Vulnerability Summary for the Week of October 9, 2017

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:  High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0  Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9  Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities Primary CVSS Source & Patch Vendor -- Product Description Published Score Info Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, CVE-2015-2146 the (6) priority_id parameter to MLIST(link is priority.php, the (7) os_id parameter external) phpbugtracker_project to os.php, or the (8) site_id parameter 2017-10- CONFIRM(link

-- phpbugtracker to site.php. 06 7.5 is external) Multiple SQL injection vulnerabilities CVE-2015-2147 in Issuetracker phpBugTracker before MISC(link is 1.7.0 allow remote attackers to external) phpbugtracker_project execute arbitrary SQL commands via 2017-10- MLIST(link is

-- phpbugtracker unspecified parameters. 06 7.5 external) Back to top

Medium Vulnerabilities CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback- page.php in the Profile Builder plugin before 2.0.3 for WordPress allow CVE-2014- remote attackers to inject 8492 arbitrary web script or MISC(link is HTML via the (1) external) site_name, (2) message, or 2017-10- MISC(link is

cozmoslabs -- profile_builder (3) site_url parameter. 06 4.3 external) CVE-2014- 0047 MLIST(link is external) Docker before 1.5 allows BID(link is local users to have external) unspecified impact via CONFIRM(li vectors involving unsafe 2017-10- nk is

docker -- docker /tmp usage. 06 4.6 external) Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary CVE-2014- web script or HTML via 7240 the value parameter in a MISC(link is master_response action to external) wp-admin/admin- 2017-10- MISC(link is

formget -- easy_contact_form_solution ajax.php. 06 4.3 external) There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a logic error. Although there is functionality to detect CSRF, it is called CVE-2017- too late in the ia.core.php 15063 code, allowing (for 2017-10- MISC(link is

intelliants -- subrion_cms example) an attack against 06 6.8 external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info the query parameter to panel/database. LAME 3.99.5 has a heap- based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sam ple_t in CVE-2017- libmp3lame/lame.c, a 15045 different vulnerability than 2017-10- MISC(link is

lame_project -- lame CVE-2017-9410. 06 4.3 external) LAME 3.99.5 has a stack- based buffer overflow in unpack_read_samples in CVE-2017- frontend/get_audio.c, a 15046 different vulnerability than 2017-10- MISC(link is

lame_project -- lame CVE-2017-9412. 06 4.3 external) nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and CVE-2015- application crash) via a 2297 crafted Authorization 2017-10- MLIST(link

libcsoap_project -- libcsoap header. 06 5.0 is external) Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified CVE-2015- impact via the id 2142 parameter to project.php, MLIST(link (2) hijack the is external) authentication of users for CONFIRM(li requests that cause an 2017-10- nk is

phpbugtracker_project -- phpbugtracker unspecified impact via the 06 6.0 external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php. Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for CVE-2015- requests that cause an 2143 unspecified impact via 2017-10- MLIST(link

phpbugtracker_project -- phpbugtracker unknown parameters. 06 6.8 is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not CVE-2017- require any privileges to 13068 successfully execute this 2017-10- MISC(link is

qnap -- qts_helpdesk attack. 06 5.0 external) CVE-2017- The web UI in Rapid7 15084 Metasploit before 4.14.1- CONFIRM(li 20170828 allows logout 2017-10- nk is

rapid7 -- metasploit CSRF, aka R7-2017-22. 06 4.3 external) Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary CVE-2014- web script or HTML via 8758 the order_id parameter in MISC(link is the gallery_album_sorting external) page to wp- 2017-10- MISC(link is

tech-banker -- gallery_bank admin/admin.php. 06 4.3 external) The Smush Image Compression and Optimization plugin CVE-2017- wpmudev -- before 2.7.6 for 15079 smush_image_compression_and_optimi WordPress allows 2017-10- CONFIRM

zation directory traversal. 06 5.0 CONFIRM Back to top

Low Vulnerabilities Primary CVSS Source & Patch Vendor -- Product Description Published Score Info Cross-site scripting (XSS) 2017-10- CVE-2014-8957

openkm -- openkm vulnerability in OpenKM before 06 3.5 MISC(link is Primary CVSS Source & Patch Vendor -- Product Description Published Score Info 6.4.19 allows remote authenticated external) users to inject arbitrary web script or BID(link is HTML via the Tasks parameter. external) MISC(link is external) Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) CVE-2015-2144 Description parameter to severity.php; MLIST(link is the (6) Regex parameter to os.php; or external) phpbugtracker_project the (7) Name parameter to 2017-10- CONFIRM(link

