Vulnerability Summary for the Week of September 11, 2017
Released
Sep 24, 2017
Document ID
SB17-267
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| anblik -- image-gallery-with-slideshow | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. | 2017-09-14 | 7.5 | CVE-2017-1002012 MISC MISC |
| anblik -- image-gallery-with-slideshow | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | 2017-09-14 | 7.5 | CVE-2017-1002013 MISC MISC |
| anblik -- image-gallery-with-slideshow | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. | 2017-09-14 | 7.5 | CVE-2017-1002014 MISC MISC |
| anblik -- image-gallery-with-slideshow | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. | 2017-09-14 | 7.5 | CVE-2017-1002015 MISC MISC |
| angrybyte -- gallery-transformation | Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. | 2017-09-14 | 7.5 | CVE-2017-1002028 MISC MISC MISC |
| anydesk -- anydesk | AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. | 2017-09-12 | 7.5 | CVE-2017-14397 CONFIRM |
| apache -- traffic_server | Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. | 2017-09-13 | 10.0 | CVE-2015-5168 MLIST |
| apache -- traffic_server | Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. | 2017-09-13 | 10.0 | CVE-2015-5206 MLIST |
| apple -- iphone_os | In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings. | 2017-09-12 | 7.9 | CVE-2017-14315 BID MISC |
| axesstel -- mu553s_firmware | Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account. | 2017-09-13 | 10.0 | CVE-2017-11351 MISC |
| blog_project -- blog | SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | 2017-09-12 | 7.5 | CVE-2017-14345 MISC |
| corega -- wlr_300_nm_firmware | CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 2017-09-15 | 7.7 | CVE-2017-10813 MISC JVN |
| corega -- wlr_300_nm_firmware | Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. | 2017-09-15 | 7.7 | CVE-2017-10814 MISC JVN |
| d-link -- dir-850l_firmware | register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. | 2017-09-13 | 7.5 | CVE-2017-14417 MISC |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. | 2017-09-13 | 10.0 | CVE-2017-14421 MISC |
| d-link -- dir-850l_firmware | The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. | 2017-09-13 | 10.0 | CVE-2017-14429 MISC |
| daisythemes -- easy_team_manager | Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | 2017-09-14 | 7.5 | CVE-2017-1002023 MISC MISC |
| daj -- i-filter_installer | Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-15 | 9.3 | CVE-2017-10858 MISC JVN |
| daj -- i-filter_installer | Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-15 | 9.3 | CVE-2017-10859 MISC JVN |
| daj -- i-filter_installer | Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | 2017-09-15 | 9.3 | CVE-2017-10860 MISC BID JVN |
| dolibarr -- dolibarr | SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. | 2017-09-11 | 7.5 | CVE-2017-14238 CONFIRM |
| dolibarr -- dolibarr | SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | 2017-09-11 | 7.5 | CVE-2017-14242 CONFIRM |
| emc -- appsync | EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 2017-09-12 | 7.5 | CVE-2017-8015 CONFIRM BID |
| eventr_project -- eventr | Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | 2017-09-14 | 7.5 | CVE-2017-1002018 MISC MISC |
| eventr_project -- eventr | Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. | 2017-09-14 | 7.5 | CVE-2017-1002019 MISC MISC |
| eyesofnetwork -- eonweb | SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. | 2017-09-11 | 7.5 | CVE-2017-14247 MISC |
| eyesofnetwork -- eonweb | SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. | 2017-09-11 | 7.5 | CVE-2017-14252 MISC |
| eyesofnetwork -- eonweb | The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. | 2017-09-12 | 7.5 | CVE-2017-14401 MISC |
| eyesofnetwork -- eonweb | The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php. | 2017-09-12 | 7.5 | CVE-2017-14402 MISC |
| eyesofnetwork -- eonweb | The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. | 2017-09-12 | 7.5 | CVE-2017-14403 MISC |
| eyesofnetwork -- eonweb | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | 2017-09-12 | 7.5 | CVE-2017-14405 MISC |
| ffmpeg -- ffmpeg | In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | 2017-09-08 | 7.1 | CVE-2017-14222 BID CONFIRM |
| ffmpeg -- ffmpeg | In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | 2017-09-08 | 7.1 | CVE-2017-14223 BID CONFIRM |
| fujitsu -- fence-explorer | Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-09-15 | 9.3 | CVE-2017-10855 MISC JVN |
