Vulnerability Summary for the Week of October 2, 2017
Released
Oct 09, 2017
Document ID
SB17-282
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ersdata -- ers_data_system | ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization. | 2017-09-29 | 7.5 | CVE-2017-14702 MISC EXPLOIT-DB |
| gnu -- binutils | Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | 2017-09-29 | 7.1 | CVE-2017-14930 CONFIRM |
| hp -- application_performance_management | A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | 2017-09-29 | 10.0 | CVE-2017-14350 BID MISC CONFIRM |
| hp -- bsm_platform_application_performance_management_system_health | A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | 2017-09-29 | 9.0 | CVE-2017-13982 MISC CONFIRM AUSCERT |
| hp -- bsm_platform_application_performance_management_system_health | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | 2017-09-29 | 10.0 | CVE-2017-13983 MISC CONFIRM AUSCERT |
| hp -- ucmdb_configuration_manager | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. | 2017-09-29 | 7.5 | CVE-2017-14351 CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- geode | When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view. | 2017-09-29 | 4.0 | CVE-2017-9794 MLIST |
| artifex -- gsview | Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068." | 2017-09-29 | 6.8 | CVE-2017-14945 CONFIRM |
| artifex -- gsview | Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e." | 2017-09-29 | 6.8 | CVE-2017-14946 CONFIRM |
| artifex -- gsview | Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359." | 2017-09-29 | 6.8 | CVE-2017-14947 CONFIRM |
| blogotext_project -- blogotext | Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog. | 2017-10-01 | 4.3 | CVE-2017-14957 MISC MISC MISC MISC |
| cfpaypal -- cp_contact_form_with_paypal | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | 2017-09-29 | 6.8 | CVE-2015-9233 MISC MISC MISC |
| cfpaypal -- cp_contact_form_with_paypal | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | 2017-09-29 | 6.5 | CVE-2015-9234 MISC MISC MISC |
| check_mk_project -- check_mk | Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. | 2017-10-01 | 4.3 | CVE-2017-14955 CONFIRM CONFIRM |
| egroupware -- egroupware | Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. | 2017-09-29 | 4.3 | CVE-2017-14920 MISC MISC |
| freedesktop -- poppler | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. | 2017-09-29 | 4.3 | CVE-2017-14926 CONFIRM |
| freedesktop -- poppler | In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | 2017-09-29 | 4.3 | CVE-2017-14927 CONFIRM |
| freedesktop -- poppler | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. | 2017-09-29 | 4.3 | CVE-2017-14928 CONFIRM |
| freedesktop -- poppler | In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | 2017-09-29 | 5.0 | CVE-2017-14929 CONFIRM |
| freedesktop -- poppler | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. | 2017-10-01 | 5.0 | CVE-2017-14975 CONFIRM |
| freedesktop -- poppler | The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. | 2017-10-01 | 5.0 | CVE-2017-14976 CONFIRM CONFIRM |
| freedesktop -- poppler | The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | 2017-10-01 | 5.0 | CVE-2017-14977 CONFIRM |
| gnu -- binutils | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | 2017-09-29 | 4.3 | CVE-2017-14932 CONFIRM CONFIRM |
| gnu -- binutils | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | 2017-09-29 | 4.3 | CVE-2017-14933 CONFIRM CONFIRM CONFIRM |
| gnu -- binutils | process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | 2017-09-29 | 4.3 | CVE-2017-14934 CONFIRM CONFIRM |
| gnu -- binutils | _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. | 2017-09-29 | 4.3 | CVE-2017-14938 MISC MISC MISC |
| gnu -- binutils | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. | 2017-09-29 | 4.3 | CVE-2017-14939 MISC MISC MISC |
| gnu -- binutils | scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. | 2017-09-29 | 4.3 | CVE-2017-14940 MISC MISC MISC |
| gnu -- binutils | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | 2017-10-01 | 4.3 | CVE-2017-14974 CONFIRM CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | 2017-09-29 | 4.3 | CVE-2017-13986 BID CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | 2017-09-29 | 4.0 | CVE-2017-13987 BID CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function. | 2017-09-29 | 4.0 | CVE-2017-13988 BID CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | 2017-09-29 | 5.5 | CVE-2017-13989 BID CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | 2017-09-29 | 5.0 | CVE-2017-13990 BID CONFIRM |
| hp -- arcsight_enterprise_security_manager_express | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | 2017-09-29 | 5.0 | CVE-2017-13991 BID CONFIRM |
| hp -- bsm_platform_application_performance_management_system_health | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. | 2017-09-29 | 5.5 | CVE-2017-13984 MISC CONFIRM AUSCERT |
| hp -- bsm_platform_application_performance_management_system_health | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | 2017-09-29 | 4.0 | CVE-2017-13985 MISC CONFIRM AUSCERT |
| hp -- ucmdb_configuration_manager | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | 2017-09-29 | 4.3 | CVE-2017-14352 BID CONFIRM |
| jaspersoft -- jasperreports | Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector. | 2017-10-01 | 4.0 | CVE-2017-14941 MISC |
| openexif_project -- openexif | ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file. | 2017-09-29 | 4.3 | CVE-2017-14931 MISC MISC |
| openvswitch -- openvswitch | In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. | 2017-10-01 | 5.0 | CVE-2017-14970 CONFIRM CONFIRM |
| pivotx -- pivotx | lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. | 2017-10-01 | 6.5 | CVE-2017-14958 CONFIRM |
| pulsesecure -- pulse_one_on-premise | Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. | 2017-09-29 | 5.0 | CVE-2017-14935 CONFIRM |
| tiki -- tikiwiki_cms/groupware | Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. | 2017-09-29 | 6.0 | CVE-2017-14924 MISC MISC MISC |