-- phpbugtracker database.php. 06 3.5 is external) Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary CVE-2015-2145 phpbugtracker_project web script or HTML via unspecified 2017-10- MLIST(link is

-- phpbugtracker parameters. 06 3.5 external) Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary CVE-2015-2148 phpbugtracker_project web script or HTML via unspecified 2017-10- MLIST(link is

-- phpbugtracker parameters. 06 3.5 external) Back to top

Severity Not Yet Assigned CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info Directory traversal vulnerability in the not CVE- accellion -- template function in function.inc in 2017 yet 2015- file_transfer_appliance Accellion File Transfer Appliance devices -10- calcu2856 before FTA_9_11_210 allows remote 10 lated MISC(li CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info attackers to read arbitrary files via a .. (dot nk is dot) in the statecode cookie. external) /bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware CVE- before 3.0 allows an attacker to set his own 2017- session id via a "Cookie: PHPSESSID=" not 15304 header. This can be used to achieve 2017 yet MISC(li airtame -- airtame persistent access to the admin panel even -10- calcunk is after an admin password change. 14 lated external) Directory traversal vulnerability in the Visor CVE- GUI Console in GridGain before 1.7.16, 2017- 1.8.x before 1.8.12, 1.9.x before 1.9.7, and not 14614 8.x before 8.1.5 allows remote authenticated 2017 yet MLIST(l apache -- gridgrain users to read arbitrary files on remote -10- calcuink is cluster nodes via a crafted path. 09 lated external) An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to CVE- properly handle XML External Entities was not 2017- applied on the Apache NiFi 1.4.0 release. 2017 yet 12623 apache -- nifi Users running a prior 1.x release should -10- calcuCONFIR upgrade to the appropriate release. 10 lated M CVE- 2016- 8736 not MISC Apache Openmeetings before 3.1.2 is 2017 yet BID(link apache -- openmeetings vulnerable to Remote Code Execution via -10- calcuis RMI deserialization attack. 12 lated external) CVE- 2016- 6815 BID(link In Apache Ranger before 0.6.2, users with not is "keyadmin" role should not be allowed to 2017 yet external) apache -- ranger change password for users with "admin" -10- calcuCONFIR role. 13 lated M The XML-RPC protocol support in Apache not CVE- Roller before 5.0.3 allows attackers to 2017 yet 2014- apache -- roller conduct XML External Entity (XXE) -10- calcu0030 attacks via unspecified vectors. 09 lated CONFIR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info M(link is external) MLIST CVE- 2017- 12629 MISC(li nk is external) BID(link is external) MISC(li nk is Remote code execution occurs in Apache external) Solr before 7.1 with Apache Lucene before MISC(li 7.1 by exploiting XXE in conjunction with nk is use of a Config API add-listener command not external) to reach the RunExecutableListener class. 2017 yet MISC(li apache -- solr Elasticsearch, although it uses Lucene, is -10- calcunk is NOT vulnerable to this. 14 lated external) CVE- Two four letter word commands 2017- "wchp/wchc" are CPU intensive and could 5637 cause spike of CPU utilization on Apache BID(link ZooKeeper server if abused, which leads to is the server unable to serve legitimate client not external) requests. Apache ZooKeeper thru version 2017 yet CONFIR apache-- zookeeper 3.4.9 and 3.5.2 suffer from this issue, fixed -10- calcuM in 3.4.10, 3.5.3, and later. 09 lated MLIST In Asterisk 11.x before 11.25.3, 13.x before CVE- 13.17.2, and 14.x before 14.6.2 and 2017- Certified Asterisk 11.x before 11.6-cert18 14603 and 13.x before 13.13-cert6, insufficient CONFIR RTCP packet validation could allow reading M stale buffer contents and when combined not DEBIA with the "nat" and "symmetric_rtp" options 2017 yet N asterisk -- asterisk allow redirecting where Asterisk sends the -10- calcuCONFIR next RTCP report. 