Vulnerability Summary for the Week of May 1, 2017
Released
May 08, 2017
Document ID
SB17-128
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| iodata -- wn-g300r3_firmware | WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. | 2017-04-28 | 9.0 | CVE-2017-2141 JVN MISC |
| iodata -- wn-g300r3_firmware | Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2017-04-28 | 10.0 | CVE-2017-2142 JVN MISC |
| ipa -- appgoat | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. | 2017-04-28 | 7.5 | CVE-2017-2101 JVN BID |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| booking_calendar_project -- booking_calendar | Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. | 2017-04-28 | 5.0 | CVE-2017-2150 JVN MISC |
| booking_calendar_project -- booking_calendar | Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | 4.3 | CVE-2017-2151 JVN MISC |
| buffalo_inc -- wnc01wh_firmware | WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. | 2017-04-28 | 5.2 | CVE-2017-2152 JVN |
| cubecart -- cubecart | Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 2017-04-28 | 4.0 | CVE-2017-2090 JVN BID MISC |
| cubecart -- cubecart | Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | 2017-04-28 | 4.0 | CVE-2017-2098 JVN BID MISC |
| cubecart -- cubecart | Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. | 2017-04-28 | 4.0 | CVE-2017-2117 JVN BID MISC |
| cybozu -- garoon | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. | 2017-04-28 | 4.0 | CVE-2017-2091 JVN BID MISC |
| cybozu -- garoon | Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | 2017-04-28 | 4.3 | CVE-2017-2093 JVN BID MISC |
| cybozu -- garoon | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. | 2017-04-28 | 4.0 | CVE-2017-2094 JVN BID MISC |
| cybozu -- garoon | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. | 2017-04-28 | 4.0 | CVE-2017-2095 JVN BID MISC |
| cybozu -- office | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | 2017-04-28 | 4.0 | CVE-2017-2115 JVN BID MISC |
| cybozu -- office | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. | 2017-04-28 | 4.0 | CVE-2017-2116 JVN BID MISC |
| gaku -- tablacus_explorer | Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. | 2017-04-28 | 6.8 | CVE-2017-2140 JVN MISC |
| i.con_corporation -- hoozin_viewer | Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage. | 2017-04-28 | 6.8 | CVE-2017-2155 JVN MISC |
| ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. | 2017-04-28 | 6.8 | CVE-2017-1194 CONFIRM BID |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8343 BID CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8344 BID CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8345 BID CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8346 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8347 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8348 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8349 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8350 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8351 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8352 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8353 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8354 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8355 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8356 CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. | 2017-04-30 | 4.3 | CVE-2017-8357 CONFIRM |
| information-technology_promotion_agency -- introduction_to_safe_website_operation | Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | 2017-04-28 | 6.8 | CVE-2017-2128 JVN BID |
| ipa -- appgoat | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. | 2017-04-28 | 6.8 | CVE-2017-2099 JVN BID |
| ipa -- appgoat | Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. | 2017-04-28 | 6.8 | CVE-2017-2100 JVN BID |
| ipa -- appgoat | Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2017-04-28 | 6.8 | CVE-2017-2102 JVN BID |
| justsystems -- hanako | Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | 6.8 | CVE-2017-2154 JVN MISC |
| libarchive -- libarchive | The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 2017-04-30 | 4.3 | CVE-2016-10349 MISC |
| libarchive -- libarchive | The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 2017-04-30 | 4.3 | CVE-2016-10350 MISC |
| libsndfile_project -- libsndfile | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | 2017-04-30 | 4.3 | CVE-2017-8361 MISC |
| libsndfile_project -- libsndfile | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. | 2017-04-30 | 4.3 | CVE-2017-8362 MISC |
| libsndfile_project -- libsndfile | The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | 2017-04-30 | 4.3 | CVE-2017-8363 MISC |
| libsndfile_project -- libsndfile | The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. | 2017-04-30 | 4.3 | CVE-2017-8365 MISC |