| google -- android | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. | 2017-09-14 | 8.3 | CVE-2017-0781 BID CONFIRM |
| google -- android | A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237. | 2017-09-14 | 8.3 | CVE-2017-0782 BID CONFIRM |
| honeywell -- enterprise_dvr_firmware | Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. | 2017-09-11 | 9.3 | CVE-2017-14263 MISC |
| ibm -- db2 | IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057. | 2017-09-12 | 7.2 | CVE-2017-1438 CONFIRM BID SECTRACK MISC |
| ibm -- db2 | IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. | 2017-09-12 | 7.2 | CVE-2017-1439 CONFIRM BID SECTRACK MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. | 2017-09-12 | 7.1 | CVE-2017-14325 BID CONFIRM |
| jungo -- windriver | This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. | 2017-09-11 | 7.2 | CVE-2017-14075 MISC EXPLOIT-DB |
| jungo -- windriver | This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824b7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. | 2017-09-11 | 7.2 | CVE-2017-14153 MISC EXPLOIT-DB |
| libraw -- libraw | A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | 2017-09-11 | 7.5 | CVE-2017-14265 CONFIRM |
| linux -- linux_kernel | The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. | 2017-09-15 | 7.2 | CVE-2017-14497 CONFIRM MLIST BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| microsoft -- .net_framework | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." | 2017-09-12 | 9.3 | CVE-2017-8759 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756. | 2017-09-12 | 7.6 | CVE-2017-11764 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751. | 2017-09-12 | 7.6 | CVE-2017-11766 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 2017-09-12 | 7.6 | CVE-2017-8649 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 2017-09-12 | 9.3 | CVE-2017-8660 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 2017-09-12 | 7.6 | CVE-2017-8729 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766. | 2017-09-12 | 7.6 | CVE-2017-8731 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766. | 2017-09-12 | 7.6 | CVE-2017-8734 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 2017-09-12 | 7.6 | CVE-2017-8738 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 2017-09-12 | 7.6 | CVE-2017-8740 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766. | 2017-09-12 | 7.6 | CVE-2017-8751 SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 2017-09-12 | 7.6 | CVE-2017-8752 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 2017-09-12 | 7.6 | CVE-2017-8753 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764. | 2017-09-12 | 7.6 | CVE-2017-8755 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-11764. | 2017-09-12 | 7.6 | CVE-2017-8756 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability". | 2017-09-12 | 7.6 | CVE-2017-8757 BID SECTRACK CONFIRM |
| microsoft -- excel | A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744. | 2017-09-12 | 9.3 | CVE-2017-8632 BID SECTRACK CONFIRM |
| microsoft -- excel_for_mac | A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution". | 2017-09-12 | 9.3 | CVE-2017-8567 BID SECTRACK CONFIRM |
| microsoft -- excel_web_app_2013 | A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744. | 2017-09-12 | 9.3 | CVE-2017-8631 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 2017-09-12 | 7.6 | CVE-2017-8741 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8749. | 2017-09-12 | 7.6 | CVE-2017-8747 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | 2017-09-12 | 7.6 | CVE-2017-8748 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8747. | 2017-09-12 | 7.6 | CVE-2017-8749 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | 2017-09-12 | 7.6 | CVE-2017-8750 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- office | Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744. | 2017-09-12 | 9.3 | CVE-2017-8630 BID SECTRACK CONFIRM |
| microsoft -- office_online_server | A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742. | 2017-09-12 | 9.3 | CVE-2017-8743 BID SECTRACK CONFIRM |
| microsoft -- office_web_apps | Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution." | 2017-09-12 | 7.6 | CVE-2017-8696 BID SECTRACK CONFIRM |