| tiki -- tikiwiki_cms/groupware | Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site. | 2017-09-29 | 6.0 | CVE-2017-14925 MISC MISC MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| linux -- linux_kernel | The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call. | 2017-10-01 | 2.1 | CVE-2017-14954 MISC MISC MISC MISC MISC |
| tine20 -- tine_2.0 | Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 2017-09-29 | 3.5 | CVE-2017-14921 MISC MISC MISC MISC MISC |
| tine20 -- tine_2.0 | Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 2017-09-29 | 3.5 | CVE-2017-14922 MISC MISC MISC MISC MISC |
| tine20 -- tine_2.0 | Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 2017-09-29 | 3.5 | CVE-2017-14923 MISC MISC MISC MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| akka -- akka | Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service | 2017-10-04 | not yet calculated | CVE-2017-1000118 CONFIRM |
| apache -- geode | When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster. | 2017-10-02 | not yet calculated | CVE-2017-9797 MLIST |
| apache -- impala | In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an "ALL" privilege at the server scope. This privilege requirement for "CREATE" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for "ALTER" commands that would make existing non-external Kudu tables external. | 2017-10-03 | not yet calculated | CVE-2017-9792 BID CONFIRM MLIST |
| apache -- opennlp | When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected. | 2017-10-02 | not yet calculated | CVE-2017-12620 CONFIRM |
| apache -- tomcat | When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | 2017-10-03 | not yet calculated | CVE-2017-12617 BID MLIST |
| apache -- wicket | Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed. | 2017-10-02 | not yet calculated | CVE-2016-6806 MLIST |
| apache -- wicket | In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use. | 2017-10-02 | not yet calculated | CVE-2014-0043 MLIST |
| atutor -- atutor | Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website. | 2017-10-02 | not yet calculated | CVE-2017-14981 CONFIRM CONFIRM |
| bamboo -- bamdarwin | Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. | 2017-10-02 | not yet calculated | CVE-2015-6576 MISC BUGTRAQ CONFIRM CONFIRM |
| broadcom -- bcm4355c0_wi-fi_chips | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading. | 2017-10-03 | not yet calculated | CVE-2017-11122 MISC MISC CONFIRM CONFIRM |
| cisco -- adaptive_security_appliance | A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products: ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, ISA 3000 Industrial Security Appliance. Cisco Bug IDs: CSCvd59063. | 2017-10-05 | not yet calculated | CVE-2017-12246 BID SECTRACK CONFIRM |
| cisco -- adaptive_security_appliance | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka HREF XSS. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. The vulnerability exists in the Cisco Adaptive Security Appliance (ASA) Software when the WEBVPN feature is enabled. Cisco Bug IDs: CSCve91068. | 2017-10-05 | not yet calculated | CVE-2017-12265 BID SECTRACK CONFIRM |
| cisco -- anyconnect_secure_mobility_client | A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539. | 2017-10-05 | not yet calculated | CVE-2017-12268 BID SECTRACK CONFIRM |
| cisco -- firepower_system_software | A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly. The vulnerability is due to improper input validation of the fields in the IPv6 extension header packet. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability is specific to IPv6 traffic only. This vulnerability affects Cisco Firepower System Software Releases 6.0 and later when the software has one or more file action policies configured and is running on any of the following Cisco products: 3000 Series Industrial Security Appliances (ISR), Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Cisco Bug IDs: CSCvd34776. | 2017-10-05 | not yet calculated | CVE-2017-12244 BID CONFIRM |
| cisco -- firepower_threat_defense | A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.0.1 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances. Cisco Bug IDs: CSCve02069. | 2017-10-05 | not yet calculated | CVE-2017-12245 BID CONFIRM |
| cisco -- ios_xr_software_for_cisco_network_convergence_system | A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops. Cisco Bug IDs: CSCvb99388. | 2017-10-05 | not yet calculated | CVE-2017-12270 BID SECTRACK CONFIRM |
| cisco -- license_manager | A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577. | 2017-10-05 | not yet calculated | CVE-2017-12263 BID CONFIRM |
| cisco -- meeting_app_for_windows | A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL files before they are loaded. An attacker could exploit this vulnerability by installing a crafted DLL file in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to those of Cisco Meeting App. The attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvd77907. | 2017-10-05 | not yet calculated | CVE-2017-12266 BID CONFIRM |
| cisco -- meeting_server | A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A successful exploit could allow the attacker to cause a reload of the Web Admin Server. Cisco Bug IDs: CSCve89149. | 2017-10-05 | not yet calculated | CVE-2017-12264 BID SECTRACK CONFIRM |
| cisco -- spark_messaging | A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacker to retrieve sensitive information from the user. Cisco Bug IDs: CSCvf70587, CSCvf70592. | 2017-10-05 | not yet calculated | CVE-2017-12269 BID CONFIRM |
| cisco -- unified_communications_manager | A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993. | 2017-10-05 | not yet calculated | CVE-2017-12258 BID SECTRACK CONFIRM |
| cisco -- webex_meetings_server | A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608. | 2017-10-05 | not yet calculated | CVE-2017-12257 BID CONFIRM |
| cisco -- wide_area_application_services | A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457. | 2017-10-05 | not yet calculated | CVE-2017-12267 BID CONFIRM |
| cisco -- wide_area_application_services | A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions. Cisco Bug IDs: CSCve82472. | 2017-10-05 | not yet calculated | CVE-2017-12256 BID CONFIRM |