| netgear -- prosafe_plus_configuration_utility | ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. | 2017-04-28 | 4.3 | CVE-2017-2137 JVN MISC |
| olive_design -- olive_blog | Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 2017-04-28 | 4.3 | CVE-2016-7839 JVN BID |
| olive_design -- olive_blog | Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. | 2017-04-28 | 4.3 | CVE-2016-7840 JVN BID |
| olive_design -- olive_diary_dx | Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 2017-04-28 | 4.3 | CVE-2016-7841 JVN BID |
| onethird -- onethird_cms | Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. | 2017-04-28 | 4.3 | CVE-2017-2123 JVN BID MISC |
| onethird -- onethird_cms | Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php. | 2017-04-28 | 4.3 | CVE-2017-2124 JVN MISC |
| securebrain -- phishwall_client_for_internet_explorer | Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-04-28 | 6.8 | CVE-2017-2130 JVN MISC BID |
| uchida_yoko_co._ltd -- assetbase | Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | 4.3 | CVE-2017-2134 JVN BID |
| wbce -- wbce_cms | Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | 4.3 | CVE-2017-2118 JVN BID MISC |
| wbce -- wbce_cms | Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 2017-04-28 | 5.0 | CVE-2017-2119 JVN BID MISC |
| wbce -- wbce_cms | SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | 2017-04-28 | 6.0 | CVE-2017-2120 JVN BID MISC |
| wp_statistics -- wp_statistics | Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | 4.3 | CVE-2017-2135 JVN MISC |
| wp_statistics -- wp_statistics | Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | 2017-04-28 | 4.3 | CVE-2017-2136 JVN BID MISC |
| wp_statistics -- wp_statistics | Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | 4.3 | CVE-2017-2147 JVN BID MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cybozu -- garoon | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | 3.5 | CVE-2017-2092 JVN BID MISC |
| cybozu -- office | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | 3.5 | CVE-2017-2114 JVN BID MISC |
| iodata -- wn-ac1167gr_firmware | Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | 3.5 | CVE-2017-2148 JVN MISC BID |
| yourownprogrammer -- yop_poll | Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | 3.5 | CVE-2017-2127 JVN BID |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 21st_century_insurance -- 21st_century_insurance_app | The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5919 MISC |
| 360fly -- 4k_cameras | 360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program. | 2017-05-01 | not yet calculated | CVE-2017-8403 MISC |
| 7-zip32.dll -- 7-zip32.dll | Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-04-28 | not yet calculated | CVE-2017-2107 MISC JVN BID |
| accellioin -- accellion_fta | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding. | 2017-05-05 | not yet calculated | CVE-2017-8760 MISC |
| accellion -- fta_devices | An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. | 2017-05-05 | not yet calculated | CVE-2017-8304 MISC |
| accellion -- fta_devices | An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. | 2017-05-05 | not yet calculated | CVE-2017-8303 MISC |
| accellion -- fta | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. | 2017-05-05 | not yet calculated | CVE-2017-8791 MISC |
| accellion -- fta | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter. | 2017-05-05 | not yet calculated | CVE-2017-8795 MISC |
| accellion -- fta | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. | 2017-05-05 | not yet calculated | CVE-2017-8792 MISC |
| accellion -- fta | An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. | 2017-05-05 | not yet calculated | CVE-2017-8789 MISC |
| accellion -- fta | An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. | 2017-05-05 | not yet calculated | CVE-2017-8788 MISC |
| accellion -- fta | An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. | 2017-05-05 | not yet calculated | CVE-2017-8796 MISC |
| accellion -- fta | An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection. | 2017-05-05 | not yet calculated | CVE-2017-8790 MISC |
| accellion -- fta | An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. | 2017-05-05 | not yet calculated | CVE-2017-8794 MISC |
| accellion -- fta | An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy. | 2017-05-05 | not yet calculated | CVE-2017-8793 MISC |
| access_cx_app -- access_cx_app | The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-04-28 | not yet calculated | CVE-2017-2110 JVN BID |
| advantech -- b+b_smartworx_mesr901_firmware | A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. | 2017-05-05 | not yet calculated | CVE-2017-7909 MISC |
| advantech -- webaccess | upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. | 2017-05-02 | not yet calculated | CVE-2016-5810 MISC MISC |