| microsoft -- publisher | A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution". | 2017-09-12 | 9.3 | CVE-2017-8725 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683. | 2017-09-12 | 9.3 | CVE-2017-8682 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- windows_10 | The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka "Uniscribe Remote Code Execution Vulnerability". | 2017-09-12 | 9.3 | CVE-2017-8692 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675. | 2017-09-12 | 7.2 | CVE-2017-8720 BID SECTRACK CONFIRM |
| microsoft -- windows_rt_8.1 | Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka "Windows Shell Remote Code Execution Vulnerability". | 2017-09-12 | 7.6 | CVE-2017-8699 BID SECTRACK CONFIRM |
| microsoft -- windows_rt_8.1 | Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8737. | 2017-09-12 | 7.6 | CVE-2017-8728 BID SECTRACK CONFIRM |
| microsoft -- windows_rt_8.1 | Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8728. | 2017-09-12 | 7.6 | CVE-2017-8737 BID SECTRACK CONFIRM |
| microsoft -- windows_server_2012 | The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability". | 2017-09-12 | 7.5 | CVE-2017-8686 BID SECTRACK CONFIRM |
| nagios -- nagios_core | Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. | 2017-09-11 | 7.2 | CVE-2017-14312 BID MISC |
| nttdocomo -- wi-fi_station_l-02f_firmware | Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. | 2017-09-15 | 10.0 | CVE-2017-10845 JVN MISC |
| ontraport -- membership_simplified | Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. | 2017-09-14 | 7.5 | CVE-2017-1002009 MISC MISC |
| ontraport -- membership_simplified | Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. | 2017-09-14 | 7.5 | CVE-2017-1002010 MISC MISC |
| opwglobal -- sitesentinel_integra_100_firmware | A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client. | 2017-09-08 | 7.5 | CVE-2017-12731 BID MISC |
| opwglobal -- sitesentinel_integra_100_firmware | A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges. | 2017-09-08 | 7.5 | CVE-2017-12733 BID MISC |
| osticket -- osticket | In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | 2017-09-12 | 7.5 | CVE-2017-14396 CONFIRM |
| qemu -- qemu | Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. | 2017-09-08 | 7.2 | CVE-2017-14167 MLIST MLIST |
| rayanehdownload -- rk-responsive-contact-form | Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. | 2017-09-14 | 7.5 | CVE-2017-1002027 MISC MISC MISC |
| samsung -- srn_470d_firmware | On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. | 2017-09-11 | 9.3 | CVE-2017-14262 MISC |
| surveys_project -- surveys | Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. | 2017-09-14 | 7.5 | CVE-2017-1002020 MISC MISC MISC |
| surveys_project -- surveys | Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. | 2017-09-14 | 7.5 | CVE-2017-1002021 MISC MISC MISC |
| surveys_project -- surveys | Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. | 2017-09-14 | 7.5 | CVE-2017-1002022 MISC MISC MISC |
| tcpdump -- tcpdump | The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). | 2017-09-14 | 7.5 | CVE-2017-13019 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | 2017-09-14 | 7.5 | CVE-2017-13020 SECTRACK CONFIRM CONFIRM CONFIRM |
| tcpdump -- tcpdump | The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). | 2017-09-14 | 7.5 | CVE-2017-13021 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). | 2017-09-14 | 7.5 | CVE-2017-13022 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | 2017-09-14 | 7.5 | CVE-2017-13023 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | 2017-09-14 | 7.5 | CVE-2017-13024 SECTRACK CONFIRM CONFIRM CONFIRM |
| tcpdump -- tcpdump | The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). | 2017-09-14 | 7.5 | CVE-2017-13025 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). | 2017-09-14 | 7.5 | CVE-2017-13029 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. | 2017-09-14 | 7.5 | CVE-2017-13030 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). | 2017-09-14 | 7.5 | CVE-2017-13031 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). | 2017-09-14 | 7.5 | CVE-2017-13032 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). | 2017-09-14 | 7.5 | CVE-2017-13033 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). | 2017-09-14 | 7.5 | CVE-2017-13035 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). | 2017-09-14 | 7.5 | CVE-2017-13036 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). | 2017-09-14 | 7.5 | CVE-2017-13037 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). | 2017-09-14 | 7.5 | CVE-2017-13038 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. | 2017-09-14 | 7.5 | CVE-2017-13039 SECTRACK CONFIRM CONFIRM |
