
divio_ag -- django_cms | Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. | 2017-08-18 | not yet calculated | CVE-2015-5081 MLIST CONFIRM CONFIRM |
elastic -- x-pack_security_tls
| The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data. | 2017-08-18 | not yet calculated | CVE-2017-8446 CONFIRM |
elastic -- x-pack_security_tls | An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates. | 2017-08-18 | not yet calculated | CVE-2017-8445 CONFIRM |
estsoft -- alzip | Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename. | 2017-08-19 | not yet calculated | CVE-2017-11323 MISC MISC |
exiv2 -- exiv2 | There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. | 2017-08-18 | not yet calculated | CVE-2017-12955 MISC |
exiv2 -- exiv2 | There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. | 2017-08-18 | not yet calculated | CVE-2017-12957 MISC |
exiv2 -- exiv2 | There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. | 2017-08-18 | not yet calculated | CVE-2017-12956 MISC |
foxit_software -- pdf_compressor | Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 2017-08-16 | not yet calculated | CVE-2017-12892 BID CONFIRM |
free_software_foundation -- gnu_bitutils | The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. | 2017-08-19 | not yet calculated | CVE-2017-12967 CONFIRM |
free_software_foundation -- gnu_pspp | There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. | 2017-08-18 | not yet calculated | CVE-2017-12960 MISC |
free_software_foundation -- gnu_pspp | There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. | 2017-08-18 | not yet calculated | CVE-2017-12961 MISC |
free_software_foundation -- gnu_pspp | There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. | 2017-08-18 | not yet calculated | CVE-2017-12958 MISC |
free_software_foundation -- gnu_pspp | There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack. | 2017-08-18 | not yet calculated | CVE-2017-12959 MISC |
fuji -- electric_monitouch_vt-sft
| A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. | 2017-08-14 | not yet calculated | CVE-2017-9660 BID MISC MISC |
fuji -- electric_monitouch_vt-sft | A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. The stack-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. | 2017-08-14 | not yet calculated | CVE-2017-9659 BID MISC MISC MISC |
fuji -- electric_monitouch_vt-sft
| An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges. | 2017-08-14 | not yet calculated | CVE-2017-9662 BID MISC MISC |
ganeti -- ganeti | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation. | 2017-08-18 | not yet calculated | CVE-2015-7944 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MISC MISC |
ganeti -- ganeti | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results. | 2017-08-18 | not yet calculated | CVE-2015-7945 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MISC MISC |
gitlab -- community_and_enterprise_editions | GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. | 2017-08-14 | not yet calculated | CVE-2017-12426 CONFIRM MLIST |
gnome_project -- librest | The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. | 2017-08-18 | not yet calculated | CVE-2015-2675 REDHAT MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
google -- android | A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675. | 2017-08-18 | not yet calculated | CVE-2017-0687 BID CONFIRM |
hawtio -- hawtio | Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user. | 2017-08-17 | not yet calculated | CVE-2017-7556 BID CONFIRM |
ibm -- doors_next_generation | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246. | 2017-08-18 | not yet calculated | CVE-2017-1338 CONFIRM BID MISC |
ibm -- infosphere_information_server | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. | 2017-08-14 | not yet calculated | CVE-2017-1469 CONFIRM BID MISC |
ibm -- websphere_application_server | IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. | 2017-08-18 | not yet calculated | CVE-2017-1501 CONFIRM BID SECTRACK MISC |
japanese_ministry_of_economy_trade_ and_industry -- shin_kinkyuji_houkoku_data_nyuryoku_program | Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on March 10, 2011), distributed on the website till May 17, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | not yet calculated | CVE-2017-10823 JVN |
japanese_ministry_of_economy_trade_ and_industry -- shin_sekiyu_yunyu_chousa_houkoku_data_nyuryoku_program | Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on September 30, 2013), distributed on the website until May 17, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | not yet calculated | CVE-2017-10822 JVN |
japanese_ministry_of_economy_trade_ and_industry -- teikihoukokusho_sakuseishien_tool | Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | not yet calculated | CVE-2017-2228 JVN |
japanese_ministry_of_economy_trade_ and_industry -- shin_kikan_toukei_houkoku_data_nyuryokuyou_program | Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on September 30, 2013), distributed on the website until May 17, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | not yet calculated | CVE-2017-10821 JVN |
joomla! -- joomla! | The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}. | 2017-08-18 | not yet calculated | CVE-2015-4071 MISC FULLDISC FULLDISC BID EXPLOIT-DB |
kanboard -- kanboard | An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46. | 2017-08-14 | not yet calculated | CVE-2017-12850 BID CONFIRM |