09 lated M atlassian -- Various resources in Atlassian FishEye and 2017 CVE- fisheye_and_crucible Crucible before version 4.4.2 allow remote -10- not 2017- attackers to inject arbitrary HTML or 11 yet 14588 CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info JavaScript via a cross site scripting (XSS) calcuBID(link vulnerability in the dialog parameter. lated is external) MISC(li nk is external) MISC(li nk is external) CVE- 2017- 14587 The administration user deletion resource in MISC(li Atlassian FishEye and Crucible before nk is version 4.4.2 allows remote attackers to not external) atlassian -- inject arbitrary HTML or JavaScript via a 2017 yet MISC(li fisheye_and_crucible cross site scripting (XSS) vulnerability in -10- calcunk is the uname parameter. 11 lated external) CVE- 2015- 6521 MLIST(l ink is not external) 2017 yet CONFIR atutor -- lms Multiple cross-site scripting (XSS) -10- calcuM(link is vulnerabilities in ATutor LMS version 2.2. 10 lated external) Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be CVE- loaded. An attacker who can log in to 2017- Bamboo as a user is able to exploit this not 9514 vulnerability to execute Java code of their 2017 yet CONFIR bamboo -- bamboo choice on systems that have vulnerable -10- calcuM(link is versions of Bamboo. 12 lated external) CVE- 2017- not 15194 include/global_session.php in Cacti 1.1.25 2017 yet SECTR cacti -- cacti has XSS related to (1) the URI or (2) the -10- calcuACK(lin refresh page. 10 lated k is CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info external) CONFIR M(link is external) CONFIR M(link is external) CVE- 2015- 6358 CISCO(l ink is external) CERT- VN Multiple Cisco embedded devices use BID(link hardcoded X.509 certificates and SSH host is keys embedded in the firmware, which external) allows remote attackers to defeat SECTR cryptographic protection mechanisms and ACK(lin conduct man-in-the-middle attacks by k is leveraging knowledge of these certificates external) and keys from another installation, aka Bug SECTR IDs CSCuw46610, CSCuw46620, ACK(lin CSCuw46637, CSCuw46654, k is CSCuw46665, CSCuw46672, external) CSCuw46677, CSCuw46682, SECTR CSCuw46705, CSCuw46716, ACK(lin CSCuw46979, CSCuw47005, k is CSCuw47028, CSCuw47040, external) CSCuw47048, CSCuw47061, not SECTR CSCuw90860, CSCuw90869, 2017 yet ACK(lin cisco -- firmware CSCuw90875, CSCuw90881, -10- calcuk is CSCuw90899, and CSCuw90913. 12 lated external) CVE- 2017- 10857 Cybozu Office 10.0.0 to 10.6.1 allows not JVN(link authenticated attackers to bypass access 2017 yet is cybozu -- office restriction to perform arbitrary actions via -10- calcuexternal) "Cabinet" function. 12 lated CONFIR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info M(link is external) CVE- The dotCMS 4.1.1 application is vulnerable 2017- to Stored Cross-Site Scripting (XSS) not 15219 affecting a vanity-urls Title field, a 2017 yet MISC(li dotcms -- dotcms containers Description field, and a templates -10- calcunk is Description field. 10 lated external) CVE- 2017- 15287 MISC(li nk is external) There is XSS in the BouquetEditor EXPLOI WebPlugin for Dream Multimedia not T- dream -- Dreambox devices, as demonstrated by the 2017 yet DB(link multimedia_dreambox_devices "Name des Bouquets" field, or the file -10- calcuis parameter to the /file URI. 12 lated external) CVE- 2017- 8017 CONFIR M BID(link EMC Network Configuration Manager is (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is external) emc -- affected by a reflected cross-site scripting not SECTR network_configuration_manag Vulnerability that could potentially be 2017 yet ACK(lin er exploited by malicious users to compromise -10- calcuk is the affected system. 