| cloud_foundry_foundation -- capi-release | In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. | 2017-10-03 | not yet calculated | CVE-2017-8048 CONFIRM |
| cloud_foundry_foundation -- routing-release | In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. | 2017-10-03 | not yet calculated | CVE-2017-8047 CONFIRM |
| computerinsel -- photoline | A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA file to trigger this vulnerability. | 2017-10-05 | not yet calculated | CVE-2017-12106 BID MISC |
| computerinsel -- photoline | An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability. | 2017-10-05 | not yet calculated | CVE-2017-2880 BID MISC |
| ctek -- skyrouter | An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating. | 2017-10-04 | not yet calculated | CVE-2017-14000 BID MISC |
| curl -- curl | curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`. | 2017-10-04 | not yet calculated | CVE-2017-1000101 BID SECTRACK CONFIRM GENTOO |
| curl_and_libcurl -- curl_and_libcurl | When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS. | 2017-10-04 | not yet calculated | CVE-2017-1000100 BID SECTRACK CONFIRM GENTOO |
| cyassl -- cyassl | CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. | 2017-10-06 | not yet calculated | CVE-2014-2903 SECUNIA MLIST |
| cybele -- thinfinity_remote_desktop_workstation | Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter. | 2017-10-06 | not yet calculated | CVE-2015-1429 CONFIRM MISC |
| darwin -- darwin | On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. | 2017-10-04 | not yet calculated | CVE-2017-1000097 CONFIRM CONFIRM CONFIRM |
dnsmasq -- dnsmasq | Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. | 2017-10-02 | not yet calculated | CVE-2017-14493 CONFIRM CONFIRM BID SECTRACK MISC EXPLOIT-DB MLIST MLIST |
| dnsmasq -- dnsmasq | Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. | 2017-10-02 | not yet calculated | CVE-2017-14495 CONFIRM CONFIRM BID SECTRACK MISC EXPLOIT-DB MLIST MLIST |
| dnsmasq -- dnsmasq | Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. | 2017-10-03 | not yet calculated | CVE-2017-14491 CONFIRM CONFIRM BID SECTRACK MISC EXPLOIT-DB MLIST MLIST |
| dnsmasq -- dnsmasq | dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. | 2017-10-02 | not yet calculated | CVE-2017-14494 CONFIRM CONFIRM BID SECTRACK MISC EXPLOIT-DB MLIST MLIST |
| dnsmasq -- dnsmasq | Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. | 2017-10-02 | not yet calculated | CVE-2017-14492 CONFIRM CONFIRM BID SECTRACK MISC EXPLOIT-DB MLIST MLIST |
| dnsmasq -- dnsmasq | Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. | 2017-10-02 | not yet calculated | CVE-2017-14496 CONFIRM CONFIRM BID SECTRACK MISC CONFIRM EXPLOIT-DB MLIST MLIST |
| dnsmasq -- dnsmasq | In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | 2017-10-02 | not yet calculated | CVE-2017-13704 CONFIRM CONFIRM BID SECTRACK FEDORA MISC MLIST MLIST |
| docker -- docker | Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. | 2017-10-06 | not yet calculated | CVE-2014-0047 MLIST BID CONFIRM |
| drupal-- compass_rose | Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable." | 2017-10-02 | not yet calculated | CVE-2015-7980 MLIST MLIST BID CONFIRM MISC |
| emc -- appsync | EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 2017-10-02 | not yet calculated | CVE-2017-8018 CONFIRM BID |
| emc -- elastic_cloud_storage | EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system. | 2017-10-02 | not yet calculated | CVE-2017-8021 CONFIRM BID |
| emtec -- pyrobatchftp | EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash). | 2017-10-05 | not yet calculated | CVE-2017-15035 MISC CONFIRM |
| eyesofnetwork -- eyesofnetwork | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php. | 2017-10-02 | not yet calculated | CVE-2017-14985 MISC |
| eyesofnetwork -- eyesofnetwork | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php. | 2017-10-02 | not yet calculated | CVE-2017-14984 MISC |
| eyesofnetwork -- eyesofnetwork | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php. | 2017-10-02 | not yet calculated | CVE-2017-14983 MISC |
| filerun -- filerun | FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | 2017-09-29 | not yet calculated | CVE-2017-14738 MISC MISC EXPLOIT-DB |
| foreman -- foreman | The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. | 2017-10-06 | not yet calculated | CVE-2015-5246 CONFIRM CONFIRM |
| frappe.share.get_users -- frappe.share.get_users | [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | 2017-10-04 | not yet calculated | CVE-2017-1000120 MISC |
| freebsd -- freebsd | In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character. | 2017-10-05 | not yet calculated | CVE-2017-15037 BID CONFIRM CONFIRM |
| ge -- cimplicity | A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. | 2017-10-05 | not yet calculated | CVE-2017-12732 BID MISC |
| gitmodules -- gitmodules | A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. | 2017-10-04 | not yet calculated | CVE-2017-1000117 BID SECTRACK GENTOO EXPLOIT-DB MISC |
| gnu -- binutils | find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. | 2017-10-04 | not yet calculated | CVE-2017-15024 MISC MISC MISC |
| gnu -- binutils | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. | 2017-10-04 | not yet calculated | CVE-2017-15025 MISC MISC MISC |
| gnu -- binutils | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. | 2017-10-04 | not yet calculated | CVE-2017-15023 MISC MISC MISC |
| gnu -- binutils | bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. | 2017-10-04 | not yet calculated | CVE-2017-15021 MISC MISC MISC |
| gnu -- binutils | dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. | 2017-10-04 | not yet calculated | CVE-2017-15022 MISC MISC MISC |
| gnu -- binutils | dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read. | 2017-10-04 | not yet calculated | CVE-2017-15020 MISC MISC MISC |
| go -- go | An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password. | 2017-10-05 | not yet calculated | CVE-2017-15042 CONFIRM CONFIRM CONFIRM CONFIRM |
| go -- go | Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get." | 2017-10-05 | not yet calculated | CVE-2017-15041 CONFIRM CONFIRM CONFIRM CONFIRM |