| tcpdump -- tcpdump | The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). | 2017-09-14 | 7.5 | CVE-2017-13725 SECTRACK CONFIRM CONFIRM CONFIRM |
| user_dashboard_project -- user_dashboard | Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2017-09-11 | 7.5 | CVE-2015-7877 CONFIRM MISC |
| xen -- xen | A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array. | 2017-09-12 | 7.2 | CVE-2017-14316 BID SECTRACK CONFIRM |
| xen -- xen | A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. | 2017-09-12 | 7.2 | CVE-2017-14319 BID SECTRACK CONFIRM |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| add-edit-delete-listing-for-member-module_project -- add-edit-delete-listing-for-member-module | Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. | 2017-09-14 | 6.5 | CVE-2017-1002025 MISC MISC |
| alegrocart -- alegrocart | Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. | 2017-09-11 | 6.5 | CVE-2015-9226 MISC FULLDISC MISC EXPLOIT-DB |
| alegrocart -- alegrocart | PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. | 2017-09-11 | 6.5 | CVE-2015-9227 MISC FULLDISC MISC EXPLOIT-DB |
| apache -- brooklyn | In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability. | 2017-09-13 | 6.8 | CVE-2016-8737 BID CONFIRM MLIST |
| axesstel -- mu553s_firmware | Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. | 2017-09-13 | 6.8 | CVE-2017-11350 MISC |
| azeotech -- daqfactory | An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path. | 2017-09-08 | 4.6 | CVE-2017-5147 BID MISC |
| bento4 -- bento4 | In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. | 2017-09-11 | 6.8 | CVE-2017-14257 CONFIRM |
| bento4 -- bento4 | In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. | 2017-09-11 | 6.8 | CVE-2017-14258 CONFIRM |
| bento4 -- bento4 | In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. | 2017-09-11 | 6.8 | CVE-2017-14259 CONFIRM |
| bento4 -- bento4 | In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. | 2017-09-11 | 6.8 | CVE-2017-14260 CONFIRM |
| bento4 -- bento4 | In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. | 2017-09-11 | 6.8 | CVE-2017-14261 CONFIRM |
| blackcat-cms -- blackcat_cms | In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | 2017-09-12 | 6.5 | CVE-2017-14399 MISC |
| blackwave -- dive_assistant | XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. | 2017-09-12 | 4.3 | CVE-2017-8918 MISC |
| bobcares -- gift-certificate-creator | Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. | 2017-09-14 | 4.3 | CVE-2017-1002017 MISC MISC |
| cyrus -- imap | In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. | 2017-09-10 | 6.4 | CVE-2017-14230 CONFIRM CONFIRM CONFIRM CONFIRM |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. | 2017-09-13 | 4.3 | CVE-2017-14413 MISC |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | 2017-09-13 | 4.3 | CVE-2017-14414 MISC |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. | 2017-09-13 | 4.3 | CVE-2017-14415 MISC |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. | 2017-09-13 | 4.3 | CVE-2017-14416 MISC |
| d-link -- dir-850l_firmware | The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. | 2017-09-13 | 4.3 | CVE-2017-14418 MISC |
| d-link -- dir-850l_firmware | The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. | 2017-09-13 | 4.3 | CVE-2017-14419 MISC |
| d-link -- dir-850l_firmware | The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 2017-09-13 | 4.3 | CVE-2017-14420 MISC |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 2017-09-13 | 5.0 | CVE-2017-14422 MISC |
| d-link -- dir-850l_firmware | htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. | 2017-09-13 | 5.0 | CVE-2017-14423 MISC |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic. | 2017-09-13 | 5.0 | CVE-2017-14430 MISC |
| dolibarr -- dolibarr | There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. | 2017-09-11 | 5.0 | CVE-2017-14240 CONFIRM |
| drupal -- drupal | Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. | 2017-09-13 | 5.8 | CVE-2015-2749 CONFIRM DEBIAN MLIST BID CONFIRM CONFIRM |
| drupal -- drupal | Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | 2017-09-13 | 5.8 | CVE-2015-2750 CONFIRM CONFIRM DEBIAN MLIST BID CONFIRM |
| dtracker_project -- dtracker | Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. | 2017-09-14 | 5.0 | CVE-2017-1002004 BID MISC MISC |
| dtracker_project -- dtracker | Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | 2017-09-14 | 5.0 | CVE-2017-1002005 BID MISC MISC |
