Vulnerability Summary for the Week of May 15, 2017

Please Note:

• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID. • The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability. High High Vulnerabilities Primary CVSS Source & Patch Vendor -- Product Description Published Score Info IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability CVE-2016-9691 to expose highly sensitive CONFIRM(link information or consume all is external) ibm -- available memory resources. 2017-05- BID(link is

websphere_cast_iron_solution IBM X-Force ID: 119515. 05 9.0 external) IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user- supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server- side DNS lookups or HTTP CVE-2016-9692 requests to arbitrary domain CONFIRM(link names. By submitting suitable is external) ibm -- payloads, an attacker can cause 2017-05- BID(link is

websphere_cast_iron_solution the application server to attack 05 7.8 external)

Primary CVSS Source & Patch Vendor -- Product Description Published Score Info other systems that it can interact with. IBM X-Force ID: 119516. Back to top

Medium Vulnerabilities Primary CVSS Source & Patch Vendor -- Product Description Published Score Info forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly CVE-2017-8827 genixcms -- conduct Arbitrary User Password Reset 2017-05- MISC(link is

genixcms attacks via a series of requests. 08 6.4 external) IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user- supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is CVE-2016-0255 viewed. An attacker could use this CONFIRM(link vulnerability to steal the victim's cookie- is external) ibm -- based authentication credentials. IBM X- 2017-05- BID(link is

marketing_platform Force ID: 110564. 05 4.3 external) In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 CVE-2017-8830 imagemagick -- allows attackers to cause a denial of 2017-05- CONFIRM(link

imagemagick service (memory leak) via a crafted file. 08 4.3 is external) Back to top

Low Vulnerabilities Source & Primary CVSS Patch Vendor -- Product Description Published Score Info There were no low vulnerabilities recorded this week. Back to top

Severity Not Yet Assigned Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE- Adobe Experience Manager Forms 2017-3067 versions 6.2, 6.1, 6.0 have an BID(link information disclosure is external) adobe -- vulnerability resulting from abuse not yet CONFIR experience_manager_forms of the pre-population service in 2017- calculaM(link is AEM Forms. 05-09 ted external) CVE- Adobe Flash Player versions 2017-3074 25.0.0.148 and earlier have an BID(link exploitable memory corruption is external) vulnerability in the Graphics class. not yet CONFIR Successful exploitation could lead 2017- calculaM(link is adobe -- flash_player to arbitrary code execution. 05-09 ted external) Adobe Flash Player versions 25.0.0.148 and earlier have an CVE- exploitable use after free 2017-3073 vulnerability when handling BID(link multiple mask properties of display is external) objects, aka memory corruption. not yet CONFIR Successful exploitation could lead 2017- calculaM(link is adobe -- flash_player to arbitrary code execution. 05-09 ted external) Adobe Flash Player versions CVE- 25.0.0.148 and earlier have an 2017-3071 exploitable use after free BID(link vulnerability when masking is external) display objects. Successful not yet CONFIR exploitation could lead to arbitrary 2017- calculaM(link is adobe -- flash_player code execution. 05-09 ted external) CVE- Adobe Flash Player versions 2017-3072 25.0.0.148 and earlier have an BID(link exploitable memory corruption is external) vulnerability in the BitmapData not yet CONFIR class. Successful exploitation could 2017- calculaM(link is adobe -- flash_player lead to arbitrary code execution. 05-09 ted external) Adobe Flash Player versions not yet CVE- 25.0.0.148 and earlier have an 2017- calcula2017-3070 adobe -- flash_player exploitable memory corruption 05-09 ted BID(link

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info vulnerability in the is external) ConvolutionFilter class. Successful CONFIR exploitation could lead to arbitrary M(link is code execution. external) CVE- Adobe Flash Player versions 2017-3069 25.0.0.148 and earlier have an BID(link exploitable memory corruption is external) vulnerability in the BlendMode not yet CONFIR class. Successful exploitation could 2017- calculaM(link is adobe -- flash_player lead to arbitrary code execution. 05-09 ted external) Adobe Flash Player versions CVE- 25.0.0.148 and earlier have an 2017-3068 exploitable memory corruption BID(link vulnerability in the Advanced is external) Video Coding engine. Successful not yet CONFIR adobe -- flash_player exploitation could lead to arbitrary 2017- calculaM(link is code execution. 05-09 ted external) CVE- 2016-4855 Cross-site scripting vulnerability in JVN(link ADOdb versions prior to 5.20.6 is external) allows remote attackers to inject not yet CONFIR adodb -- adodb arbitrary web script or HTML via 2017- calculaM(link is unspecified vectors. 05-12 ted external) A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect CVE- unauthorized users. Attackers may 2017-7909 intercept requests and bypass not yet BID(link advantech -- authentication to access restricted 2017- calculais external) b+b_smartworx_mesr901 web pages. 05-05 ted MISC An Absolute Path Traversal issue was discovered in Advantech CVE- WebAccess Version 8.1 and prior. 2017-7929 The absolute path traversal not yet BID(link advantech -- webaccess vulnerability has been identified, 2017- calculais external) which may allow an attacker to 05-05 ted MISC

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info traverse the file system to access restricted files or directories. CVE- 2017-8832 not yet CONFIR allendisk -- id_parameter Allen Disk 1.6 has XSS in the id 2017- calculaM(link is parameter to downfile.php. 05-08 ted external) CVE- Allen Disk 1.6 has CSRF in not yet 2017-8848 allendisk -- setpass.php setpass.php with an impact of 2017- calculaMISC(link changing a password. 05-08 ted is external) In Ambari 2.4.x (before 2.4.3) and CVE- Ambari 2.5.0, an authorized user of 2017-5654 the Ambari Hive View may be able CONFIR to gain unauthorized read access to not yet M ambari -- ambari files on the host where the Ambari 2017- calculaCONFIR server executes. 05-12 ted M The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to CVE- cause a denial of service (out-of- not yet 2017-8908 artifexghostscript -- mark_line_tr bounds read) via a crafted 2017- calculaMISC(link PostScript document. 05-12 ted is external) ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote CVE- authenticated users to discover the not yet 2017-8878 Wi-Fi password via 2017- calculaMISC(link asus_rt-ac_rt-n -- asus_rt_ac_rt_n WPS_info.xml. 05-10 ted is external) ASUS RT-AC* and RT-N* devices with firmware through CVE- 3.0.0.4.380.7378 allow JSONP not yet 2017-8877 asus_rt-ac_rt-n -- asus_rt_ac_rt_n Information Disclosure such as the 2017- calculaMISC(link SSID. 05-10 ted is external) CVE- ASUS RT-AC* and RT-N* 2017-5892 devices with firmware before MISC(link 3.0.0.4.380.7378 allow JSONP not yet is external) Information Disclosure such as a 2017- calculaMISC(link asus_rt-ac_rt-n -- firmware network map. 05-10 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017-5891 ASUS RT-AC* and RT-N* MISC(link devices with firmware before not yet is external) asus_rt-ac_rt-n -- firmware 3.0.0.4.380.7378 have Login Page 2017- calculaMISC(link CSRF and Save Settings CSRF. 05-10 ted is external) Acceptance of invalid/self-signed TLS certificates in Atlassian CVE- HipChat before 3.16.2 for iOS 2017-8058 allows a man-in-the-middle and/or BID(link physically proximate attacker to not yet is external) atlassian -- hipchat silently intercept information sent 2017- calculaMISC(link during the login API call. 05-05 ted is external) CVE- 2016-4883 Cross-site scripting vulnerability in CONFIR baserCMS version 3.0.10 and M(link is earlier allows remote attackers to not yet external) basercms -- basercms inject arbitrary web script or 2017- calculaJVN(link HTML via unspecified vectors. 05-12 ted is external) CVE- Cross-site request forgery (CSRF) 2016-4878 vulnerability in baserCMS version CONFIR 3.0.10 and earlier allows remote M(link is attackers to hijack the not yet external) basercms -- basercms authentication of administrators via 2017- calculaJVN(link unspecified vectors. 05-12 ted is external) CVE- Cross-site request forgery (CSRF) 2016-4882 vulnerability in baserCMS version CONFIR 3.0.10 and earlier allows remote M(link is attackers to hijack the not yet external) basercms -- basercms authentication of administrators via 2017- calculaJVN(link unspecified vectors. 05-12 ted is external) CVE- Cross-site scripting vulnerability in 2016-4880 baserCMS plugin Blog version CONFIR 3.0.10 and earlier allows remote M(link is authenticated attackers to inject not yet external) basercms -- plugin_blog arbitrary web script or HTML via 2017- calculaJVN(link unspecified vectors. 05-12 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE- Cross-site request forgery (CSRF) 2016-4884 vulnerability in baserCMS plugin CONFIR Blog version 3.0.10 and earlier M(link is allows remote attackers to hijack not yet external) basercms -- plugin_blog the authentication of administrators 2017- calculaJVN(link via unspecified vectors. 05-12 ted is external) CVE- Cross-site request forgery (CSRF) 2016-4881 vulnerability in baserCMS plugin CONFIR Blog version 3.0.10 and earlier M(link is allows remote attackers to hijack not yet external) basercms -- plugin_blog the authentication of administrators 2017- calculaJVN(link via unspecified vectors. 05-12 ted is external) CVE- Cross-site request forgery (CSRF) 2016-4885 vulnerability in baserCMS plugin CONFIR Feed version 3.0.10 and earlier M(link is allows remote attackers to hijack not yet external) basercms -- plugin_feed the authentication of administrators 2017- calculaJVN(link via unspecified vectors. 05-12 ted is external) CVE- Cross-site scripting vulnerability in 2016-4877 baserCMS plugin Mail version CONFIR 3.0.10 and earlier allows remote M(link is authenticated attackers to inject not yet external) basercms -- plugin_mail arbitrary web script or HTML via 2017- calculaJVN(link unspecified vectors. 05-12 ted is external) CVE- Cross-site request forgery (CSRF) 2016-4886 vulnerability in baserCMS plugin CONFIR Mail version 3.0.10 and earlier M(link is allows remote attackers to hijack not yet external) basercms -- plugin_mail the authentication of administrators 2017- calculaJVN(link via unspecified vectors. 05-12 ted is external) CVE- Cross-site request forgery (CSRF) 2016-4879 vulnerability in baserCMS plugin CONFIR Mail version 3.0.10 and earlier M(link is allows remote attackers to hijack not yet external) basercms -- plugin_mail the authentication of administrators 2017- calculaJVN(link via unspecified vectors. 05-12 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE- Cross-site request forgery (CSRF) 2016-4887 vulnerability in baserCMS plugin CONFIR Uploader version 3.0.10 and earlier M(link is allows remote attackers to hijack not yet external) basercms -- plugin_uploader the authentication of administrators 2017- calculaJVN(link via unspecified vectors. 05-12 ted is external) Cross-site request forgery (CSRF) vulnerability in baserCMS version CVE- 3.0.10 and earlier allows remote 2016-4876 attackers to hijack the MISC(link authentication of administrators to not yet is external) basercms -- basercms execute arbitrary PHP code via 2017- calculaJVN(link unspecified vectors. 05-12 ted is external) A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then CVE- persuading a target administrator to 2017-3894 blackberry -- view the specific location of the not yet CONFIR management_console malicious script within the 2017- calculaM(link is Management Console. 05-10 ted external) An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, CVE- which may allow an attacker to run 2017-6051 a malicious DLL file within the not yet BID(link blf_tech_llc -- visualview_hmi search path resulting in execution 2017- calculais external) of arbitrary code. 05-08 ted MISC A privilege escalation vulnerability CVE- in Brocade Fibre Channel SAN not yet 2016-8202 brocadefibrechannelsan -- os_(fos) products running Brocade Fabric 2017- calculaBID(link OS (FOS) releases earlier than 05-08 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info v7.4.1d and v8.0.1b could allow an CONFIR authenticated attacker to elevate M(link is the privileges of user accounts external) accessing the system via command CONFIR line interface. With affected M(link is versions, non-root users can gain external) root access with a combination of shell commands and parameters. Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is CVE- continuously scanned on port 22, 2016-8209 may allow attackers to cause a not yet CONFIR brocadenetiron -- brocade_netiron denial of service (crash and reload) 2017- calculaM(link is of the management module. 05-08 ted external) The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password CVE- into a readable local file during 2017-8391 operating system installation, BID(link caclientautomation -- which allows local users to obtain is external) os_installation_management_com sensitive information by reading not yet CONFIR ponent this file after operating system 2017- calculaM(link is installation. 05-05 ted external) A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of CVE- HTTP headers for scripting 2017-6031 syntax" issue has been identified, not yet BID(link which may allow remote code 2017- calculais external) certec -- edv_gmbh_atvise_scada execution. 05-05 ted MISC A Cross-Site Scripting issue was CVE- discovered in Certec EDV GmbH 2017-6029 atvise scada prior to Version 3.0. not yet BID(link certec -- edv_gmbh_atvise_scada This may allow remote code 2017- calculais external) execution. 05-05 ted MISC