kanboard -- kanboard | An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46. | 2017-08-14 | not yet calculated | CVE-2017-12851 BID CONFIRM |
kayson_group -- phpgrid | Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name. | 2017-08-18 | not yet calculated | CVE-2017-10665 CONFIRM MISC |
kddi -- qua | Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | not yet calculated | CVE-2017-2289 JVN |
kguard -- digital_video_recorder | KGuard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. | 2017-08-18 | not yet calculated | CVE-2015-4464 MISC BUGTRAQ BID MISC |
lasso -- lasso | The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. | 2017-08-11 | not yet calculated | CVE-2015-1783 FEDORA FEDORA FEDORA CONFIRM MISC |
lenovo -- thinkpad | A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. | 2017-08-18 | not yet calculated | CVE-2017-3756 BID CONFIRM |
libsass -- libsass | There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24). | 2017-08-18 | not yet calculated | CVE-2017-12963 MISC |
libsass -- libsass | There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. | 2017-08-18 | not yet calculated | CVE-2017-12964 MISC |
libsass -- libsass | There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. | 2017-08-18 | not yet calculated | CVE-2017-12962 MISC |
libtiff -- libtiff | The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. | 2017-08-18 | not yet calculated | CVE-2017-12944 CONFIRM |
linux -- linux_kernel | The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. | 2017-08-19 | not yet calculated | CVE-2017-10662 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel
| Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. | 2017-08-19 | not yet calculated | CVE-2017-10661 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel | The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. | 2017-08-19 | not yet calculated | CVE-2017-10663 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel | Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | 2017-08-17 | not yet calculated | CVE-2011-0469 MISC MISC MISC |
mozilla -- firefox | Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. | 2017-08-18 | not yet calculated | CVE-2007-5341 CONFIRM CONFIRM CONFIRM |
musl -- libc | Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors. | 2017-08-18 | not yet calculated | CVE-2015-1817 MLIST BID |
nessusphp -- nessusphp | Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. | 2017-08-18 | not yet calculated | CVE-2017-12680 MISC |
nessusphp -- nessusphp | SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. | 2017-08-18 | not yet calculated | CVE-2017-12776 MISC |
netapp -- ontap | NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. | 2017-08-18 | not yet calculated | CVE-2017-12859 CONFIRM |
netapp -- ontap | Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. | 2017-08-18 | not yet calculated | CVE-2017-12420 CONFIRM |
numpy -- numpy | The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. | 2017-08-15 | not yet calculated | CVE-2017-12852 CONFIRM |
opencv -- opencv | In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has a integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. | 2017-08-15 | not yet calculated | CVE-2017-12863 MISC |
opencv -- opencv | In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. | 2017-08-15 | not yet calculated | CVE-2017-12862 MISC |
opencv -- opencv | In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. | 2017-08-15 | not yet calculated | CVE-2017-12864 MISC |
openstack -- aodh | Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. | 2017-08-18 | not yet calculated | CVE-2017-12440 CONFIRM CONFIRM CONFIRM CONFIRM |
osisoft -- multiple_products | An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. | 2017-08-14 | not yet calculated | CVE-2017-9653 BID MISC CONFIRM |
osisoft -- multiple_products | A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. | 2017-08-14 | not yet calculated | CVE-2017-9655 BID MISC CONFIRM |
paessler -- prtg_network_monitor | Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-08-18 | not yet calculated | CVE-2017-9816 CONFIRM |
php_group -- php | ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | 2017-08-17 | not yet calculated | CVE-2017-12934 CONFIRM CONFIRM |
php_group -- php | The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | 2017-08-17 | not yet calculated | CVE-2017-12933 CONFIRM CONFIRM CONFIRM |
php_group -- php | ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | 2017-08-17 | not yet calculated | CVE-2017-12932 CONFIRM CONFIRM CONFIRM |
postgresql -- postgresql | PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. | 2017-08-16 | not yet calculated | CVE-2017-7548 BID SECTRACK CONFIRM |
postgresql -- postgresql | PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. | 2017-08-16 | not yet calculated | CVE-2017-7547 BID SECTRACK CONFIRM |
postgresql -- postgresql | PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. | 2017-08-16 | not yet calculated | CVE-2017-7546 BID SECTRACK CONFIRM |
pulp -- pulp | Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | 2017-08-18 | not yet calculated | CVE-2015-5153 CONFIRM |