| google -- android | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567. | 2017-10-03 | not yet calculated | CVE-2017-0815 BID CONFIRM CONFIRM |
google -- android
| A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177. | 2017-10-03 | not yet calculated | CVE-2017-0811 BID CONFIRM CONFIRM |
google -- android
| An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974. | 2017-10-03 | not yet calculated | CVE-2017-0807 BID CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805. | 2017-10-03 | not yet calculated | CVE-2017-0806 BID CONFIRM CONFIRM |
google -- android
| An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781. | 2017-10-03 | not yet calculated | CVE-2017-0826 CONFIRM |
| google -- android | A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046. | 2017-10-03 | not yet calculated | CVE-2017-0813 BID CONFIRM CONFIRM |
google -- android
| A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128. | 2017-10-03 | not yet calculated | CVE-2017-0809 BID CONFIRM CONFIRM |
| google -- android | An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938. | 2017-10-03 | not yet calculated | CVE-2017-0816 BID CONFIRM CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044. | 2017-10-03 | not yet calculated | CVE-2017-0829 CONFIRM |
google -- android
| An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872. | 2017-10-03 | not yet calculated | CVE-2017-0827 BID CONFIRM |
google -- android
| An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722. | 2017-10-03 | not yet calculated | CVE-2017-0822 CONFIRM CONFIRM |
google -- android
| An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855. | 2017-10-03 | not yet calculated | CVE-2017-0828 CONFIRM |
google -- android
| A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066. | 2017-10-03 | not yet calculated | CVE-2017-0810 BID CONFIRM CONFIRM |
google -- android
| An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001. | 2017-10-03 | not yet calculated | CVE-2017-0824 CONFIRM |
| google -- android | An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140. | 2017-10-03 | not yet calculated | CVE-2017-0814 BID CONFIRM CONFIRM |
google -- android
| An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002. | 2017-10-03 | not yet calculated | CVE-2017-0825 CONFIRM |
| google -- android | A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918. | 2017-10-03 | not yet calculated | CVE-2017-0819 BID CONFIRM CONFIRM |
| google -- android | An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231. | 2017-10-03 | not yet calculated | CVE-2017-0812 BID CONFIRM CONFIRM |
| google -- android | An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430. | 2017-10-03 | not yet calculated | CVE-2017-0817 BID CONFIRM CONFIRM |
| google -- android | A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433. | 2017-10-03 | not yet calculated | CVE-2017-0820 BID CONFIRM CONFIRM |
| google -- android | An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655. | 2017-10-03 | not yet calculated | CVE-2017-0823 CONFIRM CONFIRM |
| google -- android | A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671. | 2017-10-03 | not yet calculated | CVE-2017-0818 BID CONFIRM CONFIRM |
| google -- android | An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183. | 2017-10-03 | not yet calculated | CVE-2017-0808 BID CONFIRM CONFIRM |
| google -- chrome | Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file. | 2017-10-06 | not yet calculated | CVE-2015-1206 CONFIRM CONFIRM CONFIRM |
| graphicsmagick -- graphicsmagick | GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. | 2017-10-03 | not yet calculated | CVE-2017-14997 CONFIRM BID CONFIRM CONFIRM |
| graphicsmagick -- graphicsmagick | ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames. | 2017-10-03 | not yet calculated | CVE-2017-14994 CONFIRM BID MISC CONFIRM |
| gxlcms -- gxlcms | Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php. | 2017-10-02 | not yet calculated | CVE-2017-14979 MISC |
hp -- hpe_sitescope
| An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | 2017-09-29 | not yet calculated | CVE-2017-14349 BID CONFIRM AUSCERT |
| hp -- ucmdb_foundation_software | A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting. | 2017-10-05 | not yet calculated | CVE-2017-14354 CONFIRM AUSCERT |
| hp -- ucmdb_foundation_software | A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | 2017-10-05 | not yet calculated | CVE-2017-14353 CONFIRM AUSCERT |
| huawei -- fusionserver | The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack. | 2017-10-02 | not yet calculated | CVE-2015-7843 BID CONFIRM |
| huawei -- fusionserver | The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command." | 2017-10-02 | not yet calculated | CVE-2015-7841 BID CONFIRM |
| i-sens -- smartlog_diabetes_management | An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient. | 2017-10-04 | not yet calculated | CVE-2017-13993 BID MISC |
| ibm -- aix_java_6_sdk | A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. | 2017-10-03 | not yet calculated | CVE-2017-1541 CONFIRM BID BID SECTRACK MISC |
| ibm -- bigfix_compliance_analytics | IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676. | 2017-10-05 | not yet calculated | CVE-2017-1201 CONFIRM MISC |
| ibm -- content_navigator_and_cmis | IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832. | 2017-10-05 | not yet calculated | CVE-2017-1522 CONFIRM MISC |
| ibm -- insights_foundation_for_energy | IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719. | 2017-10-02 | not yet calculated | CVE-2017-1311 CONFIRM BID MISC |
| ibm -- insights_foundation_for_energy | IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460. | 2017-10-02 | not yet calculated | CVE-2017-1345 CONFIRM MISC |
| ibm -- relm | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242. | 2017-10-02 | not yet calculated | CVE-2017-1334 CONFIRM BID MISC |
| ibm -- relm | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126686. | 2017-10-02 | not yet calculated | CVE-2017-1359 CONFIRM BID MISC |
| ibm -- relm | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862. | 2017-10-02 | not yet calculated | CVE-2017-1369 CONFIRM BID MISC |