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info Citrix XenMobile Server before CVE- 10.5.0.24 allows man-in-the- 2016-6877 middle attackers to trigger HTTP BID(link 302 redirections via vectors not yet is external) citrix -- xenmobile_server involving the HTTP Host header 2017- calculaMISC(link and a cached page. 05-05 ted is external) ** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CVE- cmsmadesimple - CallUserTag functions. NOTE: the not yet 2017-8912 - admin_editusertag_php vendor reportedly has stated this is 2017- calculaMISC(link "a feature, not a bug." 05-12 ted is external) Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages CVE- accessible to any process that is 2017-8360 running in the current user session, MISC(link and filesystem access to not yet is external) conexantsystems -- mictray64task C:\Users\Public\MicTray.log by 2017- calculaMISC(link any process. 05-12 ted is external) A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An CVE- insufficient-encapsulation 2017-7911 vulnerability has been identified, not yet BID(link which may allow remote code 2017- calculais external) cybervision -- kaa_iot_platform execution. 05-05 ted MISC A Password in Configuration File CVE- issue was discovered in Dahua not yet 2017-7925 dahua -- configuration_file DH-IPC-HDBW23A0RN-ZS, DH- 2017- calculaMISC(link IPC-HDBW13A0SN, DH-IPC- 05-05 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info HDW1XXX, DH-IPC- BID(link HDW2XXX, DH-IPC- is external) HDW4XXX, DH-IPC- MISC HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH- SD6CXX, DH-NVR1XXX, DH- HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI- HCVR51A08HE-S3, and DHI- HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC- HDBW23A0RN-ZS, DH-IPC- HDBW13A0SN, DH-IPC- HDW1XXX, DH-IPC- HDW2XXX, DH-IPC- HDW4XXX, DH-IPC- HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH- SD6CXX, DH-NVR1XXX, DH- HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI- HCVR51A08HE-S3, and DHI- HCVR58A32S-S2 devices. The CVE- use of password hash instead of 2017-7927 password for authentication MISC(link vulnerability was identified, which is external) could allow a malicious user to not yet BID(link bypass authentication without 2017- calculais external) dahua -- dh_ipc obtaining the actual password. 05-05 ted MISC Dolibarr ERP/CRM 4.0.4 allows password changes without CVE- supplying the current password, not yet 2017-8879 dolibarr -- erp_crm which makes it easier for 2017- calculaMISC(link physically proximate attackers to 05-10 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info obtain access via an unattended workstation. CVE- Dolibarr ERP/CRM 4.0.4 has XSS not yet 2017-7887 in doli/societe/list.php via the sall 2017- calculaMISC(link dolibarr -- erp_crm parameter. 05-10 ted is external) Dolibarr ERP/CRM 4.0.4 stores CVE- passwords with the MD5 not yet 2017-7888 algorithm, which makes brute- 2017- calculaMISC(link dolibarr -- erp_crm force attacks easier. 05-10 ted is external) Dolibarr ERP/CRM 4.0.4 has SQL CVE- Injection in not yet 2017-7886 dolibarr -- erp_crm doli/theme/eldy/style.css.php via 2017- calculaMISC(link the lang parameter. 05-10 ted is external) CVE- 2017-8891 MISC(link Dropbox Lepton 1.2.1 allows DoS is external) (SEGV and application crash) via a MISC(link malformed lepton file because the not yet is external) dropboxlepton -- dos_lepton_file code does not ensure setup of a 2017- calculaMISC(link correct number of threads. 05-10 ted is external) EMC Mainframe Enablers CVE- ResourcePak Base versions 7.6.0, 2017-4982 8.0.0, and 8.1.0 contains a fix for a CONFIR emc -- privilege management M(link is mainframe_enablers_resourcepak_ vulnerability that could potentially not yet external) base be exploited by malicious users to 2017- calculaBID(link compromise the affected system. 05-08 ted is external) In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may CVE- cause a disruption of service to the 2017-6137 Traffic Management Microkernel not yet CONFIR f5 -- big_ip (TMM) on specific platforms and 2017- calculaM(link is configurations. 05-09 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the CVE- user's next request. This is a race 2016-9256 condition that occurs rarely in BID(link normal usage; the typical period in is external) which this is possible is limited to not yet CONFIR at most a few seconds after the 2017- calculaM(link is f5 -- big_ip permission change. 05-09 ted external) In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, CVE- allowing the non-authenticated 2016-9257 user to carry out a Cross Site not yet CONFIR Scripting (XSS) attack against the 2017- calculaM(link is f5 -- big_ip Administrative user. 05-09 ted external) In F5 BIG-IP 12.0.0 through CVE- 12.1.2, an authenticated attacker 2016-9251 may be able to cause an escalation not yet CONFIR of privileges through a crafted 2017- calculaM(link is f5 -- big_ip iControl REST connection. 05-09 ted external) In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic CVE- patterns may cause a disruption of 2016-9253 service for virtual servers not yet CONFIR configured to use the websocket 2017- calculaM(link is f5 -- big_ip profile. 05-09 ted external) In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated CVE- user with an established access 2017-0302 session to the BIG-IP APM system not yet CONFIR f5 -- big_ip_apm may be able to cause a traffic 2017- calculaM(link is disruption if the length of the 05-09 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info requested URL is less than 16 characters. In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user CVE- with access to the control plane 2016-9250 may be able to delete arbitrary files not yet CONFIR f5 -- big_ip through an undisclosed 2017- calculaM(link is mechanism. 05-10 ted external) Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in fiyocms -- dapur/apps/app_config/controller/b CVE- dapur_apps_app_config_controller ackuper.php via directory traversal not yet 2017-8853 _backuper_php in the file parameter during an 2017- calculaMISC(link act=db action. 05-09 ted is external) acp/core/files.browser.php in flatCore 1.4.7 allows file deletion CVE- via directory traversal in the delete 2017-8868 flatcore -- parameter to acp/acp.php. The risk not yet CONFIR acp_core_files_browser_php might be limited to requests 2017- calculaM(link is submitted through CSRF. 05-10 ted external) In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities CVE- in Autopilot/route_mgr.cxx - this 2017-8921 one exists because of an not yet CONFIR flightgear -- fgcommand_interface incomplete fix for CVE-2016- 2017- calculaM(link is 9956. 05-12 ted external) Gemalto SmartDiag Diagnosis CVE- Tool v2.5 has a stack-based Buffer 2017-6953 Overflow with SEH Overwrite via not yet EXPLOIT- long "Register a new card" input 2017- calculaDB(link is gemalto -- smartdiag_diagnosis fields. There may be a risk of local 05-08 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info code execution with untrusted input to SmartDiag.exe or SymDiag.exe. CVE- 2017-8804 CONFIR The xdr_bytes and xdr_string M(link is functions in the GNU C Library external) (aka glibc or libc6) 2.25 mishandle BID(link failures of buffer deserialization, is external) which allows remote attackers to CONFIR cause a denial of service (virtual M(link is memory allocation, or memory external) consumption if an overcommit CONFIR setting is not used) via a crafted not yet M gnu -- c_library UDP packet to port 111, a related 2017- calculaCONFIR issue to CVE-2017-8779. 05-07 ted M An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a CVE- privileged process. Product: 2017-0622 Android. Versions: Kernel-3.10. not yet CONFIR Android ID: A-32749036. 2017- calculaM(link is goodix -- touchscreen_driver References: QC-CR#1098602. 05-12 ted external) An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires CVE- compromising a privileged 2017-0630 process. Product: Android. not yet CONFIR Versions: Kernel-3.10, Kernel- 2017- calculaM(link is google -- android 3.18. Android ID: A-34277115. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info An information disclosure vulnerability in the Broadcom Wi- Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged CVE- process. Product: Android. 2017-0633 Versions: Kernel-3.10, Kernel- not yet CONFIR 3.18. Android ID: A-36000515. 2017- calculaM(link is google -- android References: B-RB#117131. 05-12 ted external) An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged CVE- process. Product: Android. 2017-0629 Versions: Kernel-3.10, Kernel- not yet CONFIR 3.18. Android ID: A-35214296. 2017- calculaM(link is google -- android References: QC-CR#1086833. 05-12 ted external) An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first CVE- requires compromising a 2017-0634 privileged process. Product: not yet CONFIR Android. Versions: Kernel-3.18. 2017- calculaM(link is google -- android Android ID: A-32511682. 05-12 ted external) An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access CVE- data outside of its permission 2017-0631 levels. This issue is rated as not yet CONFIR Moderate because it first requires 2017- calculaM(link is google -- android compromising a privileged 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info process. Product: Android. Versions: Kernel-3.10, Kernel- 3.18. Android ID: A-35399756. References: QC-CR#1093232. A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could CVE- enable an attacker to use a 2017-0635 specially crafted file to cause a CONFIR device hang or reboot. This issue is M(link is rated as Low due to details specific external) to the vulnerability. Product: not yet CONFIR Android. Versions: 7.0, 7.1.1, 2017- calculaM(link is google -- android 7.1.2. Android ID: A-35467107. 05-12 ted external) An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged CVE- process. Product: Android. 2017-0628 Versions: Kernel-3.10, Kernel- not yet CONFIR 3.18. Android ID: A-34230377. 2017- calculaM(link is google -- android References: QC-CR#1086833. 05-12 ted external) The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money CVE- Forward for Tokai Tokyo 2016-4838 Securities (prior to v1.4.0), Money CONFIR Forward for THE TOHO BANK M(link is (prior to v1.3.0), Money Forward external) for YMFG (prior to v1.5.0) MISC(link provided by Money Forward, Inc. not yet is external) google -- android and Money Forward for AppPass 2017- calculaJVN(link (prior to v7.18.3), Money Forward 05-12 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application. Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not CVE- sandboxed per application; any 2016-6799 application installed on the device not yet BID(link google -- android has the capability to read data 2017- calculais external) logged by other applications. 05-09 ted MLIST The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money CVE- Forward for Tokai Tokyo 2016-4839 Securities (prior to v1.4.0), Money CONFIR Forward for THE TOHO BANK M(link is (prior to v1.3.0), Money Forward external) for YMFG (prior to v1.5.0) MISC(link provided by Money Forward, Inc. not yet is external) google -- android and Money Forward for AppPass 2017- calculaJVN(link (prior to v7.18.3), Money Forward 05-12 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application. An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires CVE- compromising a privileged 2017-0627 process. Product: Android. not yet CONFIR google -- android Versions: Kernel-3.10, Kernel- 2017- calculaM(link is 3.18. Android ID: A-33300353. 05-12 ted external) An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate CVE- application data from other 2017-0593 applications. Product: Android. not yet CONFIR Versions: 6.0, 6.0.1, 7.0, 7.1.1, 2017- calculaM(link is google -- android 7.1.2. Android ID: A-34114230. 05-12 ted external) A remote code execution vulnerability in libavc in Mediaserver could enable an CVE- attacker using a specially crafted 2017-0591 file to cause memory corruption CONFIR during media file and data M(link is processing. This issue is rated as external) Critical due to the possibility of not yet CONFIR remote code execution within the 2017- calculaM(link is google -- android context of the Mediaserver 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672. An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be CVE- used to gain local access to 2017-0595 elevated capabilities, which are not CONFIR normally accessible to a third-party M(link is application. Product: Android. external) Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, not yet CONFIR 6.0.1, 7.0, 7.1.1. Android ID: A- 2017- calculaM(link is google -- android 34705519. 05-12 ted external) A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated CVE- as Critical due to the possibility of 2017-0588 remote code execution within the CONFIR context of the Mediaserver M(link is process. Product: Android. external) Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, not yet CONFIR 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: 2017- calculaM(link is google -- android A-34618607. 05-12 ted external) An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of CVE- a privileged process. This issue is 2017-0596 rated as High because it could be CONFIR used to gain local access to M(link is elevated capabilities, which are not external) normally accessible to a third-party not yet CONFIR application. Product: Android. 2017- calculaM(link is google -- android Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info 6.0.1, 7.0, 7.1.1. Android ID: A- 34749392. A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data CVE- processing. This issue is rated as 2017-0587 Critical due to the possibility of CONFIR remote code execution within the M(link is context of the Mediaserver external) process. Product: Android. not yet CONFIR Versions: 6.0, 6.0.1, 7.0, 7.1.1, 2017- calculaM(link is google -- android 7.1.2. Android ID: A-35219737. 05-12 ted external) An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2. cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be CVE- used to gain local access to 2017-0594 elevated capabilities, which are not CONFIR normally accessible to a third-party M(link is application. Product: Android. external) Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, not yet CONFIR 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: 2017- calculaM(link is google -- android A-34617444. 05-12 ted external) A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption CVE- during media file and data 2017-0589 processing. This issue is rated as CONFIR Critical due to the possibility of M(link is remote code execution within the external) context of the Mediaserver not yet CONFIR process. Product: Android. 2017- calculaM(link is google -- android Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info 7.0, 7.1.1, 7.1.2. Android ID: A- 34897036. An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party CVE- application. Product: Android. 2017-0597 Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, not yet CONFIR 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: 2017- calculaM(link is google -- android A-34749571. 05-12 ted external) A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as CVE- Critical due to the possibility of 2017-0590 remote code execution within the CONFIR context of the Mediaserver M(link is process. Product: Android. external) Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, not yet CONFIR 7.0, 7.1.1, 7.1.2. Android ID: A- 2017- calculaM(link is google -- android 35039946. 05-12 ted external) A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory CVE- corruption during media file and 2017-0592 data processing. This issue is rated CONFIR as Critical due to the possibility of M(link is remote code execution within the external) context of the Mediaserver not yet CONFIR process. Product: Android. 2017- calculaM(link is google -- android Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788. In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime- >private_data) with a NULL check, such as CVE- msm_pcm_volume_ctl_put(), not yet 2017-8246 which means this freed memory 2017- calculaCONFIR google -- android could be used. 05-12 ted M An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged CVE- process. Product: Android. 2017-0607 Versions: Kernel-3.18. Android not yet CONFIR ID: A-35400551. References: QC- 2017- calculaM(link is google -- android CR#1085928. 05-12 ted external) An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of CVE- user interaction requirements. 2017-0601 Product: Android. Versions: 7.0, not yet CONFIR 7.1.1, 7.1.2. Android ID: A- 2017- calculaM(link is google -- android 35258579. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to CVE- repair the device. Product: 2017-0604 Android. Versions: N/A. Android not yet CONFIR ID: A-35392981. References: QC- 2017- calculaM(link is google -- android CR#826589. 05-12 ted external) Airwatch Inbox for Android contains a vulnerability that may CVE- allow a rooted device to decrypt 2017-4896 the local data used by the BID(link application. Successful is external) exploitation of this issue may not yet CONFIR result in an unauthorized disclosure 2017- calculaM(link is google -- android of confidential data. 05-10 ted external) A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a CVE- device hang or reboot. This issue is 2017-0603 rated as Moderate because it CONFIR requires an uncommon device M(link is configuration. Product: Android. external) Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, not yet CONFIR 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: 2017- calculaM(link is google -- android A-35763994. 05-12 ted external) An elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of CVE- the kernel. This issue is rated as 2017-0605 Critical due to the possibility of a not yet CONFIR local permanent device 2017- calculaM(link is google -- android compromise, which may require 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A- 35399704. References: QC- CR#1048480. An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to CVE- details specific to the vulnerability. 2017-0602 Product: Android. Versions: 4.4.4, not yet CONFIR 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 2017- calculaM(link is google -- android 7.1.2. Android ID: A-34946955. 05-12 ted external) A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted CVE- file to cause a device hang or 2017-0600 reboot. This issue is rated as High CONFIR severity due to the possibility of M(link is remote denial of service. Product: external) Android. Versions: 4.4.4, 5.0.2, not yet CONFIR 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. 2017- calculaM(link is google -- android Android ID: A-35269635. 05-12 ted external) An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access CVE- to. Product: Android. Versions: 2017-0598 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, not yet CONFIR 7.1.1, 7.1.2. Android ID: A- 2017- calculaM(link is google -- android 34128677. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted CVE- file to cause a device hang or 2017-0599 reboot. This issue is rated as High CONFIR severity due to the possibility of M(link is remote denial of service. Product: external) Android. Versions: 6.0, 6.0.1, 7.0, not yet CONFIR 7.1.1, 7.1.2. Android ID: A- 2017- calculaM(link is google -- android 34672748. 05-12 ted external) In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying CVE- a payload size that will overflow not yet 2017-8245 its own declared size, an out of 2017- calculaCONFIR google -- android bounds memory copy occurs. 05-12 ted M An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated CVE- as Moderate due to the possibility 2017-0493 of bypassing the lock screen. not yet CONFIR google -- android Product: Android. Versions: 7.0, 2017- calculaM(link is 7.1.1. Android ID: A-32793550. 05-12 ted external) Airwatch Agent for Android contains a vulnerability that may CVE- allow a device to bypass root 2017-4895 detection. Successful exploitation BID(link of this issue may result in an is external) enrolled device having unrestricted not yet CONFIR google -- android access over local Airwatch security 2017- calculaM(link is controls and data. 05-10 ted external) In core_info_read and inst_info_read in all Android releases from CAF using the Linux CVE- kernel, variable "dbg_buf", not yet 2017-8244 google -- android "dbg_buf->curr" and "dbg_buf- 2017- calculaCONFIR >filled_size" could be modified by 05-12 ted M