qnap -- ts212p_devices | Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. | 2017-08-18 | not yet calculated | CVE-2017-12582 MISC |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. | 2017-08-18 | not yet calculated | CVE-2017-8255 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. | 2017-08-18 | not yet calculated | CVE-2017-8256 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. | 2017-08-18 | not yet calculated | CVE-2017-8265 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. | 2017-08-18 | not yet calculated | CVE-2017-8261 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. | 2017-08-18 | not yet calculated | CVE-2015-9038 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. | 2017-08-18 | not yet calculated | CVE-2014-9979 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. | 2017-08-18 | not yet calculated | CVE-2014-9981 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. | 2017-08-18 | not yet calculated | CVE-2017-8270 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. | 2017-08-18 | not yet calculated | CVE-2015-9061 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write. | 2017-08-18 | not yet calculated | CVE-2017-8272 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). | 2017-08-18 | not yet calculated | CVE-2017-9678 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | 2017-08-18 | not yet calculated | CVE-2015-8593 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. | 2017-08-18 | not yet calculated | CVE-2015-8594 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. | 2017-08-18 | not yet calculated | CVE-2015-8592 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. | 2017-08-18 | not yet calculated | CVE-2015-8596 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. | 2017-08-18 | not yet calculated | CVE-2015-9043 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. | 2017-08-18 | not yet calculated | CVE-2015-9042 BID CONFIRM |
qualcomm -- android_products
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. | 2017-08-18 | not yet calculated | CVE-2015-9044 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. | 2017-08-18 | not yet calculated | CVE-2015-9045 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. | 2017-08-18 | not yet calculated | CVE-2015-9047 BID CONFIRM |
qualcomm -- android_products
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. | 2017-08-18 | not yet calculated | CVE-2015-9046 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. | 2017-08-18 | not yet calculated | CVE-2015-9041 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. | 2017-08-18 | not yet calculated | CVE-2015-9040 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. | 2017-08-18 | not yet calculated | CVE-2015-9034 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. | 2017-08-18 | not yet calculated | CVE-2015-0576 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. | 2017-08-18 | not yet calculated | CVE-2015-9035 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. | 2017-08-18 | not yet calculated | CVE-2015-9036 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. | 2017-08-18 | not yet calculated | CVE-2015-9039 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. | 2017-08-18 | not yet calculated | CVE-2015-9037 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. | 2017-08-18 | not yet calculated | CVE-2015-8595 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition. | 2017-08-18 | not yet calculated | CVE-2017-7364 SECTRACK CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. | 2017-08-18 | not yet calculated | CVE-2014-9971 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. | 2017-08-18 | not yet calculated | CVE-2014-9969 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. | 2017-08-18 | not yet calculated | CVE-2014-9972 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. | 2017-08-18 | not yet calculated | CVE-2014-9973 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. | 2017-08-18 | not yet calculated | CVE-2017-8267 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. | 2017-08-18 | not yet calculated | CVE-2017-8268 BID CONFIRM |
qualcomm -- android_products
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. | 2017-08-18 | not yet calculated | CVE-2014-9968 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. | 2017-08-18 | not yet calculated | CVE-2017-9679 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. | 2017-08-18 | not yet calculated | CVE-2017-9685 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. | 2017-08-18 | not yet calculated | CVE-2014-9411 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. | 2017-08-18 | not yet calculated | CVE-2017-9684 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. | 2017-08-18 | not yet calculated | CVE-2017-9682 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message. | 2017-08-18 | not yet calculated | CVE-2017-9680 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. | 2017-08-18 | not yet calculated | CVE-2017-8266 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. | 2017-08-18 | not yet calculated | CVE-2017-8263 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. | 2017-08-18 | not yet calculated | CVE-2015-9048 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | 2017-08-18 | not yet calculated | CVE-2014-9976 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. | 2017-08-18 | not yet calculated | CVE-2014-9977 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. | 2017-08-18 | not yet calculated | CVE-2014-9978 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. | 2017-08-18 | not yet calculated | CVE-2015-0574 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. | 2017-08-18 | not yet calculated | CVE-2014-9980 