| dtracker_project -- dtracker | Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | 2017-09-14 | 5.0 | CVE-2017-1002006 BID MISC MISC |
| dtracker_project -- dtracker | Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | 2017-09-14 | 5.0 | CVE-2017-1002007 BID MISC MISC |
| ellucian -- banner_student | Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. | 2017-09-11 | 5.0 | CVE-2015-4688 MISC BUGTRAQ |
| ellucian -- banner_student | Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset." | 2017-09-11 | 5.0 | CVE-2015-4689 MISC BUGTRAQ |
| ellucian -- banner_student | Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | 2017-09-11 | 5.8 | CVE-2015-5054 MISC BUGTRAQ |
| eventespresso -- event_management_and_registration_system | Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. | 2017-09-14 | 6.5 | CVE-2017-1002026 MISC MISC |
| eyesofnetwork -- eonweb | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring. | 2017-09-12 | 5.0 | CVE-2017-14404 MISC |
| fedoraproject -- python-fedora | python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection | 2017-09-14 | 5.8 | CVE-2017-1002150 MISC MISC |
| gameconnect -- sourcebans | Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. | 2017-09-11 | 4.3 | CVE-2015-8349 BUGTRAQ MISC |
| genixcms -- genixcms | GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php. | 2017-09-10 | 5.0 | CVE-2017-14231 CONFIRM CONFIRM |
| gnu -- binutils | The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. | 2017-09-12 | 4.3 | CVE-2017-14333 CONFIRM |
| google -- android | Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | 2017-09-15 | 4.6 | CVE-2015-1527 BID CONFIRM MISC |
| google -- android | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701. | 2017-09-14 | 6.1 | CVE-2017-0783 BID CONFIRM |
| gwolle_guestbook_project -- gwolle_guestbook | PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled. | 2017-09-11 | 6.8 | CVE-2015-8351 MISC BUGTRAQ CONFIRM EXPLOIT-DB MISC |
| ibm -- api_connect | IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546. | 2017-09-13 | 4.0 | CVE-2017-1556 CONFIRM BID MISC |
| ibm -- maximo_asset_management | IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538. | 2017-09-12 | 6.0 | CVE-2017-1352 CONFIRM BID MISC |
| ibm -- qradar_security_information_and_event_manager | IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. | 2017-09-12 | 5.0 | CVE-2017-1162 CONFIRM BID MISC |
| imagemagick -- imagemagick | A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. | 2017-09-08 | 6.8 | CVE-2017-14224 BID CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. | 2017-09-12 | 4.3 | CVE-2017-14324 BID CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file. | 2017-09-12 | 4.3 | CVE-2017-14400 BID CONFIRM |
| inboundnow -- call_to_action | Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/. | 2017-09-11 | 4.3 | CVE-2015-8350 MISC BUGTRAQ CONFIRM MISC |
| jasper_project -- jasper | There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. | 2017-09-09 | 5.0 | CVE-2017-14229 BID MISC |
| jenkins -- jenkins | Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. | 2017-09-12 | 5.0 | CVE-2014-9634 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| jenkins -- jenkins | Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | 2017-09-12 | 5.0 | CVE-2014-9635 MLIST BID CONFIRM CONFIRM CONFIRM MISC CONFIRM |
| kubik-rubik -- easy_joomla_backup | Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename. | 2017-09-08 | 5.0 | CVE-2017-2550 MISC |
| libraw -- libraw | LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | 2017-09-12 | 6.8 | CVE-2017-14348 BID CONFIRM |
| libreoffice -- libreoffice | WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. | 2017-09-09 | 5.0 | CVE-2017-14226 MISC MISC MISC MISC MISC MISC |
| linux -- linux_kernel | The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. | 2017-09-08 | 6.9 | CVE-2017-12146 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. | 2017-09-15 | 4.9 | CVE-2017-14489 CONFIRM CONFIRM |
| mantisbt -- mantisbt | CAPTCHA bypass vulnerability in MantisBT before 1.2.19. | 2017-09-12 | 5.0 | CVE-2014-9624 MLIST SECTRACK CONFIRM XF CONFIRM CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648. | 2017-09-12 | 4.3 | CVE-2017-8643 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754. | 2017-09-12 | 4.3 | CVE-2017-8723 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735. | 2017-09-12 | 4.3 | CVE-2017-8724 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724. | 2017-09-12 | 4.3 | CVE-2017-8735 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | 2017-09-12 | 4.3 | CVE-2017-8739 BID SECTRACK CONFIRM |