11 lated external) The Epson "EasyMP" software (tested on version 2.86) is designed to remotely stream a user's computer to supporting projectors. These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are CVE- streaming. In addition to the password, each 2017- projector (tested on PowerLite Pro G5650W not 12860 and G6050W) has a hardcoded "backdoor" 2017 yet MISC(li epson -- software code (2270), which authenticates to all -10- calcunk is devices. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info The Epson "EasyMP" software (tested on version 2.86) is designed to remotely stream a user's computer to supporting projectors. These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only those who can view it are streaming. All Epson projectors (tested on PowerLite Pro G5650W and CVE- G6050W)supporting the "EasyMP" 2017- software are vulnerable to a brute-force not 12861 vulnerability, allowing any attacker on the 2017 yet MISC(li epson -- software network to remotely control and stream to -10- calcunk is the vulnerable device. 10 lated external) A persistent (stored) XSS vulnerability in CVE- the EyesOfNetwork web interface (aka 2017- eonweb) 5.1-0 allows remote authenticated not 15188 eyesofnetwork -- administrators to inject arbitrary web script 2017 yet MISC(li eyesofnetwork or HTML via the hosts array parameter to -10- calcunk is module/admin_device/index.php. 10 lated external) CVE- 2017- 15220 Flexense VX Search Enterprise 10.1.12 is EXPLOI vulnerable to a buffer overflow via an not T- flexense -- empty POST request to a long URI 2017 yet DB(link vx_search_enterprise beginning with a /../ substring. This allows -10- calcuis remote attackers to execute arbitrary code. 11 lated external) CVE- 2017- 15214 Stored XSS vulnerability in Flyspray 1.0- MISC(li rc4 before 1.0-rc6 allows an authenticated nk is user to inject JavaScript to gain external) administrator privileges and also to execute MISC(li JavaScript against other users (including nk is unauthenticated users), via the name, title, not external) or id parameter to 2017 yet MISC(li flyspray -- flyspray plugins/dokuwiki/lib/plugins/changelinks/sy -10- calcunk is ntax.php. 10 lated external) Stored XSS vulnerability in Flyspray before 2017 CVE- flyspray -- flyspray 1.0-rc6 allows an authenticated user to -10- not 2017- inject JavaScript to gain administrator 10 yet 15213 CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info privileges, via the real_name or calcuMISC(li email_address field to lated nk is themes/CleanFS/templates/common.editallu external) sers.tpl. MISC(li nk is external) MISC(li nk is external) CVE- 2015- 5675 MISC(li nk is external) BUGTR AQ(link is external) BID(link is external) SECTR ACK(lin The sys_amd64 IRET Handler in the kernel not k is in FreeBSD 9.3 and 10.1 allows local users 2017 yet external) freebsd -- sys_amd64 to gain privileges or cause a denial of -10- calcuFREEBS service (kernel panic). 10 lated D Git through 2.14.2 mishandles layers of tree CVE- objects, which allows remote attackers to 2017- cause a denial of service (memory 15298 consumption) via a crafted repository, aka a MISC(li Git bomb. This can also have an impact of nk is disk consumption; however, an affected not external) process typically would not survive its 2017 yet MISC(li git -- git attempt to build the data structure in -10- calcunk is memory before writing to disk. 14 lated external) CVE- _bfd_dwarf2_cleanup_debug_info in not 2017- dwarf2.c in the Binary File Descriptor 2017 yet 15225 gnu -- binutils (BFD) library (aka libbfd), as distributed in -10- calcuCONFIR GNU Binutils 2.29, allows remote attackers 10 lated M CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info