| ibm -- relm | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243. | 2017-10-02 | not yet calculated | CVE-2017-1335 CONFIRM BID MISC |
| ibm -- relm | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975. | 2017-10-02 | not yet calculated | CVE-2017-1324 CONFIRM BID MISC |
| ibm -- relm | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126857. | 2017-10-02 | not yet calculated | CVE-2017-1364 CONFIRM BID MISC |
| ibm -- relm | IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127587. | 2017-10-02 | not yet calculated | CVE-2017-1429 CONFIRM BID MISC |
ibm -- spectrum_protect | IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163. | 2017-10-05 | not yet calculated | CVE-2017-1301 CONFIRM BID MISC |
| ibm -- spectrum_protect | IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875. | 2017-10-05 | not yet calculated | CVE-2017-1378 CONFIRM MISC |
| ibm -- spectrum_protect | IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247. | 2017-10-05 | not yet calculated | CVE-2017-1339 CONFIRM BID SECTRACK MISC |
| ibm -- tivoli_storage_manager | The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750. | 2017-10-05 | not yet calculated | CVE-2016-8937 CONFIRM MISC |
| ibm -- websphere_commerce | IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. | 2017-10-02 | not yet calculated | CVE-2017-1569 CONFIRM BID MISC |
| ibm -- websphere_message_broker | IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341. | 2017-10-03 | not yet calculated | CVE-2017-1126 CONFIRM BID MISC |
| idm -- idm | The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. | 2017-10-06 | not yet calculated | CVE-2017-9273 MISC |
| idm -- idm | The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. | 2017-10-06 | not yet calculated | CVE-2017-9272 MISC |
| imagemagick -- imagemagick | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. | 2017-10-04 | not yet calculated | CVE-2017-15015 CONFIRM |
| imagemagick -- imagemagick | A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. | 2017-10-02 | not yet calculated | CVE-2017-14989 CONFIRM |
| imagemagick -- imagemagick | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. | 2017-10-04 | not yet calculated | CVE-2017-15016 CONFIRM |
| imagemagick -- imagemagick | ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. | 2017-10-05 | not yet calculated | CVE-2017-15033 CONFIRM |
| imagemagick -- imagemagick | ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. | 2017-10-05 | not yet calculated | CVE-2017-15032 CONFIRM |
| imagemagick -- imagemagick | ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. | 2017-10-04 | not yet calculated | CVE-2017-15017 CONFIRM |
| ininet_solutions -- ininet_webserver | An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables. | 2017-10-04 | not yet calculated | CVE-2017-13995 BID MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on various Hitron devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Hitron. | 2017-10-06 | not yet calculated | CVE-2017-15069 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on UPC branded Compal CH7465-LG devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15067. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from UPC. | 2017-10-06 | not yet calculated | CVE-2017-15077 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on various Quantenna devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Quantenna. | 2017-10-06 | not yet calculated | CVE-2017-15072 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on various Comcast branded devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Comcast. | 2017-10-06 | not yet calculated | CVE-2017-15068 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from ASUS. | 2017-10-06 | not yet calculated | CVE-2017-15065 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on various Linksys devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Linksys. | 2017-10-06 | not yet calculated | CVE-2017-15070 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on various Arris devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Arris. | 2017-10-06 | not yet calculated | CVE-2017-15064 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris TG2492 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15064. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Virgin Media. | 2017-10-06 | not yet calculated | CVE-2017-15078 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on Samsung Home Media Server devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Samsung. | 2017-10-06 | not yet calculated | CVE-2017-15073 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | ** DISPUTED ** The Intel Puma 5, 6, and 7 chips, as used on Telstra branded NETGEAR C6300BD devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Telstra. NOTE: NETGEAR states "This vulnerability does not affect the following products: C6300BD-Telstra." | 2017-10-06 | not yet calculated | CVE-2017-15076 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on various Technicolor (formerly branded as Cisco) devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Technicolor. | 2017-10-06 | not yet calculated | CVE-2017-15075 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on various Compal devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Compal. | 2017-10-06 | not yet calculated | CVE-2017-15067 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on various AVM FRITZ!Box devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from AVM. | 2017-10-06 | not yet calculated | CVE-2017-15066 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300, CM400, CM700, and CMD31T devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from NETGEAR. | 2017-10-06 | not yet calculated | CVE-2017-15071 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| intel -- puma | The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from SMC. | 2017-10-06 | not yet calculated | CVE-2017-15074 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| ipswitch -- imail_server | Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED. | 2017-10-02 | not yet calculated | CVE-2017-12639 CONFIRM |
| ipswitch -- imail_server | Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE. | 2017-10-02 | not yet calculated | CVE-2017-12638 CONFIRM |