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer->curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). H2O versions 2.0.3 and earlier and CVE- 2.1.0-beta2 and earlier allows 2016-4864 remote attackers to cause a denial- CONFIR of-service (DoS) via format string M(link is specifiers in a template file via not yet external) h2o -- h2o fastcgi, mruby, proxy, redirect or 2017- calculaJVN(link reproxy. 05-12 ted is external) A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS- 2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build CVE- 160106 devices. The password in 2017-7923 configuration file vulnerability MISC(link could allow a malicious user to is external) escalate privileges or assume the not yet BID(link identity of another user and access 2017- calculais external) hikvision -- ds-2cd2xx2f_i sensitive information. 05-05 ted MISC An Improper Authentication issue CVE- was discovered in Hikvision DS- 2017-7921 2CD2xx2F-I Series V5.2.0 build not yet MISC(link hikvision -- ds-2cd2xx2f_i 140721 to V5.4.0 build 160530, 2017- calculais external) DS-2CD2xx0F-I Series V5.2.0 05-05 ted BID(link

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info build 140721 to V5.4.0 Build is external) 160401, DS-2CD2xx2FWD Series MISC V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS- 2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires CVE- compromising a privileged 2017-0623 process. Product: Android. not yet CONFIR htc-- bootloader Versions: Kernel-3.18. Android 2017- calculaM(link is ID: A-32512358. 05-12 ted external) CVE- IBM Tivoli Storage Manager 5.5, 2016-8916 6.1-6.4, and 7.1 stores password CONFIR information in a log file that could M(link is ibmtivolistoragemanager -- be read by a local user when a set not yet external) ibm_tivoli_storage_manager password command is issued. IBM 2017- calculaBID(link X-Force ID: 118472. 05-05 ted is external) IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. not yet CVE- ibm -- cognos_analytics This vulnerability allows users to 2017- calcula2016-3032 embed arbitrary JavaScript code in 05-10 ted CONFIR