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. | 2017-08-18 | not yet calculated | CVE-2014-9975 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. | 2017-08-18 | not yet calculated | CVE-2014-9974 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. | 2017-08-18 | not yet calculated | CVE-2017-8260 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. | 2017-08-18 | not yet calculated | CVE-2017-8262 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. | 2017-08-18 | not yet calculated | CVE-2017-8257 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. | 2017-08-18 | not yet calculated | CVE-2017-8254 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. | 2017-08-18 | not yet calculated | CVE-2017-8253 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. | 2017-08-18 | not yet calculated | CVE-2015-0575 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. | 2017-08-18 | not yet calculated | CVE-2015-9049 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. | 2017-08-18 | not yet calculated | CVE-2015-9069 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. | 2017-08-18 | not yet calculated | CVE-2016-10392 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. | 2017-08-18 | not yet calculated | CVE-2016-10388 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition. | 2017-08-18 | not yet calculated | CVE-2016-10389 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. | 2017-08-18 | not yet calculated | CVE-2016-10390 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. | 2017-08-18 | not yet calculated | CVE-2016-5872 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. | 2017-08-18 | not yet calculated | CVE-2015-9067 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. | 2017-08-18 | not yet calculated | CVE-2015-9063 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. | 2017-08-18 | not yet calculated | CVE-2015-9064 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. | 2017-08-18 | not yet calculated | CVE-2015-9065 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. | 2017-08-18 | not yet calculated | CVE-2015-9066 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. | 2017-08-18 | not yet calculated | CVE-2016-10391 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. | 2017-08-18 | not yet calculated | CVE-2016-10382 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. | 2017-08-18 | not yet calculated | CVE-2016-10346 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. | 2017-08-18 | not yet calculated | CVE-2016-10347 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. | 2017-08-18 | not yet calculated | CVE-2016-10380 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. | 2017-08-18 | not yet calculated | CVE-2016-10381 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. | 2017-08-18 | not yet calculated | CVE-2016-10344 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. | 2017-08-18 | not yet calculated | CVE-2016-10343 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. | 2017-08-18 | not yet calculated | CVE-2015-9070 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. | 2017-08-18 | not yet calculated | CVE-2015-9071 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. | 2017-08-18 | not yet calculated | CVE-2015-9072 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. | 2017-08-18 | not yet calculated | CVE-2015-9073 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. | 2017-08-18 | not yet calculated | CVE-2015-9062 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. | 2017-08-18 | not yet calculated | CVE-2015-9068 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. | 2017-08-18 | not yet calculated | CVE-2015-9050 BID CONFIRM |
qualcomm -- android_products
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message. | 2017-08-18 | not yet calculated | CVE-2015-9051 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | 2017-08-18 | not yet calculated | CVE-2016-10383 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. | 2017-08-18 | not yet calculated | CVE-2015-9053 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. | 2017-08-18 | not yet calculated | CVE-2015-9052 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. | 2017-08-18 | not yet calculated | CVE-2015-9055 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. | 2017-08-18 | not yet calculated | CVE-2015-9060 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. | 2017-08-18 | not yet calculated | CVE-2016-5871 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. | 2017-08-18 | not yet calculated | CVE-2016-10386 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. | 2017-08-18 | not yet calculated | CVE-2016-10385 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. | 2017-08-18 | not yet calculated | CVE-2016-10387 CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. | 2017-08-18 | not yet calculated | CVE-2015-9054 BID CONFIRM |
qualcomm -- android_products | In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. | 2017-08-18 | not yet calculated | CVE-2016-10384 CONFIRM |
qualcomm -- apple_products | A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. | 2017-08-16 | not yet calculated | CVE-2017-8248 FULLDISC BID SECTRACK |
quali -- cloudshell | Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate. | 2017-08-18 | not yet calculated | CVE-2017-9767 MISC BUGTRAQ EXPLOIT-DB |
rarlab -- unrar | libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | 2017-08-18 | not yet calculated | CVE-2017-12942 MISC |