| issuetracker -- phpbugtracker | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters. | 2017-10-06 | not yet calculated | CVE-2015-2143 MLIST |
| issuetracker -- phpbugtracker | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2017-10-06 | not yet calculated | CVE-2015-2148 MLIST |
| issuetracker -- phpbugtracker | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 2017-10-06 | not yet calculated | CVE-2015-2145 MLIST |
| issuetracker -- phpbugtracker | Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. | 2017-10-06 | not yet calculated | CVE-2015-2146 MLIST CONFIRM |
| issuetracker -- phpbugtracker | Multiple cross-site scriping (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php. | 2017-10-06 | not yet calculated | CVE-2015-2144 MLIST CONFIRM |
| issuetracker -- phpbugtracker | Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 2017-10-06 | not yet calculated | CVE-2015-2147 MISC MLIST |
| issuetracker -- phpbugtracker | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php. | 2017-10-06 | not yet calculated | CVE-2015-2142 MLIST CONFIRM |
| jboss -- application_server | In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data. | 2017-10-04 | not yet calculated | CVE-2017-12149 BID CONFIRM |
| jenkins -- jenkins | GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability. | 2017-10-04 | not yet calculated | CVE-2017-1000087 CONFIRM |
| jenkins -- jenkins | The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form. | 2017-10-04 | not yet calculated | CVE-2017-1000114 BID CONFIRM |
| jenkins -- jenkins | The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords. | 2017-10-04 | not yet calculated | CVE-2017-1000113 CONFIRM |
| jenkins -- jenkins | Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability. | 2017-10-04 | not yet calculated | CVE-2017-1000094 CONFIRM |
| jenkins -- jenkins | Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection. | 2017-10-04 | not yet calculated | CVE-2017-1000107 CONFIRM |
| jenkins -- jenkins | GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery. | 2017-10-04 | not yet calculated | CVE-2017-1000091 CONFIRM |
| jenkins -- jenkins | Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles. | 2017-10-04 | not yet calculated | CVE-2017-1000096 BID CONFIRM |
| jenkins -- jenkins | The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient permissions to configure the provided files, view the configuration of the folder in which the configuration files are defined, or have Job/Configure permissions to a job able to use these files. | 2017-10-04 | not yet calculated | CVE-2017-1000104 CONFIRM |
| jenkins -- jenkins | The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links. | 2017-10-04 | not yet calculated | CVE-2017-1000088 CONFIRM |
| jenkins -- jenkins | The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead. | 2017-10-04 | not yet calculated | CVE-2017-1000108 CONFIRM |
| jenkins -- jenkins | The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient. | 2017-10-04 | not yet calculated | CVE-2017-1000105 CONFIRM |
| jenkins -- jenkins | Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission. | 2017-10-04 | not yet calculated | CVE-2017-1000093 CONFIRM |
| jenkins -- jenkins | The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. | 2017-10-04 | not yet calculated | CVE-2017-1000086 BID CONFIRM |
| jenkins -- jenkins | The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | 2017-10-04 | not yet calculated | CVE-2017-1000109 BID CONFIRM |
| jenkins -- jenkins | Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins. | 2017-10-04 | not yet calculated | CVE-2017-1000090 CONFIRM |
| jenkins -- jenkins | Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. | 2017-10-04 | not yet calculated | CVE-2017-1000084 CONFIRM |
| jenkins -- jenkins | Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server. | 2017-10-04 | not yet calculated | CVE-2017-1000092 BID CONFIRM |
| jenkins -- jenkins | Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins. | 2017-10-04 | not yet calculated | CVE-2017-1000089 CONFIRM |
| jenkins -- jenkins | Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks. | 2017-10-04 | not yet calculated | CVE-2017-1000085 BID CONFIRM |
| jenkins -- jenkins | The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object). | 2017-10-04 | not yet calculated | CVE-2017-1000095 CONFIRM |
| jenkins -- jenkins | Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean. | 2017-10-04 | not yet calculated | CVE-2017-1000110 CONFIRM |
| jenkins -- jenkins | Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name. | 2017-10-04 | not yet calculated | CVE-2017-1000106 CONFIRM |
| jenkins -- jenkins | The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view. | 2017-10-04 | not yet calculated | CVE-2017-1000102 BID CONFIRM |
| koji -- koji | Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission. | 2017-10-06 | not yet calculated | CVE-2017-1002153 CONFIRM |
| lame -- lame | LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call. | 2017-10-04 | not yet calculated | CVE-2017-15019 MISC |
| lame -- lame | LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c. | 2017-10-04 | not yet calculated | CVE-2017-15018 MISC |
| lame -- lame | LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. | 2017-10-06 | not yet calculated | CVE-2017-15046 MISC |
| lame -- lame | LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. | 2017-10-06 | not yet calculated | CVE-2017-15045 MISC |
| lenovo -- fingerprint_manager | Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | 2017-10-02 | not yet calculated | CVE-2015-3321 CONFIRM |
| lenovo -- system-update | Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. | 2017-10-02 | not yet calculated | CVE-2015-6971 CONFIRM MISC |
| libcsoap -- libcsoap | nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header. | 2017-10-06 | not yet calculated | CVE-2015-2297 MLIST |
| libcurl -- libcurl | libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. | 2017-10-06 | not yet calculated | CVE-2017-1000254 BID SECTRACK CONFIRM |
| libcurl -- libcurl | When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory. | 2017-10-04 | not yet calculated | CVE-2017-1000099 BID SECTRACK CONFIRM GENTOO |