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info the Web UI thus altering the M(link is intended functionality potentially external) leading to credentials disclosure within a trusted session. IBM X- Force ID: 114516. IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an CVE- attacker to execute malicious and 2016-5889 unauthorized actions transmitted not yet CONFIR ibm -- interact from a user that the website trusts. 2017- calculaM(link is IBM X-Force ID: 115085. 05-10 ted external) IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the CVE- intended functionality potentially 2016-5888 leading to credentials disclosure not yet CONFIR ibm -- interact within a trusted session. IBM X- 2017- calculaM(link is Force ID: 115084. 05-10 ted external) IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the CVE- intended functionality potentially 2016-6035 leading to credentials disclosure not yet CONFIR ibm -- rational_quality_manager within a trusted session. IBM X- 2017- calculaM(link is Force ID: 116896. 05-10 ted external) IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would CVE- be executed in the victim's Web 2016-6037 browser within the security context not yet CONFIR ibm -- rational_team_concert of the hosting site. IBM X-Force 2017- calculaM(link is ID: 116918. 05-10 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this CVE- vulnerability to expose highly 2017-1103 sensitive information or consume not yet CONFIR ibm -- team_concert all available memory resources. 2017- calculaM(link is IBM X-Force ID: 120665. 05-10 ted external) IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this CVE- weakness to obtain sensitive 2017-1137 ibm -- information and gain unauthorized not yet CONFIR websphere_application_server access to the admin console. IBM 2017- calculaM(link is X-Force ID: 121549. 05-10 ted external) IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a CVE- user to a malicious Web site that 2017-1156 would appear to be trusted. This CONFIR could allow the attacker to obtain M(link is highly sensitive information or not yet external) conduct further attacks against the 2017- calculaBID(link ibm -- websphere_portal victim. IBM X-Force. ID: 122592 05-05 ted is external) Untrusted search path vulnerability in Installer for PrimeDrive Desktop CVE- Application version 1.4.4 and 2017-2167 earlier allows remote attackers to MISC(link installer -- execute arbitrary code via a not yet is external) primedrive_desktop_application specially crafted executable file in 2017- calculaJVN(link an unspecified directory. 05-12 ted is external) Invision Power Services (IPS) not yet CVE- invisionpowerservices -- Community Suite 4.1.19.2 and 2017- calcula2017-8898 community_suite earlier has stored XSS in the 05-11 ted MISC(link

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info Announcements, allowing is external) privilege escalation from an MISC(link Invision Power Board moderator to is external) an admin. An attack uses the MISC(link announce_content parameter in an is external) index.php?/modcp/announcements/ &action=create request. This is related to the "<> Source" option. Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain CVE- access to moderator/admin 2017-8899 accounts. The primary cause is the MISC(link ability to upload an SVG document is external) with a crafted attribute such an MISC(link onload; however, full path not yet is external) invisionpowerservices -- disclosure is required for 2017- calculaMISC(link community_suite exploitation. 05-11 ted is external) Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: CVE- admin/convertutf8/index.php?contr 2017-8897 oller= is the attack vector. This MISC(link UTF8 Converter vulnerability can is external) easily be used to make a malicious MISC(link invisionpowerservices -- announcement affecting any not yet is external) community_suite Invision Power Board user who 2017- calculaMISC(link views the announcement. 05-11 ted is external) It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An CVE- attacker could use this flaw to 2017-7474 bypass authentication and gain not yet CONFIR keycloak -- node_js_adapter access to restricted information, or 2017- calculaM(link is to possibly conduct further attacks. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017-8825 A null dereference vulnerability CONFIR has been found in the MIME M(link is handling component of LibEtPan external) before 1.8, as used in MailCore CONFIR and MailCore 2. A crash can occur M(link is in low-level/imf/mailimf.c during a external) libetpan -- failed parse of a Cc header not yet CONFIR mime_handling_component containing multiple e-mail 2017- calculaM(link is addresses. 05-08 ted external) The read_stream function in stream.c in liblrzip.so in lrzip CVE- 0.631 allows remote attackers to 2017-8846 cause a denial of service (use-after- not yet MISC free and application crash) via a 2017- calculaMISC(link liblrzipso -- read_stream_function crafted archive. 05-08 ted is external) The TIFFWriteDirectoryTagCheckedR CVE- ational function in tif_dirwrite.c in 2016- LibTIFF 4.0.6 allows remote 10371 libtiff -- attackers to cause a denial of CONFIR tiffwritedirectorytagcheckedration service (assertion failure and not yet M al application exit) via a crafted TIFF 2017- calculaCONFIR file. 05-10 ted M The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer not yet CVE- libxml2 -- html_parser_c over-read) or information 2017- calcula2017-8872 disclosure. 05-10 ted MISC The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in CVE- lrzip 0.631 allows remote attackers 2017-8847 to cause a denial of service (NULL not yet MISC libzpaq -- bufread::get()_function pointer dereference and application 2017- calculaMISC(link crash) via a crafted archive. 05-08 ted is external) CVE- The bufRead::get() function in 2017-8842 libzpaq/libzpaq.h in liblrzip.so in not yet MISC libzpaq -- bufread::get()_function lrzip 0.631 allows remote attackers 2017- calculaMISC(link to cause a denial of service (divide- 05-08 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info by-zero error and application crash) via a crafted archive. The join_pthread function in stream.c in liblrzip.so in lrzip CVE- 0.631 allows remote attackers to 2017-8843 cause a denial of service (NULL not yet MISC pointer dereference and application 2017- calculaMISC(link libzpaq -- join_pthread_function crash) via a crafted archive. 05-08 ted is external) The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial CVE- of service (heap-based buffer 2017-8844 overflow and application crash) or not yet MISC libzrip -- read_1g possibly have unspecified other 2017- calculaMISC(link impact via a crafted archive. 05-08 ted is external) Deserialization vulnerability in lintian through 2.5.50.3 allows CVE- attackers to trigger code execution not yet 2017-8829 lintian -- lintian by requesting a review of a source 2017- calculaCONFIR package with a crafted YAML file. 05-08 ted M CVE- 2017-8925 The omninet_open function in CONFIR drivers/usb/serial/omninet.c in the M Linux kernel before 4.10.4 allows CONFIR local users to cause a denial of M service (tty exhaustion) by not yet CONFIR leveraging reference count 2017- calculaM(link is linux -- kernel mishandling. 05-12 ted external) CVE- 2017-7472 CONFIR M CONFIR The KEYS subsystem in the Linux M(link is kernel before 4.10.13 allows local external) users to cause a denial of service CONFIR (memory consumption) via a series M(link is of external) KEY_REQKEY_DEFL_THREAD not yet CONFIR linux -- kernel _KEYRING 2017- calculaM(link is keyctl_set_reqkey_keyring calls. 05-11 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CONFIR M(link is external) CONFIR M CONFIR M CONFIR M The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the CVE- Linux kernel before 4.10.4 allows 2017-8924 local users to obtain sensitive CONFIR information (in the dmesg M ringbuffer and syslog) from CONFIR uninitialized kernel memory by M using a crafted USB device (posing not yet CONFIR linux -- kernel as an io_ti USB serial device) to 2017- calculaM(link is trigger an integer underflow. 05-12 ted external) The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c CVE- in the Linux kernel through 2017-8890 4.10.15 allows attackers to cause a CONFIR denial of service (double free) or M possibly have unspecified other not yet CONFIR linux -- kernel impact by leveraging use of the 2017- calculaM(link is accept system call. 05-10 ted external) The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote CVE- attackers to cause a denial of 2017-8845 service (invalid memory read and not yet MISC lzolx_d_ch -- lzolx_decompress application crash) via a crafted 2017- calculaMISC(link archive. 05-08 ted is external) Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to CVE- hijack the authentication of users not yet 2017-8874 mautic -- mautic for requests that (1) delete email 2017- calculaMISC(link campaigns or (2) delete contacts. 05-10 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged CVE- process. Product: Android. 2017-0621 Versions: Kernel-3.10. Android not yet CONFIR mediatek -- camera_driver ID: A-35399703. References: QC- 2017- calculaM(link is CR#831322. 05-12 ted external) An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged CVE- process. Product: Android. 2017-0618 Versions: N/A. Android ID: A- not yet CONFIR mediatek -- 35100728. References: M- 2017- calculaM(link is command_queue_driver ALPS03161536. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a CVE- privileged process. Product: 2017-0619 Android. Versions: Kernel-3.10. not yet CONFIR Android ID: A-35401152. 2017- calculaM(link is mediatek -- pin_controller_driver References: QC-CR#826566. 05-12 ted external) An elevation of privilege vulnerability in the MediaTek CVE- power driver could enable a local 2017-0615 malicious application to execute not yet CONFIR arbitrary code within the context of 2017- calculaM(link is mediatek -- power_driver the kernel. This issue is rated as 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A- 34259126. References: M- ALPS03150278. An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged CVE- process. Product: Android. 2017-0616 Versions: N/A. Android ID: A- not yet CONFIR 34470286. References: M- 2017- calculaM(link is mediatek -- system_management ALPS03149160. 05-12 ted external) An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged CVE- process. Product: Android. 2017-0617 Versions: N/A. Android ID: A- not yet CONFIR 34471002. References: M- 2017- calculaM(link is mediatek -- video_driver ALPS03149173. 05-12 ted external) An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data CVE- without explicit user permission. 2017-0625 mediatek -- Product: Android. Versions: N/A. not yet CONFIR command_queue_driver Android ID: A-35142799. 2017- calculaM(link is References: M-ALPS03161531. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10281 Versions: N/A. Android ID: A- not yet CONFIR mediatek -- thermal_driver 28175647. References: M- 2017- calculaM(link is ALPS02696475. 05-12 ted external) An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10282 Versions: N/A. Android ID: A- not yet CONFIR mediatek -- thermal_driver 33939045. References: M- 2017- calculaM(link is ALPS03149189. 05-12 ted external) An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10280 Versions: N/A. Android ID: A- not yet CONFIR mediatek -- thermal_driver 28175767. References: M- 2017- calculaM(link is ALPS02696445. 05-12 ted external) An elevation of privilege vulnerability in the MediaTek CVE- touchscreen driver could enable a 2016- local malicious application to 10274 execute arbitrary code within the not yet CONFIR mediatek -- touchscreen context of the kernel. This issue is 2017- calculaM(link is rated as Critical due to the 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901. Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings CVE- when they present a certificate that 2017-0248 is invalid for a specific use, aka not yet CONFIR microsoft -- .net_framework ".NET Security Feature Bypass 2017- calculaM(link is Vulnerability." 05-12 ted external) An information disclosure vulnerability exists in the way CVE- some ActiveX objects are 2017-0242 instantiated, aka "Microsoft not yet CONFIR microsoft -- activex ActiveX Information Disclosure 2017- calculaM(link is Vulnerability." 05-12 ted external) A denial of service vulnerability CVE- exists when the ASP.NET Core not yet 2017-0247 fails to properly validate web 2017- calculaMISC(link microsoft -- asp_net requests. 05-12 ted is external) An elevation of privilege CVE- vulnerability exists when the not yet 2017-0249 microsoft -- asp_net ASP.NET Core fails to properly 2017- calculaMISC(link sanitize web requests. 05-12 ted is external) CVE- A spoofing vulnerability exists not yet 2017-0256 microsoft -- asp_net when the ASP.NET Core fails to 2017- calculaMISC(link properly sanitize web requests. 05-12 ted is external) CVE- A spoofing vulnerability exists 2017-0231 when Microsoft browsers render not yet CONFIR microsoft -- browsers SmartScreen Filter, aka "Microsoft 2017- calculaM(link is Browser Spoofing Vulnerability." 05-12 ted external) A remote code execution vulnerability exists in Microsoft not yet CVE- microsoft -- edge Edge in the way JavaScript engines 2017- calcula2017-0229 render when handling objects in 05-12 ted CONFIR