| advantech -- webaccess | An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. | 2017-05-05 | not yet calculated | CVE-2017-7929 MISC |
| allied_telesis -- centrecom_ar260s_v2 | Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account. | 2017-04-28 | not yet calculated | CVE-2017-2125 JVN MISC BID |
| america's_first_federal_credit_union -- mobile_banking_app | The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5916 MISC |
| apache -- qpid_proton | The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | 2017-05-02 | not yet calculated | CVE-2016-4467 MLIST BID SECTRACK |
| atlassian -- hipchat | Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | 2017-05-05 | not yet calculated | CVE-2017-8080 BID CONFIRM CONFIRM |
| atlassian -- hipchat | Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | 2017-05-05 | not yet calculated | CVE-2017-8058 MISC |
| atlassian -- sourcetree | Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. | 2017-05-04 | not yet calculated | CVE-2017-8768 MISC MISC MISC |
| avahi -- avahi | avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. | 2017-04-30 | not yet calculated | CVE-2017-6519 MISC MISC |
| axis_communications -- network_cameras | The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. | 2017-05-02 | not yet calculated | CVE-2015-8257 MISC BID EXPLOIT-DB |
| banco_de_costa_rica -- bcr_movil_app | The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5918 MISC |
| banco_santander_mexico -- sa_puermovil_app | The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5911 MISC |
| bmc -- server_automation | The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | 2017-05-02 | not yet calculated | CVE-2016-5063 BID CONFIRM |
| bose -- soundtouch_30 | The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. | 2017-04-30 | not yet calculated | CVE-2017-6520 MISC |
| brave -- brave | Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. | 2017-05-03 | not yet calculated | CVE-2017-8458 MISC MISC |
| ca_technologies -- CA-client_automation | The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. | 2017-05-05 | not yet calculated | CVE-2017-8391 CONFIRM |
| certec_edv -- atvise_scada | A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. | 2017-05-05 | not yet calculated | CVE-2017-6029 MISC |
| certec_edv -- atvise_scada | A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution. | 2017-05-05 | not yet calculated | CVE-2017-6031 MISC |
| cisco -- cvr100w_wireless-n_VPN_router | A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457. | 2017-05-03 | not yet calculated | CVE-2017-6620 BID CONFIRM |
| cisco -- firepower | A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service" vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361. | 2017-05-03 | not yet calculated | CVE-2017-6625 BID CONFIRM |
| cisco -- ios | A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939. | 2017-05-03 | not yet calculated | CVE-2017-6624 BID CONFIRM |
| cisco -- unified_contact_center_enterprise | A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314. | 2017-05-03 | not yet calculated | CVE-2017-6626 BID CONFIRM |
| cisco -- unity_connection | A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118. | 2017-05-03 | not yet calculated | CVE-2017-6629 BID CONFIRM |
| cisco -- wide_area_application_services | A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133. | 2017-05-03 | not yet calculated | CVE-2017-6628 BID CONFIRM |
| citrix -- xenmobile_server | Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. | 2017-05-05 | not yet calculated | CVE-2016-6877 MISC |
| cloud_foundry -- cloud_controller | The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. | 2017-05-02 | not yet calculated | CVE-2016-5006 CONFIRM CONFIRM |
| craft_cms -- craft_cms | Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. | 2017-05-01 | not yet calculated | CVE-2017-8385 CONFIRM CONFIRM |
| craft_cms -- craft_cms | Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. | 2017-05-01 | not yet calculated | CVE-2017-8383 CONFIRM CONFIRM |
| craft_cms -- craft_cms | Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. | 2017-05-01 | not yet calculated | CVE-2017-8384 CONFIRM CONFIRM |
| cybervision -- kaa_iot_platform | A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. | 2017-05-05 | not yet calculated | CVE-2017-7911 MISC |
| cybozu -- kunai | Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. | 2017-04-28 | not yet calculated | CVE-2017-2109 JVN BID MISC |
| cybozu -- remote_service_manager | Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | 2017-04-28 | not yet calculated | CVE-2016-7815 JVN BID MISC |
| dahua -- multiple_devices | A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. | 2017-05-05 | not yet calculated | CVE-2017-7925 MISC MISC |