| libofx -- libofx | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. | 2017-10-05 | not yet calculated | CVE-2017-2920 BID MISC |
| linux -- kernel | The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0. | 2017-10-03 | not yet calculated | CVE-2017-14991 CONFIRM CONFIRM BID CONFIRM |
| linux -- kernel | Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW. | 2017-10-04 | not yet calculated | CVE-2017-1000111 BID SECTRACK CONFIRM |
| linux -- kernel | Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary. | 2017-10-04 | not yet calculated | CVE-2017-1000253 BID SECTRACK MISC |
| linux -- kernel | Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005. | 2017-10-04 | not yet calculated | CVE-2017-1000112 MLIST BID SECTRACK |
| loytec -- lvis-3me | An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access. | 2017-10-05 | not yet calculated | CVE-2017-13998 BID MISC |
| loytec -- lvis-3me | An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution. | 2017-10-05 | not yet calculated | CVE-2017-13992 BID MISC |
| loytec_lvis-3me | A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code. | 2017-10-05 | not yet calculated | CVE-2017-13996 BID MISC |
| mercurial -- mercurial | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. | 2017-10-04 | not yet calculated | CVE-2017-1000116 BID GENTOO CONFIRM |
| mercurial -- mercurial | Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | 2017-10-04 | not yet calculated | CVE-2017-1000115 BID GENTOO CONFIRM |
| myscada -- mypro | An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. | 2017-10-06 | not yet calculated | CVE-2017-12730 BID MISC |
| net/http -- net/http | The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors. | 2017-10-04 | not yet calculated | CVE-2017-1000098 CONFIRM CONFIRM CONFIRM |
| nexusphp -- nexusphp | Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php. | 2017-10-02 | not yet calculated | CVE-2017-12792 MISC |
| node.js -- node.js | A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU. | 2017-10-03 | not yet calculated | CVE-2017-15010 BID CONFIRM CONFIRM CONFIRM |
| ntdriver.c -- ntdriver.c | The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes. | 2017-10-02 | not yet calculated | CVE-2015-7359 MISC MLIST MLIST MISC CONFIRM |
| october -- cms | October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | 2017-10-04 | not yet calculated | CVE-2017-1000119 CONFIRM |
| openexr -- openexr | Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. | 2017-10-02 | not yet calculated | CVE-2017-14988 MISC |
| openkm -- openkm | Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. | 2017-10-06 | not yet calculated | CVE-2014-8957 MISC BID MISC |
| opentext_document -- sciences_xpression | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service. | 2017-10-02 | not yet calculated | CVE-2017-14759 MISC MISC |
| opentext_document -- sciences_xpression | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId. | 2017-10-02 | not yet calculated | CVE-2017-14755 MISC MISC |
| opentext_document -- sciences_xpression | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | 2017-10-02 | not yet calculated | CVE-2017-14754 MISC MISC |
| opentext_document -- sciences_xpression | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | 2017-10-02 | not yet calculated | CVE-2017-14757 MISC MISC EXPLOIT-DB |
| opentext_document -- sciences_xpression | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | 2017-10-02 | not yet calculated | CVE-2017-14758 MISC MISC EXPLOIT-DB |
| opentext_document -- sciences_xpression | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id). | 2017-10-02 | not yet calculated | CVE-2017-14756 MISC MISC |
| openvpn -- openvpn | OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. | 2017-10-03 | not yet calculated | CVE-2017-12166 BID SECTRACK MISC |
| philips -- hue_bridge | Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | 2017-09-30 | not yet calculated | CVE-2017-14797 MISC |
| phpcollab -- phpcollab | Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/. | 2017-10-02 | not yet calculated | CVE-2017-6090 MISC EXPLOIT-DB |
| phpcollab -- phpcollab | SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php. | 2017-10-02 | not yet calculated | CVE-2017-6089 MISC EXPLOIT-DB |
| pngcrush -- pngcrush | Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file. | 2017-10-06 | not yet calculated | CVE-2015-2158 MLIST BID CONFIRM CONFIRM |
| prtg -- network_monitor | PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element. | 2017-10-03 | not yet calculated | CVE-2017-15008 MISC |
| prtg -- network_monitor | PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. | 2017-10-03 | not yet calculated | CVE-2017-15009 MISC |
| qnap -- music_station | QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS. | 2017-10-06 | not yet calculated | CVE-2017-13069 CONFIRM |
| qnap -- qnap | QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack. | 2017-10-06 | not yet calculated | CVE-2017-13068 MISC |
| qt -- qt | The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. | 2017-10-03 | not yet calculated | CVE-2017-15011 MISC MISC |
| rapid7 -- metasploit | The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. | 2017-10-06 | not yet calculated | CVE-2017-15084 CONFIRM |
| redis -- redis | The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." | 2017-10-06 | not yet calculated | CVE-2017-15047 MISC |
| ruby -- ruby | The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack. | 2017-10-06 | not yet calculated | CVE-2015-1828 CONFIRM CONFIRM CONFIRM |
| saia_burgess -- pcd_controllers | An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents. | 2017-10-04 | not yet calculated | CVE-2017-9628 BID MISC |
| schneider_electric -- indusoft_web_studio | A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server. | 2017-10-02 | not yet calculated | CVE-2017-13997 BID MISC |
| sentinel -- ldk_rte | Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files. | 2017-10-02 | not yet calculated | CVE-2017-11498 MISC MISC |
| sentinel -- ldk_rte | Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. | 2017-10-03 | not yet calculated | CVE-2017-12820 MISC |