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info memory, aka "Scripting Engine M(link is Memory Corruption external) Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017- 0238. A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft CVE- scripting engines render when 2017-0266 handling objects in memory, aka not yet CONFIR microsoft -- edge "Microsoft Edge Remote Code 2017- calculaM(link is Execution Vulnerability." 05-12 ted external) A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE- CVE-2017-0228, CVE-2017-0229, 2017-0230 CVE-2017-0234, CVE-2017-0235, not yet CONFIR microsoft -- edge CVE-2017-0236, and CVE-2017- 2017- calculaM(link is 0238. 05-12 ted external) A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka CVE- "Microsoft Edge Memory 2017-0227 Corruption Vulnerability." This not yet CONFIR microsoft -- edge CVE ID is unique from CVE- 2017- calculaM(link is 2017-0221 and CVE-2017-0240. 05-12 ted external) A remote code execution vulnerability exists in Microsoft CVE- Edge in the way affected Microsoft 2017-0240 scripting engines render when not yet CONFIR microsoft -- edge handling objects in memory, aka 2017- calculaM(link is "Microsoft Edge Memory 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info Corruption Vulnerability." This CVE ID is unique from CVE- 2017-0221 and CVE-2017-0227. A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE- CVE- 2017-0224, CVE-2017-0228, 2017-0234 CVE-2017-0229, CVE-2017-0230, not yet CONFIR microsoft -- edge CVE-2017-0235, CVE-2017-0236, 2017- calculaM(link is and CVE-2017-0238. 05-12 ted external) A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE- CVE- 2017-0224, CVE-2017-0228, 2017-0235 CVE-2017-0229, CVE-2017-0230, not yet CONFIR microsoft -- edge CVE-2017-0234, CVE-2017-0236, 2017- calculaM(link is and CVE-2017-0238. 05-12 ted external) A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka CVE- "Microsoft Edge Memory 2017-0221 Corruption Vulnerability." This not yet CONFIR microsoft -- edge CVE ID is unique from CVE- 2017- calculaM(link is 2017-0227 and CVE-2017-0240. 05-12 ted external) An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker CVE- to escape from the AppContainer 2017-0233 sandbox in the browser, aka not yet CONFIR microsoft -- edge "Microsoft Edge Elevation of 2017- calculaM(link is Privilege Vulnerability." This CVE 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info ID is unique from CVE-2017- 0241. A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE- CVE- 2017-0224, CVE-2017-0228, 2017-0236 CVE-2017-0229, CVE-2017-0230, not yet CONFIR microsoft -- edge CVE-2017-0234, CVE-2017-0235, 2017- calculaM(link is and CVE-2017-0238. 05-12 ted external) An elevation of privilege vulnerability exists when Microsoft Edge renders a domain- less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the CVE- Internet Zone, aka "Microsoft Edge 2017-0241 Elevation of Privilege not yet CONFIR microsoft -- edge Vulnerability." This CVE ID is 2017- calculaM(link is unique from CVE-2017-0233. 05-12 ted external) A remote code execution vulnerability exists when Internet Explorer improperly accesses CVE- objects in memory, aka "Internet 2017-0226 Explorer Memory Corruption not yet CONFIR microsoft -- explorer Vulnerability." This CVE ID is 2017- calculaM(link is unique from CVE-2017-0222. 05-12 ted external) A remote code execution vulnerability exists when Internet Explorer improperly accesses CVE- objects in memory, aka "Internet 2017-0222 Explorer Memory Corruption not yet CONFIR microsoft -- explorer Vulnerability." This CVE ID is 2017- calculaM(link is unique from CVE-2017-0226. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info A security feature bypass vulnerability exists in Internet CVE- Explorer that allows for bypassing 2017-0064 Mixed Content warnings, aka not yet CONFIR microsoft -- explorer "Internet Explorer Security Feature 2017- calculaM(link is Bypass Vulnerability." 05-12 ted external) A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE- CVE-2017-0228, CVE-2017-0229, 2017-0238 CVE-2017-0230, CVE-2017-0234, not yet CONFIR microsoft -- javascript_engines CVE-2017-0235, and CVE-2017- 2017- calculaM(link is 0236. 05-12 ted external) A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE- CVE-2017-0229, CVE-2017-0230, 2017-0228 CVE-2017-0234, CVE-2017-0235, not yet CONFIR microsoft -- javascript_engines CVE-2017-0236, and CVE-2017- 2017- calculaM(link is 0238. 05-12 ted external) A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0228, CVE- CVE-2017-0229, CVE-2017-0230, 2017-0224 CVE-2017-0234, CVE-2017-0235, not yet CONFIR microsoft -- javascript_engines CVE-2017-0236, and CVE-2017- 2017- calculaM(link is 0238. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info The Microsoft Malware Protection CVE- Engine running on Microsoft 2017-0290 Forefront and Microsoft Defender BID(link on Microsoft Windows Server is external) 2008 SP2 and R2 SP1, Windows 7 MISC(link SP1, Windows 8.1, Windows is external) Server 2012 Gold and R2, MISC Windows RT 8.1, Windows 10 CONFIR Gold, 1511, 1607, and 1703, and M(link is Windows Server 2016 does not external) properly scan a specially crafted CONFIR file leading to memory corruption, M(link is aka "Microsoft Malware Protection not yet external) microsoft -- Engine Remote Code Execution 2017- calculaMISC(link malware_protection_engine Vulnerability." 05-09 ted is external) Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in CVE- memory, aka "Office Remote Code 2017-0281 Execution Vulnerability". This not yet CONFIR CVE ID is unique from CVE- 2017- calculaM(link is microsoft -- office 2017-0261 and CVE-2017-0262. 05-12 ted external) Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in CVE- memory, aka "Office Remote Code 2017-0262 Execution Vulnerability". This not yet CONFIR microsoft -- office CVE ID is unique from CVE- 2017- calculaM(link is 2017-0261 and CVE-2017-0281. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in CVE- memory, aka "Office Remote Code 2017-0261 Execution Vulnerability". This not yet CONFIR microsoft -- office CVE ID is unique from CVE- 2017- calculaM(link is 2017-0262 and CVE-2017-0281. 05-12 ted external) Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft CVE- Office Memory Corruption 2017-0264 Vulnerability". This CVE ID is not yet CONFIR microsoft -- powerpoint_mac unique from CVE-2017-0254 and 2017- calculaM(link is CVE-2017-0265. 05-12 ted external) Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft CVE- Office Memory Corruption 2017-0265 Vulnerability". This CVE ID is not yet CONFIR microsoft -- powerpoint_mac unique from CVE-2017-0254 and 2017- calculaM(link is CVE-2017-0264. 05-12 ted external) Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB CVE- Information Disclosure 2017-0274 Vulnerability". This CVE ID is not yet CONFIR unique from CVE-2017-0267, 2017- calculaM(link is microsoft -- server_message_block CVE-2017-0268, CVE-2017-0270, 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276. Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is CVE- unique from CVE-2017-0267, 2017-0275 CVE-2017-0268, CVE-2017-0270, not yet CONFIR CVE-2017-0271, CVE-2017-0274, 2017- calculaM(link is microsoft -- server_message_block and CVE-2017-0276. 05-12 ted external) The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code CVE- Execution Vulnerability". This 2017-0279 CVE ID is unique from CVE- not yet CONFIR 2017-0272, CVE-2017-0277, and 2017- calculaM(link is microsoft -- server_message_block CVE-2017-0278. 05-12 ted external) The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 CVE- SP2 and R2 SP1, Windows 7 SP1, 2017-0277 Windows 8.1, Windows Server not yet CONFIR 2012 Gold and R2, Windows RT 2017- calculaM(link is microsoft -- server_message_block 8.1, Windows 10 Gold, 1511, 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE- 2017-0272, CVE-2017-0278, and CVE-2017-0279. The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the CVE- server, aka "Windows SMB Denial 2017-0280 of Service Vulnerability". This not yet CONFIR CVE ID is unique from CVE- 2017- calculaM(link is microsoft -- server_message_block 2017-0269 and CVE-2017-0273. 05-12 ted external) The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code CVE- Execution Vulnerability". This 2017-0278 CVE ID is unique from CVE- not yet CONFIR 2017-0272, CVE-2017-0277, and 2017- calculaM(link is microsoft -- server_message_block CVE-2017-0279. 05-12 ted external) Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, CVE- Windows 8.1, Windows Server 2017-0270 2012 Gold and R2, Windows RT not yet CONFIR microsoft -- server_message_block 8.1, Windows 10 Gold, 1511, 2017- calculaM(link is 1607, and 1703, and Windows 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is CVE- unique from CVE-2017-0267, 2017-0271 CVE-2017-0268, CVE-2017-0270, not yet CONFIR microsoft -- server_message_block CVE-2017-0274, CVE-2017-0275, 2017- calculaM(link is and CVE-2017-0276. 05-12 ted external) Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB CVE- Information Disclosure 2017-0267 Vulnerability". This CVE ID is not yet CONFIR microsoft -- server_message_block unique from CVE-2017-0268, 2017- calculaM(link is CVE-2017-0270, CVE-2017-0271, 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the CVE- server, aka "Windows SMB Denial 2017-0273 of Service Vulnerability". This not yet CONFIR microsoft -- server_message_block CVE ID is unique from CVE- 2017- calculaM(link is 2017-0269 and CVE-2017-0280. 05-12 ted external) Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is CVE- unique from CVE-2017-0267, 2017-0268 CVE-2017-0270, CVE-2017-0271, not yet CONFIR microsoft -- server_message_block CVE-2017-0274, CVE-2017-0275, 2017- calculaM(link is and CVE-2017-0276. 05-12 ted external) The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the CVE- server, aka "Windows SMB Denial 2017-0269 of Service Vulnerability". This not yet CONFIR microsoft -- server_message_block CVE ID is unique from CVE- 2017- calculaM(link is 2017-0273 and CVE-2017-0280. 05-12 ted external) The Microsoft Server Message Block 1.0 (SMBv1) server on CVE- Microsoft Windows Server 2008 2017-0272 SP2 and R2 SP1, Windows 7 SP1, not yet CONFIR microsoft -- server_message_block Windows 8.1, Windows Server 2017- calculaM(link is 2012 Gold and R2, Windows RT 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE- 2017-0277, CVE-2017-0278, and CVE-2017-0279. Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is CVE- unique from CVE-2017-0267, 2017-0276 CVE-2017-0268, CVE-2017-0270, not yet CONFIR microsoft -- server_message_block CVE-2017-0271, CVE-2017-0274, 2017- calculaM(link is and CVE-2017-0275. 05-12 ted external) The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information CVE- Disclosure Vulnerability," a 2017-0259 different vulnerability than CVE- not yet CONFIR microsoft -- server 2017-0175, CVE-2017-0220, and 2017- calculaM(link is CVE-2017-0258. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, CVE- or in Windows 7 for x64-based 2017-0244 systems, cause denial of service, not yet CONFIR microsoft -- server aka "Windows Kernel Elevation of 2017- calculaM(link is Privilege Vulnerability." 05-12 ted external) The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information CVE- Disclosure Vulnerability," a 2017-0258 different vulnerability than CVE- not yet CONFIR microsoft -- server 2017-0175, CVE-2017-0220, and 2017- calculaM(link is CVE-2017-0259. 05-12 ted external) The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows CVE- 7 for x64-based Systems and later, 2017-0246 cause denial of service, aka not yet CONFIR microsoft -- server "Win32k Elevation of Privilege 2017- calculaM(link is Vulnerability." 05-12 ted external) The kernel-mode drivers in CVE- Windows Server 2008 SP2 and R2 2017-0245 SP1, Windows 7 SP1 and not yet CONFIR microsoft -- server Windows Server 2012 Gold allow 2017- calculaM(link is a local authenticated attacker to 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability." Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does CVE- not properly sanitize a specially 2017-0255 crafted web request, aka not yet CONFIR microsoft -- sharepoint_foundation "Microsoft SharePoint XSS 2017- calculaM(link is Vulnerability". 05-12 ted external) Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially CVE- microsoft -- crafted application, aka "Windows 2017-0213 windows_com_aggregate_marshal COM Elevation of Privilege not yet CONFIR er Vulnerability". This CVE ID is 2017- calculaM(link is unique from CVE-2017-0214. 05-12 ted external) Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to CVE- properly validate vSMB packet 2017-0212 data, aka "Windows Hyper-V not yet CONFIR microsoft -- windows_hyper_v vSMB Elevation of Privilege 2017- calculaM(link is Vulnerability". 05-12 ted external) The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows CVE- authenticated attackers to obtain 2017-0175 sensitive information via a not yet CONFIR microsoft -- windows_server specially crafted document, aka 2017- calculaM(link is "Windows Kernel Information 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info Disclosure Vulnerability," a different vulnerability than CVE- 2017-0220, CVE-2017-0258, and CVE-2017-0259. Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are CVE- configured to answer version 2017-0171 queries, aka "Windows DNS not yet CONFIR microsoft -- windows_server Server Denial of Service 2017- calculaM(link is Vulnerability". 05-12 ted external) Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka CVE- "Windows COM Elevation of 2017-0214 Privilege Vulnerability". This CVE not yet CONFIR microsoft -- windows_server ID is unique from CVE-2017- 2017- calculaM(link is 0213. 05-12 ted external) The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information CVE- Disclosure Vulnerability," a 2017-0220 different vulnerability than CVE- not yet CONFIR microsoft -- windows_server 2017-0175, CVE-2017-0258, and 2017- calculaM(link is CVE-2017-0259. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, CVE- or in Windows 7 and later, cause 2017-0077 denial of service, aka "Win32k not yet CONFIR microsoft -- windows_server Information Disclosure 2017- calculaM(link is Vulnerability." 05-12 ted external) The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server CVE- 2016 allow local users to gain 2017-0263 privileges via a crafted application, not yet CONFIR microsoft -- windows_server aka "Win32k Elevation of 2017- calculaM(link is Privilege Vulnerability." 05-12 ted external) The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive CVE- information from process memory 2017-0190 via a crafted web site, aka "GDI not yet CONFIR microsoft -- windows_server Information Disclosure 2017- calculaM(link is Vulnerability." 05-12 ted external) Untrusted search path vulnerability CVE- in installers for The Public 2017-2157 Certification Service for JVN(link Individuals "The JPKI user's not yet is external) microsoft -- windows_vista software (for Windows 7 and 2017- calculaMISC(link later)" Ver3.1 and earlier, The 05-12 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)", The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier that were available until April 27, 2017 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office CVE- Memory Corruption 2017-0254 Vulnerability". This CVE ID is not yet CONFIR microsoft -- word unique from CVE-2017-0264 and 2017- calculaM(link is CVE-2017-0265. 05-12 ted external) Integer signedness error in CVE- MiniUPnP MiniUPnPc 2017-8798 v1.4.20101221 through v2.0 allows MISC(link remote attackers to cause a denial not yet is external) miniupnp -- miniupnpc of service or possibly have 2017- calculaMISC(link unspecified other impact. 05-10 ted is external) An elevation of privilege vulnerability in the Motorola CVE- bootloader could enable a local 2016- malicious application to execute 10277 arbitrary code within the context of not yet CONFIR motorola -- bootloader the bootloader. This issue is rated 2017- calculaM(link is as Critical due to the possibility of 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A- 33840490. CVE- 2017-5461 BID(link is external) CONFIR M CONFIR M CONFIR M CONFIR M Mozilla Network Security Services CONFIR (NSS) before 3.21.4, 3.22.x M through 3.28.x before 3.28.4, CONFIR 3.29.x before 3.29.5, and 3.30.x M before 3.30.1 allows remote CONFIR attackers to cause a denial of M service (out-of-bounds write) or CONFIR mozilla -- possibly have unspecified other not yet M network_security_seervices impact by leveraging incorrect 2017- calculaCONFIR base64 operations. 05-10 ted M An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer multicoreware -- underflow, which leads to a Denial not yet CVE- planeclipandmax() of Service in the process of 2017- calcula2017-8906 encoding. 05-11 ted MISC