| dahua -- multiple_devices | A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password. | 2017-05-05 | not yet calculated | CVE-2017-7927 MISC MISC |
| dollar_bank -- dollar_bank_mobile_app | The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5905 MISC |
| dot_it -- banque_zitouna_app | The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5914 MISC |
| electronic_funds_source -- mobile_driver_source_app | The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5909 MISC |
| emc -- data_dominion | EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. | 2017-05-04 | not yet calculated | CVE-2017-4983 CONFIRM BID |
| emirates_nbd_bank -- pjsc_emirates_nbd_ksa_app | The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5915 MISC |
| ether_software -- multiple_products | Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username. | 2017-04-30 | not yet calculated | CVE-2017-8367 MISC EXPLOIT-DB |
| ettercap_project -- ettercap | The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter. | 2017-04-30 | not yet calculated | CVE-2017-8366 MISC |
| everyday_health -- diabetes_in_check_app | The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5906 MISC |
| f5 -- multiple_products | An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. | 2017-05-01 | not yet calculated | CVE-2017-6128 CONFIRM |
| forex.com -- forextrader_app | The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5912 MISC |
| forex.com -- tradeking_forex_app | The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5913 MISC |
| foxit_software -- foxit_reader_phantompdf | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | 2017-05-03 | not yet calculated | CVE-2017-8454 MISC MISC |
| foxit_software -- foxit_reader_phantompdf | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | 2017-05-03 | not yet calculated | CVE-2017-8453 MISC MISC |
| foxit_software -- foxit_reader_phantompdf | Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. | 2017-05-03 | not yet calculated | CVE-2017-8455 MISC MISC |
| foxit_software -- foxit_reader | Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. | 2017-05-05 | not yet calculated | CVE-2017-8059 MISC |
| franklin_fueling_systems -- ts-550_evo | On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload. | 2017-05-01 | not yet calculated | CVE-2017-6565 MISC MISC |
| franklin_fueling_systems -- ts-550_evo | On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks. | 2017-05-01 | not yet calculated | CVE-2017-6564 MISC MISC |
| genixcms -- genixcms | GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element. | 2017-05-03 | not yet calculated | CVE-2017-8762 MISC |
| genixcms -- genixcms | GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. | 2017-05-01 | not yet calculated | CVE-2017-8377 MISC |
| genixcms -- genixcms | GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. | 2017-05-01 | not yet calculated | CVE-2017-8376 MISC |
| genixcms -- genixcms | GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element. | 2017-05-04 | not yet calculated | CVE-2017-8780 MISC |
| genixcms -- genixcms | GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request. | 2017-05-01 | not yet calculated | CVE-2017-8388 MISC |
| getsimple -- getsimple_cms | Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce. | 2017-04-30 | not yet calculated | CVE-2017-8081 CONFIRM |
| gitlab -- gitlab | GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. | 2017-05-04 | not yet calculated | CVE-2017-8778 CONFIRM CONFIRM |
| gnu_binutils -- gnu_binutils | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. | 2017-05-01 | not yet calculated | CVE-2017-8397 CONFIRM |
| gnu_binutils -- gnu_binutils | The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. | 2017-05-02 | not yet calculated | CVE-2017-8421 CONFIRM |
| gnu_binutils -- gnu_binutils | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. | 2017-05-01 | not yet calculated | CVE-2017-8396 CONFIRM |
| gnu_binutils -- gnu_binutils | dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. | 2017-05-01 | not yet calculated | CVE-2017-8398 CONFIRM |
| gnu_binutils -- gnu_binutils | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. | 2017-05-01 | not yet calculated | CVE-2017-8394 CONFIRM |
| gnu_binutils -- gnu_binutils | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. | 2017-05-01 | not yet calculated | CVE-2017-8395 CONFIRM |
| gnu_binutils -- gnu_binutils | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. | 2017-05-01 | not yet calculated | CVE-2017-8393 CONFIRM |
| gnu_binutils -- gnu_binutils | The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. | 2017-05-01 | not yet calculated | CVE-2017-8392 CONFIRM |
| gnulib -- gnulib | Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. | 2017-05-02 | not yet calculated | CVE-2017-7476 CONFIRM BID CONFIRM CONFIRM CONFIRM |