rarlab -- unrar
| libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | 2017-08-18 | not yet calculated | CVE-2017-12940 MISC |
rarlab -- unrar | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | 2017-08-18 | not yet calculated | CVE-2017-12941 MISC |
rarlab -- unrar | UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. | 2017-08-18 | not yet calculated | CVE-2017-12938 MISC |
razer -- synapse | Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. | 2017-08-18 | not yet calculated | CVE-2017-11653 MISC |
razer -- synapse | Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. | 2017-08-18 | not yet calculated | CVE-2017-11652 MISC |
realtime -- rwr-3g-100_router_firmware | The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | 2017-08-14 | not yet calculated | CVE-2017-12853 MISC EXPLOIT-DB |
resiprocate -- resiprocate | Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response. | 2017-08-18 | not yet calculated | CVE-2017-9454 CONFIRM MLIST |
ruby -- ruby | The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created. | 2017-08-18 | not yet calculated | CVE-2015-3649 MISC MLIST BID MISC MISC MISC |
simplight -- scada_software | An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code. | 2017-08-14 | not yet calculated | CVE-2017-9661 BID MISC |
solar_controls -- heating_control_downloader | An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file. | 2017-08-14 | not yet calculated | CVE-2017-9646 BID MISC |
solar_controls -- wattconfig_m_software | An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file. | 2017-08-14 | not yet calculated | CVE-2017-9648 BID MISC |
spring_batch_admin -- spring_batch_admin | Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. | 2017-08-18 | not yet calculated | CVE-2017-12882 MLIST BID |
spring_batch_admin -- spring_batch_admin | Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | 2017-08-18 | not yet calculated | CVE-2017-12881 MLIST BID |
strongswan -- strongswan | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. | 2017-08-18 | not yet calculated | CVE-2017-11185 CONFIRM |
symantec -- messaging_gateway | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. | 2017-08-11 | not yet calculated | CVE-2017-6327 BID EXPLOIT-DB CONFIRM |
synology -- assistant | Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. | 2017-08-18 | not yet calculated | CVE-2017-11160 CONFIRM |
synology -- chat | Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. | 2017-08-11 | not yet calculated | CVE-2017-11148 BID CONFIRM |
synology -- download_station | Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. | 2017-08-14 | not yet calculated | CVE-2017-11156 CONFIRM |
synology -- download_station | Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. | 2017-08-14 | not yet calculated | CVE-2017-11149 CONFIRM |
synology -- office | Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. | 2017-08-14 | not yet calculated | CVE-2017-11150 CONFIRM |
teikoku_databank_ltd -- tbd_ca_typea | Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until August 10, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-08-18 | not yet calculated | CVE-2017-10824 JVN |
thales -- nshield_connect_hardware_models | Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel. | 2017-08-18 | not yet calculated | CVE-2015-1878 SECTRACK |
tomax -- r60g_devices | ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. | 2017-08-18 | not yet calculated | CVE-2017-12589 MISC |
unity_technologies --unity_editor | A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. | 2017-08-18 | not yet calculated | CVE-2017-12939 CONFIRM |
wildmidi -- wildmidi | The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | 2017-08-17 | not yet calculated | CVE-2017-11661 FULLDISC EXPLOIT-DB |
wildmidi -- wildmidi | The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | 2017-08-17 | not yet calculated | CVE-2017-11663 FULLDISC EXPLOIT-DB |
wildmidi -- wildmidi | The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | 2017-08-17 | not yet calculated | CVE-2017-11664 FULLDISC CONFIRM EXPLOIT-DB |
wildmidi -- wildmidi | The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | 2017-08-17 | not yet calculated | CVE-2017-11662 FULLDISC EXPLOIT-DB |
wordpress -- wordpress | classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. | 2017-08-18 | not yet calculated | CVE-2017-12947 MISC MISC |
wordpress -- wordpress | Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. | 2017-08-18 | not yet calculated | CVE-2017-12948 MISC |
wordpress -- wordpress | lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. | 2017-08-18 | not yet calculated | CVE-2017-12949 MISC |
wordpress -- wordpress | classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. | 2017-08-18 | not yet calculated | CVE-2017-12946 MISC MISC |
wordpress -- wordpress | Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | 2017-08-18 | not yet calculated | CVE-2015-5057 MLIST BID MISC |
x.org -- libxfont | A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. | 2017-08-18 | not yet calculated | CVE-2007-5199 CONFIRM CONFIRM |
xamarin -- xamarin.ios | The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability." | 2017-08-15 | not yet calculated | CVE-2017-8665 BID CONFIRM EXPLOIT-DB |
xen_project -- xen | Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected. | 2017-08-15 | not yet calculated | CVE-2017-12855 BID SECTRACK CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.