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE- Cross-site scripting vulnerability in 2017-2122 Nessus versions 6.8.0, 6.8.1, 6.9.0, JVN(link 6.9.1 and 6.9.2 allows remote is external) authenticated attackers to inject not yet CONFIR nessus -- nessus arbitrary web script or HTML via 2017- calculaM(link is unspecified vectors. 05-12 ted external) CVE- Nextcloud Server before 9.0.58 2017-0891 and 10.0.5 and 11.0.3 are MISC(link vulnerable to an inadequate is external) escaping of error messages leading not yet CONFIR to XSS vulnerabilities in multiple 2017- calculaM(link is netcloud -- server components. 05-08 ted external) Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a CVE- behaviour change in Safari 10.1 2017-0893 and 10.2. Note that Nextcloud MISC(link employs a strict Content-Security- is external) Policy preventing exploitation of not yet CONFIR this XSS issue on modern web 2017- calculaM(link is netcloud -- server browsers. 05-08 ted external) Nextcloud Server before 10.0.4 CVE- and 11.0.2 are vulnerable to 2017-0895 disclosure of calendar and MISC(link addressbook names to other is external) logged-in users. Note that no actual not yet CONFIR content of the calendar and 2017- calculaM(link is netcloud -- server addressbook has been disclosed. 05-08 ted external) Nextcloud Server before 11.0.3 is CVE- vulnerable to disclosure of valid 2017-0894 share tokens for public calendars MISC(link due to a logical error. Thus is external) granting an attacker potentially not yet CONFIR access to publicly shared calendars 2017- calculaM(link is netcloud -- server without knowing the share token. 05-08 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE- Nextcloud Server before 11.0.3 is 2017-0892 vulnerable to an improper session MISC(link handling allowed an application is external) specific password without not yet CONFIR permission to the files access to the 2017- calculaM(link is netcloud -- server users file. 05-08 ted external) Nextcloud Server before 11.0.3 is CVE- vulnerable to an inadequate 2017-0890 escaping leading to a XSS MISC(link vulnerability in the search module. is external) To be exploitable a user has to not yet CONFIR netcloud -- server write or paste malicious content 2017- calculaM(link is into the search dialogue. 05-08 ted external) All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL CVE- pointer dereference caused by 2017-0351 invalid user input may lead to not yet CONFIR nvidia -- denial of service or potential 2017- calculaM(link is nvidia_gpu_display_driver escalation of privileges. 05-09 ted external) All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race CVE- condition due to lack of 2017-0343 synchronization in two functions not yet CONFIR nvidia -- leading to a denial of service or 2017- calculaM(link is nvidia_gpu_display_driver potential escalation of privileges. 05-09 ted external) All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation CVE- may cause an invalid address 2017-0342 access leading to denial of service not yet CONFIR nvidia -- or potential escalation of 2017- calculaM(link is nvidia_gpu_display_driver privileges. 05-09 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated CVE- allows out of bound access in 2017-0345 kernel memory and may lead to not yet CONFIR nvidia -- denial of service or potential 2017- calculaM(link is nvidia_gpu_display_driver escalation of privileges 05-09 ted external) All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode CVE- layer handler for DxgDdiEscape 2017-0353 where due to improper locking on not yet CONFIR nvidia -- certain conditions may lead to a 2017- calculaM(link is nvidia_gpu_display_driver denial of service 05-09 ted external) All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to CVE- certain function requiring lower 2017-0354 IRQL can be made under raised not yet CONFIR nvidia -- IRQL which may lead to a denial 2017- calculaM(link is nvidia_gpu_display_driver of service. 05-09 ted external) All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where CVE- the size of an input buffer is not 2017-0346 validated, leading to denial of not yet CONFIR nvidia -- service or potential escalation of 2017- calculaM(link is nvidia_gpu_display_driver privileges. 05-09 ted external) All versions of the NVIDIA Windows GPU Display Driver CVE- contain a vulnerability in the 2017-0344 kernel mode layer (nvlddmkm.sys) not yet CONFIR nvidia -- handler for DxgDdiEscape may 2017- calculaM(link is nvidia_gpu_display_driver allow users to gain access to 05-09 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info arbitrary physical memory, leading to escalation of privileges. All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware CVE- where incorrect access control may 2017-0352 allow CPU access sensitive GPU not yet CONFIR nvidia -- control registers, leading to an 2017- calculaM(link is nvidia_gpu_display_driver escalation of privileges 05-09 ted external) All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not CVE- correctly validated and used in an 2017-0350 offset calculation may lead to not yet CONFIR nvidia -- denial of service or potential 2017- calculaM(link is nvidia_gpu_display_driver escalation of privileges. 05-09 ted external) All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for CVE- DxgkDdiEscape where it may 2017-0355 access paged memory while not yet CONFIR nvidia -- holding a spinlock, leading to a 2017- calculaM(link is nvidia_gpu_display_driver denial of service. 05-09 ted external) All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) CVE- handler where a NULL pointer 2017-0348 dereference may lead to denial of not yet CONFIR nvidia -- service or potential escalation of 2017- calculaM(link is nvidia_gpu_display_driver privileges. 05-09 ted external) All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) CVE- handler for DxgkDdiEscape where 2017-0347 a value passed from a user to the not yet CONFIR nvidia -- driver is not correctly validated 2017- calculaM(link is nvidia_gpu_display_driver and used as the index to an array, 05-09 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info which may lead to denial of service or potential escalation of privileges. All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated CVE- before it is dereferenced for a write 2017-0349 operation, may lead to denial of not yet CONFIR nvidia -- service or potential escalation of 2017- calculaM(link is nvidia_gpu_display_driver privileges. 05-09 ted external) All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an CVE- access to a pointer that has not 2017-0341 nvidia -- been initialized which may lead to not yet CONFIR nvidia_gpu_display_driver denial of service or potential 2017- calculaM(link is escalation of privileges. 05-09 ted external) An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, CVE- the vulnerability may result in not yet 2017-8851 having the device unusable until a 2017- calculaMISC(link oneplus -- one_x Factory Reset is performed. This 05-11 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016- 10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA. An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater- script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE- 2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use 'adb CVE- sideload' to push the OTA (on not yet 2017-8850 oneplus -- one_x OnePlus 3/3T 'Secure Start-up' 2017- calculaMISC(link must be off). 05-11 ted is external) An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a CVE- lenient 'updater-script' in OTAs not yet 2017-5948 oneplus -- one_x that does not check that the current 2017- calculaMISC(link version is lower than or equal to 05-11 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016- 10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off). An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital CVE- signature), it unnecessarily 2016- increases the attack surface, and 10370 allows for remote exploitation of MISC(link other vulnerabilities such as CVE- not yet is external) oneplus -- ota_updater 2017-5948, CVE-2017-8850, and 2017- calculaMISC(link CVE-2017-8851. 05-11 ted is external) Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers CVE- opentexttempobox -- to inject arbitrary web script or not yet 2017-8892 opentext_tempo_box HTML persistently via the name of 2017- calculaMISC(link an uploaded image. 05-10 ted is external) CVE- Acceptance of invalid/self-signed 2017-8060 TLS certificates in "Panda Mobile BID(link Security" 1.1 for iOS allows a not yet is external) panda -- mobile_security man-in-the-middle and/or 2017- calculaMISC(link physically proximate attacker to 05-05 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info silently intercept information sent during the login API call. In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip CVE- the SSL/TLS protection from a not yet 2017-7485 connection between a client and a 2017- calculaCONFIR postgresql -- pgrequiressl server. 05-12 ted M PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords CVE- to any user having USAGE not yet 2017-7486 privilege on the associated foreign 2017- calculaCONFIR postgresql -- postgresql server. 05-12 ted M It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal CVE- some information from tables they not yet 2017-7484 postgresql -- postgresql are otherwise not allowed to 2017- calculaCONFIR access. 05-12 ted M An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute CVE- arbitrary code within the context of 2017-0606 the kernel. This issue is rated as not yet CONFIR High because it first requires 2017- calculaM(link is qualcomm -- sound_driver compromising a privileged 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info process. Product: Android. Versions: Kernel-3.10, Kernel- 3.18. Android ID: A-34088848. References: QC-CR#1116015. An elevation of privilege vulnerability in the Qualcomm Wi- Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10283 Versions: Kernel-3.10, Kernel- not yet CONFIR qualcomm -- wi_fi_driver 3.18. Android ID: A-32094986. 2017- calculaM(link is References: QC-CR#2002052. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: CVE- Android. Versions: Kernel-3.10, 2017-0465 Kernel-3.18. Android ID: A- not yet CONFIR qualcomm -- adsprpc_driver 34112914. References: QC- 2017- calculaM(link is CR#1110747. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require CVE- reflashing the operating system to 2016- repair the device. Product: 10276 Android. Versions: N/A. Android not yet CONFIR qualcomm -- bootloader ID: A-32952839. References: QC- 2017- calculaM(link is CR#1094105. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require CVE- reflashing the operating system to 2016- repair the device. Product: 10275 Android. Versions: N/A. Android not yet CONFIR qualcomm -- bootloader ID: A-34514954. References: QC- 2017- calculaM(link is CR#1009111. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10289 Versions: Kernel-3.10, Kernel- not yet CONFIR qualcomm -- crypto_driver 3.18. Android ID: A-33899710. 2017- calculaM(link is References: QC-CR#1116295. 05-12 ted external) An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10295 Versions: Kernel-3.18. Android not yet CONFIR qualcomm -- led_driver ID: A-33781694. References: QC- 2017- calculaM(link is CR#1109326. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm CVE- LED driver could enable a local not yet 2016- qualcomm -- led_driver malicious application to execute 2017- calcula10288 arbitrary code within the context of 05-12 ted CONFIR