| google -- grpc | Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. | 2017-04-30 | not yet calculated | CVE-2017-8359 BID MISC MISC |
| great_southern_bank -- great_southern_mobile_banking_app | The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5907 MISC |
| hibara -- attachecase | Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | 2017-04-28 | not yet calculated | CVE-2016-7842 JVN BID MISC |
| hibara -- attachecase | Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. | 2017-04-28 | not yet calculated | CVE-2016-7843 JVN MISC BID |
| hikvision -- ds-2cd2xx2f-i_ds-2cd2xx0f-i | An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. | 2017-05-05 | not yet calculated | CVE-2017-7921 MISC MISC |
| hikvision -- ds-2cd2xx2f-i_ds-2cd2xx0f-i | A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information. | 2017-05-05 | not yet calculated | CVE-2017-7923 MISC MISC |
| ibm -- bigfix_remote_control | IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. | 2017-05-03 | not yet calculated | CVE-2016-2930 CONFIRM BID |
| ibm -- insights_foundation_for_energy | IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. | 2017-04-28 | not yet calculated | CVE-2017-1141 CONFIRM BID |
| ibm -- marketing_platform | IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 110564. | 2017-05-05 | not yet calculated | CVE-2016-0255 CONFIRM |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. | 2017-05-03 | not yet calculated | CVE-2016-9976 CONFIRM BID |
| ibm -- tealeaf_consumer_experience | The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356. | 2017-05-03 | not yet calculated | CVE-2016-0382 CONFIRM BID |
| ibm -- tivoli_storage_manager | IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. | 2017-05-05 | not yet calculated | CVE-2016-8916 CONFIRM |
| ibm -- websphere_cast_iron_solutions | IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. | 2017-05-05 | not yet calculated | CVE-2016-9691 CONFIRM |
| ibm -- websphere_cast_iron_solutions | IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516. | 2017-05-05 | not yet calculated | CVE-2016-9692 CONFIRM |
| ibm -- websphere_portal | IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592 | 2017-05-05 | not yet calculated | CVE-2017-1156 CONFIRM |
| imagemagick -- imagemagick | The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. | 2017-05-04 | not yet calculated | CVE-2017-8765 CONFIRM |
| intel -- intel_manageability_programs | An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). | 2017-05-02 | not yet calculated | CVE-2017-5689 BID CONFIRM CONFIRM MISC MISC MISC |
| iodata -- webcam_firmware | Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2017-04-28 | not yet calculated | CVE-2017-2113 JVN MISC BID |
| iodata -- webcam_firmware | HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. | 2017-04-28 | not yet calculated | CVE-2017-2111 JVN MISC BID |
| iodata -- webcam_firmware | TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2017-04-28 | not yet calculated | CVE-2017-2112 JVN MISC BID |
| irfanview -- irfanview | IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file. | 2017-04-30 | not yet calculated | CVE-2017-7721 CONFIRM MISC |
| irods -- irods | Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved via igetwild. Because igetwild is a Bash script, the part of the pathname following the semicolon would be executed in the user's shell. | 2017-05-05 | not yet calculated | CVE-2017-8799 CONFIRM |
| k-opticom -- business_lala_call_app | The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-04-28 | not yet calculated | CVE-2017-2104 JVN BID |
| k-opticom -- lala_call_app | The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-04-28 | not yet calculated | CVE-2017-2103 JVN BID |
| kerio -- connect | Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | 2017-05-02 | not yet calculated | CVE-2017-7440 MISC |
| kmcis -- caseaware | An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string. | 2017-05-01 | not yet calculated | CVE-2017-5631 MISC |
| lame -- lame | LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. | 2017-05-02 | not yet calculated | CVE-2017-8419 MISC |
| libreoffice -- libreoffice | LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. | 2017-04-30 | not yet calculated | CVE-2017-8358 MISC MISC |
| libtirpc_ntirpc -- libtirpc_ntirpc | rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. | 2017-05-04 | not yet calculated | CVE-2017-8779 MISC MISC MISC MISC |
| linux -- linux_kernel | The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. | 2017-05-02 | not yet calculated | CVE-2014-9940 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. | 2017-05-02 | not yet calculated | CVE-2015-9004 CONFIRM BID CONFIRM CONFIRM |
| linux -- linux_kernel | The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. | 2017-04-28 | not yet calculated | CVE-2017-7895 BID CONFIRM CONFIRM |