| microsoft -- edge | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723. | 2017-09-12 | 4.0 | CVE-2017-8754 BID SECTRACK CONFIRM |
| microsoft -- exchange_server | Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability" | 2017-09-12 | 5.0 | CVE-2017-11761 BID SECTRACK CONFIRM |
| microsoft -- exchange_server | Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability." | 2017-09-12 | 4.3 | CVE-2017-8758 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability". | 2017-09-12 | 4.3 | CVE-2017-8733 BID SECTRACK CONFIRM |
| microsoft -- internet_explorer | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability". | 2017-09-12 | 4.3 | CVE-2017-8736 BID SECTRACK SECTRACK CONFIRM |
| microsoft -- windows_10 | Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648. | 2017-09-12 | 4.3 | CVE-2017-8597 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643. | 2017-09-12 | 4.3 | CVE-2017-8648 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability". | 2017-09-12 | 4.4 | CVE-2017-8702 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability". | 2017-09-12 | 4.9 | CVE-2017-8704 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Remote Desktop Virtual Host Remote Code Execution Vulnerability". | 2017-09-12 | 6.9 | CVE-2017-8714 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka "Windows Security Feature Bypass Vulnerability". | 2017-09-12 | 4.6 | CVE-2017-8716 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability". | 2017-09-12 | 4.6 | CVE-2017-8746 BID SECTRACK CONFIRM |
| microsoft -- windows_7 | The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability". | 2017-09-12 | 4.3 | CVE-2017-8710 BID SECTRACK MISC |
| microsoft -- windows_rt_8.1 | The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability". | 2017-09-12 | 6.8 | CVE-2017-0161 BID SECTRACK CONFIRM |
| microsoft -- windows_rt_8.1 | Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability". | 2017-09-12 | 4.3 | CVE-2017-8628 BID SECTRACK CONFIRM |
| microsoft -- windows_rt_8.1 | The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".. This CVE ID is unique from CVE-2017-8720. | 2017-09-12 | 6.9 | CVE-2017-8675 BID SECTRACK CONFIRM |
| mongodb -- mongodb | In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. | 2017-09-09 | 5.0 | CVE-2017-14227 BID MISC MISC MISC |
| mp3gain -- mp3gain | A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. | 2017-09-12 | 4.3 | CVE-2017-14406 MISC |
| mp3gain -- mp3gain | A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. | 2017-09-12 | 4.3 | CVE-2017-14407 MISC |
| mp3gain -- mp3gain | A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. | 2017-09-12 | 4.3 | CVE-2017-14408 MISC |
| mp3gain -- mp3gain | A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | 2017-09-12 | 6.8 | CVE-2017-14409 MISC |
| mp3gain -- mp3gain | A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. | 2017-09-12 | 4.3 | CVE-2017-14410 MISC |
| mp3gain -- mp3gain | A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | 2017-09-12 | 6.8 | CVE-2017-14411 MISC |
| mp3gain -- mp3gain | An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact. | 2017-09-12 | 6.8 | CVE-2017-14412 MISC |
| nexusphp_project -- nexusphp | NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. | 2017-09-12 | 4.3 | CVE-2017-14347 MISC |
| nttdocomo -- wi-fi_station_l-02f_firmware | Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | 2017-09-15 | 5.0 | CVE-2017-10846 JVN MISC |
| pagure -- pagure | Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization | 2017-09-14 | 5.0 | CVE-2017-1002151 MISC MISC |
| pivotal_software -- single_sign-on_for_pivotal_cloud_foundry | In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system. | 2017-09-08 | 4.0 | CVE-2017-8040 BID CONFIRM |
| pivotal_software -- single_sign-on_for_pivotal_cloud_foundry | In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name. | 2017-09-08 | 4.3 | CVE-2017-8041 BID CONFIRM |
| redhat -- enterprise_linux | Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. | 2017-09-14 | 4.7 | CVE-2015-7553 CONFIRM |
| role_scoper_project -- role_scoper | Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php. | 2017-09-11 | 4.3 | CVE-2015-8353 MISC BUGTRAQ CONFIRM MISC MISC |
| shibboleth_project -- shibboleth | The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg(). | 2017-09-11 | 4.3 | CVE-2017-14313 CONFIRM CONFIRM MISC |