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info the kernel. This issue is rated as M(link is High because it first requires external) compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC- CR#1109763. An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10294 Versions: Kernel-3.10, Kernel- not yet CONFIR qualcomm -- power_driver 3.18. Android ID: A-33621829. 2017- calculaM(link is References: QC-CR#1105481. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged CVE- process. Product: Android. 2017-0620 qualcomm -- Versions: Kernel-3.10, Kernel- not yet CONFIR secure_channel_manager 3.18. Android ID: A-35401052. 2017- calculaM(link is References: QC-CR#1081711. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is CVE- rated as High because it first 2017-0612 requires compromising a not yet CONFIR privileged process. Product: 2017- calculaM(link is qualcomm -- secure_execution Android. Versions: Kernel-3.18. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info Android ID: A-34389303. References: QC-CR#1061845. An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: CVE- Android. Versions: Kernel-3.10, 2017-0614 Kernel-3.18. Android ID: A- not yet CONFIR 35399405. References: QC- 2017- calculaM(link is qualcomm -- secure_execution CR#1080290. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: CVE- Android. Versions: Kernel-3.10, 2017-0613 Kernel-3.18. Android ID: A- not yet CONFIR 35400457. References: QC- 2017- calculaM(link is qualcomm -- secure_execution CR#1086140. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a CVE- privileged process. Product: 2016- Android. Versions: Kernel-3.10, 10290 qualcomm -- Kernel-3.18. Android ID: A- not yet CONFIR shared_memory_driver 33898330. References: QC- 2017- calculaM(link is CR#1109782. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a CVE- privileged process. Product: 2016- Android. Versions: Kernel-3.10, 10296 qualcomm -- Kernel-3.18. Android ID: A- not yet CONFIR shared_memory_driver 33845464. References: QC- 2017- calculaM(link is CR#1109782. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10291 Versions: Kernel-3.10. Android not yet CONFIR qualcomm -- slimbus_driver ID: A-34030871. References: QC- 2017- calculaM(link is CR#986837. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged CVE- process. Product: Android. 2017-0611 Versions: Kernel-3.10, Kernel- not yet CONFIR 3.18. Android ID: A-35393841. 2017- calculaM(link is qualcomm -- sound-driver References: QC-CR#1084210. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm CVE- sound driver could enable a local 2017-0609 malicious application to execute not yet CONFIR arbitrary code within the context of 2017- calculaM(link is qualcomm -- sound-driver the kernel. This issue is rated as 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel- 3.18. Android ID: A-35399801. References: QC-CR#1090482. An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged CVE- process. Product: Android. 2017-0610 Versions: Kernel-3.10, Kernel- not yet CONFIR 3.18. Android ID: A-35399404. 2017- calculaM(link is qualcomm -- sound-driver References: QC-CR#1094852. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged CVE- process. Product: Android. 2017-0608 Versions: Kernel-3.10, Kernel- not yet CONFIR qualcomm -- sound-driver 3.18. Android ID: A-35400458. 2017- calculaM(link is References: QC-CR#1098363. 05-12 ted external) An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a CVE- privileged process. Product: 2017-0632 Android. Versions: Kernel-3.10. not yet CONFIR qualcomm -- sound_codec_driver Android ID: A-35392586. 2017- calculaM(link is References: QC-CR#832915. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10287 Versions: Kernel-3.10, Kernel- not yet CONFIR qualcomm -- sound_driver 3.18. Android ID: A-33784446. 2017- calculaM(link is References: QC-CR#1112751. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10285 Versions: Kernel-3.18. Android not yet CONFIR qualcomm -- video_driver ID: A-33752702. References: QC- 2017- calculaM(link is CR#1104899. 05-12 ted external) An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10293 Versions: Kernel-3.10. Android not yet CONFIR qualcomm -- video_driver ID: A-33352393. References: QC- 2017- calculaM(link is CR#1101943. 05-12 ted external) An elevation of privilege vulnerability in the Qualcomm CVE- video driver could enable a local 2016- malicious application to execute 10284 arbitrary code within the context of not yet CONFIR qualcomm -- video_driver the kernel. This issue is rated as 2017- calculaM(link is High because it first requires 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel- 3.18. Android ID: A-32402303. References: QC-CR#2000664. An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires CVE- compromising a privileged 2016- process. Product: Android. 10286 Versions: Kernel-3.18. Android not yet CONFIR qualcomm -- video_driver ID: A-35400904. References: QC- 2017- calculaM(link is CR#1090237. 05-12 ted external) An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. CVE- Product: Android. Versions: 2017-0626 Kernel-3.10, Kernel-3.18. Android not yet CONFIR ID: A-35393124. References: QC- 2017- calculaM(link is qualcomm -- wifi_driver CR#1088050. 05-12 ted external) A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi- Fi subsystem. This issue is rated as High due to the possibility of CVE- remote denial of service. Product: 2016- Android. Versions: Kernel-3.10, 10292 Kernel-3.18. Android ID: A- not yet CONFIR qualcomm -- wifi_driver 34514463. References: QC- 2017- calculaM(link is CR#1065466. 05-12 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info An information disclosure vulnerability in the Qualcomm Wi- Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user CVE- permission. Product: Android. 2017-0624 Versions: Kernel-3.10, Kernel- not yet CONFIR qualcomm -- wifi_driver 3.18. Android ID: A-34327795. 2017- calculaM(link is References: QC-CR#2005832. 05-12 ted external) A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker CVE- to cause a denial of service 2017-6024 rockwell -- condition by sending a series of not yet BID(link automation_controllogix specific CIP-based commands to 2017- calculais external) the controller. 05-05 ted MISC The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164 -bus.c in the Linux kernel through 4.10.14 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by saa7164usc -- ssa7164_bus_get changing a certain sequence- not yet CVE- function number value, aka a "double fetch" 2017- calcula2017-8831 vulnerability. 05-08 ted MISC SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file CVE- received from an untrusted remote not yet 2017-8852 sap -- sapcar source. The problem is that the 2017- calculaMISC(link length of data written is an 05-10 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info arbitrary number found within the file. The vendor response is SAP Security Note 2441560. All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system CVE- remains operational and 2017-7967 VAMPSET responds, it is able to not yet CONFIR schneiderelectric -- vampset be shut down through its normal 2017- calculaM(link is closing protocol. 05-09 ted external) Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, CVE- and CP 1543SP-1 (All versions), 2017-2680 SIMATIC CP 1543-1 (All versions BID(link before V2.1), SIMATIC RF650R, is external) RF680R, RF685R (All versions not yet CONFIR siemens -- simatic_cp before V3.0), SIMATIC CP 1616, 2017- calculaM(link is CP 1604, DK-16xx PN IO (All 05-10 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info versions before V2.7), SCALANCE X200 (All versions), SCALANCE X200 IRT (All versions), SCALANCE X300, X408, X414 (All versions), SCALANCE XM400, XR500 (All versions), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 / UPS1600 PROFINET (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), PN/PN Coupler (All versions), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7- 400 incl. F and H (All versions), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.8 HF4), SINAMICS S110 w. PN (All versions), SINAMICS S120 (All versions before V4.8 HF4), SINAMICS S150 (All versions before V4.8 HF4), SINAMICS V90 w. PN (All versions), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (V4.7 before SP6 HF8 and before V4.5), SINUMERIK 840D sl (V4.7 before SP6 HF8 and before V4.5), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet. Siemens SIMATIC S7-300 incl. F and T (All versions before CVE- V3.X.14), SIMATIC S7-400 incl. 2017-2681 F and H (All versions), SIMATIC BID(link HMI Comfort Panels, HMI Multi is external) Panels, HMI Mobile Panels (All not yet CONFIR versions) could be affected by a 2017- calculaM(link is siemens -- simatic_s7 Denial-of-Service condition 05-11 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info induced by a specially crafted PROFINET DCP (Layer 2 - Ethernet) packet sent to an affected product. A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before CVE- SP1) that could allow an 2017-6867 authenticated, remote attacker who BID(link is member of the "administrators" is external) group to crash services by sending not yet CONFIR specially crafted messages to the 2017- calculaM(link is siemens -- simatic DCOM interface. 05-11 ted external) Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and V14 before SP1), SIMATIC STEP 7 (TIA Portal) (V13 all versions before SP2 and V14 before SP1), SIMATIC STEP 7 V5.X (All versions), STEP 7 - Micro/WIN SMART (All versions), SMART PC Access V2.0, SIMATIC Automation Tool (All versions), SIMATIC WinCC (All versions), SIMATIC PCS 7 (All versions), SIMATIC NET PC- Software (All versions), Primary Setup Tool (PST) (All versions), Security Configuration Tool (SCT) (All versions), SINEMA Server (All versions), SINAUT ST7CC (All versions), SIMATIC WinAC CVE- RTX 2010 SP2 (All versions), 2017-6865 SIMATIC WinAC RTX F 2010 BID(link SP2 (All versions), SINUMERIK is external) 808D Programming Tool (All not yet CONFIR siemens -- simatic versions), SIMATIC WinCC 2017- calculaM(link is flexible 2008 (All versions) could 05-11 ted external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet. Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 CVE- and earlier allows remote attackers not yet 2017-2164 to inject arbitrary web script or 2017- calculaJVN(link soy -- cms HTML via unspecified vectors. 05-12 ted is external) Directory traversal vulnerability in CVE- SOY CMS Ver.1.8.1 to Ver.1.8.12 not yet 2017-2163 soy -- cms allows authenticated attackers to 2017- calculaJVN(link read arbitrary files via shop_id. 05-12 ted is external) Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk CVE- Enterprise 6.0.x prior to 6.0.12, 2016-4858 Splunk Enterprise 5.0.x prior to JVN(link 5.0.16 and Splunk Light prior to is external) 6.4.2 allows remote attackers to not yet CONFIR inject arbitrary web script or 2017- calculaM(link is splunk -- enterprise_light HTML via unspecified vectors. 05-12 ted external) Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, CVE- Splunk Enterprise 5.0.x prior to 2016-4859 5.0.16 and Splunk Light prior to JVN(link 6.4.3 allows to redirect users to is external) arbitrary web sites and conduct not yet CONFIR phishing attacks via unspecified 2017- calculaM(link is splunk -- enterprise_light vectors. 05-12 ted external) Open redirect vulnerability in CVE- Splunk Enterprise 6.4.x prior to not yet 2016-4857 6.4.2, Splunk Enterprise 6.3.x prior 2017- calculaJVN(link splunk -- enterprise_light to 6.3.6, Splunk Enterprise 6.2.x 05-12 ted is external)