to cause a denial of service (memory leak) CONFIR via a crafted ELF file. M CVE- 2017- 15267 MISC MISC(li nk is not external) In GNU Libextractor 1.4, there is a NULL 2017 yet MISC(li gnu -- libextractor Pointer Dereference in flac_metadata in -10- calcunk is flac_extractor.c. 11 lated external) CVE- 2017- 15266 MISC MISC(li nk is In GNU Libextractor 1.4, there is a Divide- not external) By-Zero in 2017 yet MISC(li gnu -- libextractor EXTRACTOR_wav_extract_method in -10- calcunk is wav_extractor.c via a zero sample rate. 11 lated external) CVE- 2014- 9474 FEDOR A FEDOR A CONFIR M MLIST(l ink is external) BID(link is external) Buffer overflow in the mpfr_strtofr function CONFIR in GNU MPFR before 3.1.2-p11 allows not M(link is context-dependent attackers to have 2017 yet external) gnu -- mpfr unspecified impact via vectors related to -10- calcuCONFIR incorrect documentation for mpn_set_str. 09 lated M(link is CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info external) MLIST GENTO O CVE- 2017- 15238 CONFIR M CONFIR ReadOneJNGImage in coders/png.c in not M graphicsmagick -- GraphicsMagick 1.3.26 has a use-after-free 2017 yet CONFIR graphicsmagick issue when the height or width is zero, -10- calcuM(link is related to ReadJNGImage. 10 lated external) CVE- 2015- 7778 JVN(link is external) JVNDB( link is Gurunavi App for iOS before 6.0.0 does not not external) verify SSL certificates which could allow 2017 yet BID(link gurunavi -- app_for_ios remote attackers to perform man-in-the- -10- calcuis middle attacks. 10 lated external) CVE- 2017- Untrusted search path vulnerability in 10863 HIBUN Confidential File Decryption CONFIR program prior to 10.50.0.5 allows an M(link is hitachi -- attacker to gain privileges via a Trojan horse not external) hibun_confidential_file_decryp DLL in an unspecified directory. Note this 2017 yet JVN(link tion is a separate vulnerability from CVE-2017- -10- calcuis 10865. 12 lated external) Untrusted search path vulnerability in CVE- HIBUN Confidential File Decryption 2017- program prior to 10.50.0.5 allows an 10865 hitachi -- attacker to gain privileges via a Trojan horse not CONFIR hibun_confidential_file_decryp DLL in an unspecified directory. Note this 2017 yet M(link is tion is a separate vulnerability from CVE-2017- -10- calcuexternal) 10863. 12 lated JVN(link CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info is external) CVE- 2017- 10864 CONFIR Untrusted search path vulnerability in M(link is Installer of HIBUN Confidential File not external) hitachi -- Viewer prior to 11.20.0001 allows an 2017 yet JVN(link hibun_confidential_file_viewer attacker to gain privileges via a Trojan horse -10- calcuis DLL in an unspecified directory. 12 lated external) CVE- The File Manager (gollem) module 3.0.11 in 2017- Horde Groupware 5.2.21 allows remote not 15235 attackers to bypass Horde authentication for 2017 yet MISC(li horde -- groupware file downloads via a crafted fn parameter -10- calcunk is that corresponds to the exact filename. 10 lated external) CVE- 2017- 5791 BID(link is external) BID(link is external) SECTR ACK(lin k is external) MISC(li nk is external) MISC(li The doFilter method in UrlAccessController nk is in HPE Intelligent Management Center not external) hpe -- (iMC) PLAT 7.2 E0403P06 allows remote 2017 yet CONFIR intelligent_management_center bypass of authentication via unspecified -10- calcuM(link is strings in a URI. 11 lated external) 2017 CVE- hpe -- operations_orchestration A input validation vulnerability in HPE -10- not 2017- Operations Orchestration product all 10 yet 8994 CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info versions prior to 10.80, allows for the calcuBID(link execution of code remotely. lated is external) CONFIR M(link is external) CVE- 2017- 5789 BID(link is external) BID(link is external) SECTR ACK(lin k is external) SECTR ACK(lin k is external) MISC(li nk is external) HPE LoadRunner before 12.53 Patch 4 and MISC(li HPE Performance Center before 12.53 nk is Patch 4 allow remote attackers to execute not external) arbitrary code via unspecified vectors. At 2017 yet CONFIR hpe -- performance_center least in LoadRunner, this is a libxdrutil.dll -10- calcuM(link is mxdr_string heap-based buffer overflow. 