| silverstripe -- silverstripe | SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. | 2017-09-15 | 4.3 | CVE-2017-14498 MISC MISC MISC MISC |
| sophos -- hitmanpro | A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call. | 2017-09-13 | 4.9 | CVE-2017-6007 MISC MISC |
| sophos -- hitmanpro | A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call. | 2017-09-13 | 4.6 | CVE-2017-6008 MISC MISC MISC MISC |
| stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9." | 2017-09-11 | 4.6 | CVE-2017-14295 MISC |
| stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869." | 2017-09-11 | 4.6 | CVE-2017-14310 MISC |
| symantec -- encryption_desktop | Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests." | 2017-09-13 | 4.0 | CVE-2017-6330 BID CONFIRM |
| tcpdump -- tcpdump | The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). | 2017-09-14 | 5.0 | CVE-2017-12997 BID SECTRACK CONFIRM CONFIRM |
| tcpreplay -- tcpreplay | tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file. | 2017-09-12 | 6.8 | CVE-2017-14266 EXPLOIT-DB |
| ultimatemember -- ultimate_member | Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. | 2017-09-11 | 4.3 | CVE-2015-8354 MISC BUGTRAQ MISC MISC |
| xen -- xen | A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.). | 2017-09-12 | 4.7 | CVE-2017-14317 BID SECTRACK CONFIRM |
| xen -- xen | An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct. | 2017-09-12 | 4.9 | CVE-2017-14318 BID SECTRACK CONFIRM |
| xnview -- xnview | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010." | 2017-09-11 | 4.6 | CVE-2017-14270 MISC |
| xnview -- xnview | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e." | 2017-09-11 | 4.6 | CVE-2017-14271 MISC |
| xnview -- xnview | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000595d." | 2017-09-11 | 4.6 | CVE-2017-14272 MISC |
| xnview -- xnview | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0." | 2017-09-11 | 4.6 | CVE-2017-14273 MISC |
| xnview -- xnview | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706." | 2017-09-11 | 4.6 | CVE-2017-14274 MISC |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ait-pro -- bulletproof_security | In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter. | 2017-09-12 | 3.5 | CVE-2015-9230 MISC MISC MISC MISC MISC MISC |
| anblik -- image-gallery-with-slideshow | Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. | 2017-09-14 | 3.5 | CVE-2017-1002011 MISC MISC |
| axesstel -- mu553s_firmware | On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. | 2017-09-13 | 3.5 | CVE-2017-13724 MISC |
| azeotech -- daqfactory | An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. | 2017-09-08 | 3.6 | CVE-2017-12699 BID MISC |
| bluez -- bluez | All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. | 2017-09-12 | 3.3 | CVE-2017-1000250 BID MISC MISC CERT-VN |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. | 2017-09-13 | 2.1 | CVE-2017-14424 MISC |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. | 2017-09-13 | 2.1 | CVE-2017-14425 MISC |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. | 2017-09-13 | 2.1 | CVE-2017-14426 MISC |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions. | 2017-09-13 | 2.1 | CVE-2017-14427 MISC |
| d-link -- dir-850l_firmware | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions. | 2017-09-13 | 2.1 | CVE-2017-14428 MISC |
| dolibarr -- dolibarr | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. | 2017-09-11 | 3.5 | CVE-2017-14239 CONFIRM |
| dolibarr -- dolibarr | Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. | 2017-09-11 | 3.5 | CVE-2017-14241 CONFIRM |
| google -- android | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. | 2017-09-14 | 3.3 | CVE-2017-0785 BID CONFIRM |
| ibm -- db2_connect | IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. | 2017-09-12 | 2.1 | CVE-2017-1434 CONFIRM BID SECTRACK MISC |
| ibm -- jazz_reporting_service | An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. | 2017-09-14 | 3.5 | CVE-2017-1490 CONFIRM BID MISC |
| imagely -- nextgen_gallery | In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | 2017-09-12 | 3.5 | CVE-2015-9229 MISC |
| microsoft -- sharepoint_foundation | An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability". | 2017-09-12 | 3.5 | CVE-2017-8745 BID CONFIRM |