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info prior to 6.2.11 and Splunk Light CONFIR prior to 6.4.2 allows to redirect M(link is users to arbitrary web sites and external) conduct phishing attacks via unspecified vectors. Cross-site scripting vulnerability in CVE- Splunk Enterprise 6.3.x prior to 2016-4856 6.3.5 and Splunk Light 6.3.x prior JVN(link to 6.3.5 allows attacker with is external) administrator rights to inject not yet CONFIR splunk -- enterprise_light arbitrary web script or HTML via 2017- calculaM(link is unspecified vectors. 05-12 ted external) A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to cause a denial of service (application CVE- crash) or possibly have unspecified 2017-7698 other impact via a malformed PDF not yet CONFIR document, possibly a consequence 2017- calculaM(link is swftools -- pdf2swf of an error in Gfx.cc in Xpdf 3.02. 05-10 ted external) Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter CVE- to not yet 2017-8876 symphony -- meta_parameter content/content.blueprintssections. 2017- calculaMISC(link php. 05-10 ted is external) CVE- 2016- 10330 MLIST Directory traversal vulnerability in MISC(link synophoto_dsm_user, a SUID is external) program, as used in Synology MISC(link Photo Station before 6.5.3-3226 is external) allows local users to write to not yet CONFIR synology -- dsm_user arbitrary files via unspecified 2017- calculaM(link is vectors. 05-12 ted external) Directory traversal vulnerability in CVE- download.php in Synology Photo 2016- Station before 6.5.3-3226 allows 10331 remote attackers to read arbitrary not yet MISC(link synology -- photo_station files via a full pathname in the id 2017- calculais external) parameter. 05-12 ted CONFIR

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external) CVE- 2016- 10329 MLIST Command injection vulnerability MISC(link in login.php in Synology Photo is external) Station before 6.5.3-3226 allows MISC(link remote attackers to execute is external) arbitrary code via shell not yet CONFIR synology -- photo_station metacharacters in the crafted 'X- 2017- calculaM(link is Forwarded-For' header. 05-12 ted external) TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for CVE- AWS Marketplace 7.8.0 and earlier 2017-5527 contain multiple vulnerabilities not yet CONFIR tibco -- spotfire_server which may allow authorized users 2017- calculaM(link is to perform SQL injection attacks. 05-09 ted external) The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 CVE- HF10 may suffer from a memory 2016-7476 leak while handling certain types BID(link of TCP traffic. Remote attackers is external) trafficmanagementmicrokernel -- may cause a denial of service not yet CONFIR traffic_anagement_microkernel (DoS) by way of a crafted TCP 2017- calculaM(link is packet. 05-11 ted external) CVE- LightDM through 1.22.0, when 2017-8900 systemd is used in Ubuntu 16.10 CONFIR and 17.x, allows physically M(link is proximate attackers to bypass not yet external) ubuntu -- lightdm intended AppArmor restrictions 2017- calculaCONFIR and visit the home directories of 05-12 ted M(link is

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info arbitrary users by establishing a external) guest session. CONFIR M(link is external) An integer underflow has been identified in the unicode_to_utf8() CVE- unicodetoutf8() -- function in tnef 1.4.14. This might not yet 2017-8911 unicode_to_utf8()_function lead to invalid write operations, 2017- calculaMISC(link controlled by an attacker. 05-12 ted is external) unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a CVE- socket file, allowing a local user to 2016- cause a denial of service 10369 (preventing terminal launch), or MISC possibly have other impact not yet MISC unixsocket.c -- lxterminal (bypassing terminal access 2017- calculaMISC(link control). 05-08 ted is external) In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after- free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An authenticated attacker can use CVE- this vulnerability to crash the agent 2017-8895 veritasbackupexec -- or potentially take control of the not yet CONFIR veritas_backup_exec agent process and then the system 2017- calculaM(link is it is running on. 05-10 ted external) CVE- 2017-8858 In Veritas NetBackup 8.0 and BID(link earlier and NetBackup Appliance is external) 3.0 and earlier, there is not yet CONFIR unauthenticated privileged remote 2017- calculaM(link is veritas -- netbackup file write using the 'bprd' process. 05-09 ted external) In Veritas NetBackup 8.0 and earlier and NetBackup Appliance CVE- 3.0 and earlier, there is 2017-8857 unauthenticated file copy and not yet BID(link arbitrary remote command 2017- calculais external) veritas -- netbackup execution using the 'bprd' process. 05-09 ted CONFIR

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external) CVE- 2017-8859 BID(link In Veritas NetBackup Appliance is external) 3.0 and earlier, unauthenticated not yet CONFIR users can execute arbitrary 2017- calculaM(link is veritas -- netbackup commands as root. 05-09 ted external) CVE- In Veritas NetBackup 8.0 and 2017-8856 earlier and NetBackup Appliance BID(link 3.0 and earlier, there is is external) unauthenticated, arbitrary remote not yet CONFIR veritas -- netbackup command execution using the 2017- calculaM(link is 'bprd' process. 05-09 ted external) wolfSSL before 3.10.2 has an out- CVE- of-bounds memory access with 2017-8854 wolfssl -- loading crafted DH parameters, not yet CONFIR out_of_bounds_memory_access aka a buffer overflow triggered by 2017- calculaM(link is a malformed temporary DH file. 05-09 ted external) CVE- 2017-8855 wolfSSL before 3.11.0 does not not yet CONFIR prevent wc_DhAgree from 2017- calculaM(link is wolfssl -- wc_dhagree accepting a malformed DH key. 05-09 ted external) CSRF in the Clean Login plugin before 1.8 for WordPress allows CVE- remote attackers to change the not yet 2017-8875 wordpress -- clean_login_plugin login redirect URL or logout 2017- calculaMISC redirect URL. 05-10 ted MISC Xen through 4.6.x on 64-bit CVE- platforms mishandles a failsafe 2017-8905 callback, which might allow PV CONFIR guest OS users to execute arbitrary not yet M code on the host OS, aka XSA- 2017- calculaCONFIR xen -- failsafe 215. 05-11 ted M Xen through 4.8.x mishandles the "contains segment descriptors" CVE- property during not yet 2017-8904 GNTTABOP_transfer (aka guest 2017- calculaCONFIR xen -- gnttabop_transfer transfer) operations, which might 05-11 ted M

Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info allow PV guest OS users to CONFIR execute arbitrary code on the host M OS, aka XSA-214. Xen through 4.8.x on 64-bit CVE- platforms mishandles page tables 2017-8903 after an IRET hypercall, which CONFIR might allow PV guest OS users to not yet M xen -- iret_hypercall execute arbitrary code on the host 2017- calculaCONFIR OS, aka XSA-213. 05-11 ted M Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's CVE- README.md file offers a link to 2017-8833 v160.zip with a description of not yet CONFIR zencart -- main_page_parameter "Download latest in-development 2017- calculaM(link is version from github." 05-08 ted external) The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or CVE- zendstringextend -- possibly have unspecified other not yet 2017-8923 zend/zend_string_h impact by leveraging a script's use 2017- calculaMISC(link of .= with a long string. 05-12 ted is external)