| sentinel -- ldk_rte | Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files. | 2017-10-02 | not yet calculated | CVE-2017-11496 MISC MISC |
| sentinel -- ldk_rte | Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters. | 2017-10-02 | not yet calculated | CVE-2017-11497 MISC MISC |
| sentinel -- ldk_rte | Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution. | 2017-10-03 | not yet calculated | CVE-2017-12821 MISC |
| sentinel -- ldk_rte | Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors. | 2017-10-03 | not yet calculated | CVE-2017-12822 MISC |
| sentinel -- ldk_rte | Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55. | 2017-10-03 | not yet calculated | CVE-2017-12819 MISC |
| sentinel -- ldk_rte | Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service. | 2017-10-03 | not yet calculated | CVE-2017-12818 MISC |
| skybox -- manager_client_application | Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts. | 2017-10-02 | not yet calculated | CVE-2017-14772 BID CONFIRM |
| skybox_security -- skybox_manager_client_application | Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application. | 2017-10-02 | not yet calculated | CVE-2017-14771 BID CONFIRM |
| skybox_security -- skybox_manager_client_application | Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process. | 2017-10-02 | not yet calculated | CVE-2017-14770 BID CONFIRM |
| skybox_security -- skybox_manager_client_application | Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker. | 2017-10-02 | not yet calculated | CVE-2017-14773 BID CONFIRM |
| smarterstats -- smarterstats | SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | 2017-09-29 | not yet calculated | CVE-2017-14620 MISC EXPLOIT-DB |
| solarwinds -- network_performance_monitor | The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism. | 2017-10-02 | not yet calculated | CVE-2017-9538 BUGTRAQ BID |
| solarwinds -- network_performance_monitor | Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters. | 2017-10-02 | not yet calculated | CVE-2017-9537 BUGTRAQ BID |
| spidercontrol -- scada_web_server | An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services. | 2017-10-04 | not yet calculated | CVE-2017-12728 BID MISC |
| static_analysis_utilities -- static_analysis_utilities | The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view. | 2017-10-04 | not yet calculated | CVE-2017-1000103 BID CONFIRM |
| subrion -- cms | There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. | 2017-10-06 | not yet calculated | CVE-2017-15063 MISC |
| texlive -- texlive | The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. | 2017-10-06 | not yet calculated | CVE-2015-0296 FEDORA FEDORA MLIST BID CONFIRM |
| trend_micro -- officescan | Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests. | 2017-10-05 | not yet calculated | CVE-2017-14086 MISC BID SECTRACK CONFIRM EXPLOIT-DB |
| trend_micro -- officescan | An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues. | 2017-10-05 | not yet calculated | CVE-2017-14089 MISC BID SECTRACK CONFIRM EXPLOIT-DB |
| trend_micro -- officescan | A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. | 2017-10-05 | not yet calculated | CVE-2017-14084 MISC BID SECTRACK CONFIRM EXPLOIT-DB |
| trend_micro -- officescan | A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | 2017-10-05 | not yet calculated | CVE-2017-14087 MISC BID SECTRACK CONFIRM EXPLOIT-DB |
| trend_micro -- officescan | A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | 2017-10-05 | not yet calculated | CVE-2017-14083 MISC BID SECTRACK CONFIRM EXPLOIT-DB |
| trend_micro -- officescan | Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | 2017-10-05 | not yet calculated | CVE-2017-14088 BID SECTRACK MISC MISC CONFIRM |
| trend_micro -- officescan | Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules. | 2017-10-05 | not yet calculated | CVE-2017-14085 MISC BID SECTRACK CONFIRM EXPLOIT-DB |
| truecrypt -- truecrypt | The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory. | 2017-10-02 | not yet calculated | CVE-2015-7358 MISC MLIST MLIST MISC CONFIRM EXPLOIT-DB |
| ucopia -- wireless_appliance | The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client. | 2017-10-02 | not yet calculated | CVE-2017-11322 MISC EXPLOIT-DB |
| ucopia -- wireless_appliance | The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. | 2017-10-02 | not yet calculated | CVE-2017-11321 MISC EXPLOIT-DB |
| upx -- upx | p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack(). | 2017-10-06 | not yet calculated | CVE-2017-15056 MISC |
wordpress -- wordpress | WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). | 2017-10-02 | not yet calculated | CVE-2017-14990 MISC |
| wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php. | 2017-10-06 | not yet calculated | CVE-2014-8758 MISC MISC |
| wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter. | 2017-10-06 | not yet calculated | CVE-2014-8492 MISC MISC |
| wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php. | 2017-10-06 | not yet calculated | CVE-2014-7240 MISC MISC |
| wordpress -- wordpress | The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for Wordpress allows remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters. | 2017-10-06 | not yet calculated | CVE-2015-2673 MISC |
| wordpress -- wordpress | WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | 2017-10-02 | not yet calculated | CVE-2017-14848 EXPLOIT-DB |
| wordpress -- wordpress | The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | 2017-10-06 | not yet calculated | CVE-2017-15079 CONFIRM CONFIRM |
| wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>. | 2017-10-02 | not yet calculated | CVE-2015-7357 MISC FULLDISC CONFIRM MISC |
| wso2 -- wso2 | The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS. | 2017-10-03 | not yet calculated | CVE-2017-14995 CONFIRM |
| zoho_site24x7 -- mobile_network_poller | The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. | 2017-09-29 | not yet calculated | CVE-2017-14582 BID MISC |
| loytec -- lvis-3me | A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link. | 2017-10-05 | not yet calculated | CVE-2017-13994 BID MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.