| linuxcontainers -- lxc | lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. | 2017-05-01 | not yet calculated | CVE-2016-8649 BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| netiq -- imanager | NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. | 2017-05-03 | not yet calculated | CVE-2017-7428 CONFIRM CONFIRM CONFIRM |
| novell -- imanager | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. | 2017-05-03 | not yet calculated | CVE-2017-7431 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| novell -- imanager | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. | 2017-05-03 | not yet calculated | CVE-2017-7430 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| novell -- imanager | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. | 2017-05-03 | not yet calculated | CVE-2017-7432 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| nvidia -- video_driver | An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331. | 2017-05-02 | not yet calculated | CVE-2017-0331 CONFIRM |
| openssl -- openssl | In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. | 2017-05-04 | not yet calculated | CVE-2016-7053 BID CONFIRM |
| openssl -- openssl | There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. | 2017-05-04 | not yet calculated | CVE-2017-3732 BID CONFIRM |
| openssl -- openssl | There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. | 2017-05-04 | not yet calculated | CVE-2016-7055 BID CONFIRM |
| openssl -- openssl | If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. | 2017-05-04 | not yet calculated | CVE-2017-3731 BID CONFIRM |
| openssl -- openssl | During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. | 2017-05-04 | not yet calculated | CVE-2017-3733 BID CONFIRM |
| openssl -- openssl | In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. | 2017-05-04 | not yet calculated | CVE-2017-3730 BID CONFIRM |
| openssl -- openssl | In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. | 2017-05-04 | not yet calculated | CVE-2016-7054 BID CONFIRM |
| opsview -- monitor_pro | In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. | 2017-05-03 | not yet calculated | CVE-2016-10367 MISC |
| opsview -- monitor_pro | Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI. | 2017-05-03 | not yet calculated | CVE-2016-10368 MISC |
| palo_alto_networks -- pan-os | The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. | 2017-05-02 | not yet calculated | CVE-2017-7216 BID CONFIRM |
| panda_security -- panda_mobile_security_app | Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | 2017-05-05 | not yet calculated | CVE-2017-8060 MISC |
| payquicker -- payquicker_app | The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5902 MISC |
| pcre2 -- pcre2 | pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. | 2017-05-04 | not yet calculated | CVE-2017-8786 MISC MISC MISC MISC |
| pcre2 -- pcre2 | PCRE2 before 2017-03-10 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a "pattern with very many captures." | 2017-05-01 | not yet calculated | CVE-2017-8399 MISC MISC |
| pexip -- infinity | Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. | 2017-05-02 | not yet calculated | CVE-2017-6551 BID CONFIRM |
| podofo -- podofo | Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size. | 2017-04-30 | not yet calculated | CVE-2017-8378 MISC |
| podofo -- podpfo | The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file. | 2017-05-05 | not yet calculated | CVE-2017-8787 MISC |
| primedrive -- desktop_application | Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-04-28 | not yet calculated | CVE-2017-2108 JVN BID MISC |
| proxmox -- mail_gateway | Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. | 2017-05-03 | not yet calculated | CVE-2015-9058 MISC |
| proxmox -- mail_gateway | Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. | 2017-05-03 | not yet calculated | CVE-2015-9057 MISC |
| qemu -- qemu | Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. | 2017-05-02 | not yet calculated | CVE-2017-8086 CONFIRM MLIST BID CONFIRM MLIST |
| qemu -- qemu | hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. | 2017-05-02 | not yet calculated | CVE-2017-8112 MLIST BID CONFIRM MLIST |
| quick_heal -- multiple_products | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. | 2017-05-04 | not yet calculated | CVE-2017-8774 MISC |
| quick_heal -- multiple_products | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. | 2017-05-04 | not yet calculated | CVE-2017-8775 MISC |
| quick_heal -- multiple_products | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation. | 2017-05-04 | not yet calculated | CVE-2017-8773 MISC |
| quick_heal -- multiple_products | Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product. | 2017-05-04 | not yet calculated | CVE-2017-8776 MISC |