| microsoft -- sharepoint_server | Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability". | 2017-09-12 | 3.5 | CVE-2017-8629 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719. | 2017-09-12 | 2.1 | CVE-2017-8679 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682. | 2017-09-12 | 2.1 | CVE-2017-8683 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- windows_10 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681. | 2017-09-12 | 2.1 | CVE-2017-8687 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- windows_10 | Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685. | 2017-09-12 | 2.1 | CVE-2017-8688 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability." | 2017-09-12 | 2.6 | CVE-2017-8695 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. | 2017-09-12 | 1.9 | CVE-2017-8706 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. | 2017-09-12 | 1.9 | CVE-2017-8707 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719. | 2017-09-12 | 1.9 | CVE-2017-8708 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- windows_10 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719. | 2017-09-12 | 1.9 | CVE-2017-8709 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713. | 2017-09-12 | 1.9 | CVE-2017-8711 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713. | 2017-09-12 | 1.9 | CVE-2017-8712 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706. | 2017-09-12 | 1.9 | CVE-2017-8713 BID SECTRACK CONFIRM |
| microsoft -- windows_10 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679. | 2017-09-12 | 1.9 | CVE-2017-8719 BID SECTRACK CONFIRM |
| microsoft -- windows_7 | Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688. | 2017-09-12 | 2.1 | CVE-2017-8685 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- windows_8.1 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687. | 2017-09-12 | 2.1 | CVE-2017-8680 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- windows_rt_8.1 | The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability." | 2017-09-12 | 2.1 | CVE-2017-8676 BID SECTRACK CONFIRM |
| microsoft -- windows_rt_8.1 | The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. | 2017-09-12 | 2.1 | CVE-2017-8677 BID SECTRACK CONFIRM |
| microsoft -- windows_rt_8.1 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. | 2017-09-12 | 2.1 | CVE-2017-8678 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- windows_rt_8.1 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687. | 2017-09-12 | 2.1 | CVE-2017-8681 BID SECTRACK CONFIRM EXPLOIT-DB |
| microsoft -- windows_server_2012 | Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688. | 2017-09-12 | 2.1 | CVE-2017-8684 BID SECTRACK CONFIRM EXPLOIT-DB |
| stickynote_project -- stickynote | Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. | 2017-09-11 | 3.5 | CVE-2015-7879 MLIST BID CONFIRM MISC |
| vmware -- vcenter_server | VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. | 2017-09-15 | 3.5 | CVE-2017-4926 BID SECTRACK CONFIRM |
| yast -- yast2 | The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks. | 2017-09-08 | 2.1 | CVE-2011-3177 CONFIRM CONFIRM |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| N/A -- N/A | Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. | 2017-09-15 | not yet calculated | CVE-2017-0898 BID SECTRACK MISC MISC MISC |
| N/A -- N/A | The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. | 2017-09-12 | not yet calculated | CVE-2017-1000251 BID SECTRACK CONFIRM MISC EXPLOIT-DB CERT-VN |
| N/A -- N/A | The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses. | 2017-09-14 | not yet calculated | CVE-2017-13761 CONFIRM |
| N/A -- N/A | The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. | 2017-09-15 | not yet calculated | CVE-2017-14340 CONFIRM CONFIRM CONFIRM BID CONFIRM CONFIRM |
| N/A -- N/A | Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. | 2017-09-15 | not yet calculated | CVE-2017-2299 BID CONFIRM |
| N/A -- N/A | An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. | 2017-09-14 | not yet calculated | CVE-2017-2809 BID CONFIRM CONFIRM CONFIRM MISC |
| N/A -- N/A | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. | 2017-09-13 | not yet calculated | CVE-2017-2816 BID MISC |
| N/A -- N/A | VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | 2017-09-15 | not yet calculated | CVE-2017-4924 BID SECTRACK SECTRACK CONFIRM |
| N/A -- N/A | VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | 2017-09-15 | not yet calculated | CVE-2017-4925 BID SECTRACK SECTRACK CONFIRM |
| N/A -- N/A | The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 2017-09-15 | not yet calculated | CVE-2017-9805 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CISCO EXPLOIT-DB |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.