| radicale -- radicale | Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. | 2017-04-30 | not yet calculated | CVE-2017-8342 CONFIRM CONFIRM CONFIRM CONFIRM |
| rapid7 -- appspider_pro | Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. | 2017-05-03 | not yet calculated | CVE-2017-5236 CONFIRM |
| rapid7 -- appspider_pro | Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash. | 2017-05-03 | not yet calculated | CVE-2017-5240 CONFIRM |
| rockwell_automation -- controllogix_5580_controllers | A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller. | 2017-05-05 | not yet calculated | CVE-2017-6024 MISC |
| rubocop -- rubocop | RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. | 2017-05-02 | not yet calculated | CVE-2017-8418 MISC MISC |
| ruby -- ruby | The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks. | 2017-05-02 | not yet calculated | CVE-2016-4442 MLIST CONFIRM CONFIRM |
| rxvt -- rxvt | Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. | 2017-05-02 | not yet calculated | CVE-2017-7483 MLIST MLIST |
| rzip -- rzip_2.1 | The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. | 2017-04-30 | not yet calculated | CVE-2017-8364 MISC |
| sandisk -- sdhc/sdxc_memory_card | Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-04-28 | not yet calculated | CVE-2017-2149 JVN BID MISC |
| schneider_electric -- struxureware_data_center_expert | Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 2017-04-30 | not yet calculated | CVE-2017-8371 MISC MISC |
| smalruby-editor -- smalruby-editor | smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 2017-04-28 | not yet calculated | CVE-2017-2096 JVN MISC BID |
| softonic -- panda_free_antivirus | PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver. | 2017-04-30 | not yet calculated | CVE-2017-8339 MISC |
| space_coast_credit_union -- space_coast_credit_union_mobile_app | The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-3212 MISC BID MISC |
| state_bank_of_india -- state_bank_anywhere_app | The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-5901 MISC |
| support-project -- knowledge | Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2017-04-28 | not yet calculated | CVE-2017-2097 JVN BID |
| swftools -- swftools | In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. | 2017-05-01 | not yet calculated | CVE-2017-8401 CONFIRM |
| swftools -- swftools | In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution. | 2017-05-01 | not yet calculated | CVE-2017-8400 CONFIRM |
| telaxus -- epesi | Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter. | 2017-05-04 | not yet calculated | CVE-2017-8763 MISC |
| telegram -- telegram_desktop | Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations. | 2017-04-30 | not yet calculated | CVE-2016-10351 MISC |
| tex_live -- tex_live | TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. | 2017-05-02 | not yet calculated | CVE-2016-10243 DEBIAN MLIST BID FEDORA FEDORA MISC CONFIRM |
| think_mutual_bank -- think_mutual_bank_mobile_banking_app | The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-05-05 | not yet calculated | CVE-2017-3213 MISC BID MISC |
| trend_micro -- officescan | Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. | 2017-05-03 | not yet calculated | CVE-2017-5481 BID CONFIRM |
| trend_micro -- officescan | Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. | 2017-05-05 | not yet calculated | CVE-2017-8801 CONFIRM CONFIRM |
| tver -- tver_app | The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-04-28 | not yet calculated | CVE-2017-2105 JVN BID |
| underbit -- mad | The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file. | 2017-04-30 | not yet calculated | CVE-2017-8372 MISC |
| underbit -- mad | The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. | 2017-04-30 | not yet calculated | CVE-2017-8373 MISC |
| underbit -- mad | The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. | 2017-04-30 | not yet calculated | CVE-2017-8374 MISC |
| vaultive -- o365 | PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure). | 2017-05-03 | not yet calculated | CVE-2017-7229 MISC |
| vivaldi_software -- vivaldi | Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | 2017-04-28 | not yet calculated | CVE-2017-2156 BID JVN MISC |
| webmin -- webmin | Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-04-28 | not yet calculated | CVE-2017-2106 JVN BID MISC |
| wordpress -- wordpress | WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. | 2017-05-04 | not yet calculated | CVE-2017-8295 BID MISC EXPLOIT-DB |
| xen_project -- xen | Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. | 2017-05-03 | not yet calculated | CVE-2017-7995 CONFIRM CONFIRM |
| xirrus -- arrayos | SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 2017-05-05 | not yet calculated | CVE-2017-6557 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.