11 lated external) Huawei FusionServer rack servers RH2288 V3 with software before CVE- V100R003C00SPC603, RH2288H V3 with 2015- software before V100R003C00SPC503, 7842 XH628 V3 with software before BID(link V100R003C00SPC602, RH1288 V3 with is software before V100R003C00SPC602, not external) RH2288A V2 with software before 2017 yet CONFIR huawei -- fusionserver V100R002C00SPC701, RH1288A V2 with -10- calcuM(link is software before V100R002C00SPC502, 09 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. CVE- 2017- 1538 CONFIR M(link is external) IBM Financial Transaction Manager for BID(link ibm -- ACH Services for Multi-Platform 3.0.2 is financial_transaction_manager could allow an authenticated user to obtain not external) _for_ach_services_for_multi- sensitive information from an 2017 yet MISC(li platform undocumented URL. IBM X-Force ID: -10- calcunk is 130735. 10 lated external) CVE- 2017- 1503 CONFIR M(link is IBM WebSphere Application Server 7.0, external) 8.0, 8.5, and 9.0 is vulnerable to HTTP BID(link response splitting attacks. A remote attacker is could exploit this vulnerability using external) specially-crafted URL to cause the server to SECTR return a split response, once the URL is ACK(lin clicked. This would allow the attacker to k is perform further attacks, such as Web cache not external) ibm -- poisoning, cross-site scripting, and possibly 2017 yet MISC(li websphere_application_server obtain sensitive information. IBM X-Force -10- calcunk is ID: 129578. 10 lated external) identicard -- two- IDenticard Two-Reader Controller not CVE- reader_controller_configuratio Configuration Manager 1.18.8 (396) is 2017 yet 2017- n_manager vulnerable to Stored Cross-Site Scripting -10- calcu14973 (XSS) via the notes field in 09 lated MISC(li CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info /~user_handler?file=logged_in.shtm (aka nk is the edit user page). external) CVE- 2017- 15218 BID(link is not external) 2017 yet CONFIR imagemagick -- imagemagick ImageMagick 7.0.7-2 has a memory leak in -10- calcuM(link is ReadOneJNGImage in coders/png.c. 10 lated external) CVE- 2017- 15217 BID(link is not external) 2017 yet CONFIR imagemagick -- imagemagick ImageMagick 7.0.7-2 has a memory leak in -10- calcuM(link is ReadSGIImage in coders/sgi.c. 10 lated external) ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote CVE- attackers to cause a denial of service 2017- (application crash) or possibly have not 15281 unspecified other impact via a crafted file, 2017 yet CONFIR imagemagick -- imagemagick related to "Conditional jump or move -10- calcuM(link is depends on uninitialised value(s)." 12 lated external) CVE- 2017- 15277 ReadGIFImage in coders/gif.c in MISC(li ImageMagick 7.0.6-1 and GraphicsMagick nk is 1.3.26 leaves the palette uninitialized when external) processing a GIF file that has neither a MISC(li imagemagick_and_graphicsma global nor local palette. If the affected nk is gick -- product is used as a library loaded into a not external) imagemagick_and_graphicsma process that operates on interesting data, 2017 yet MISC(li gick this data sometimes can be leaked via the -10- calcunk is uninitialized palette. 12 lated external) Infocus Mondopad 2.2.08 is vulnerable to a 2017 CVE- infocus -- mondopad Hashed Credential Disclosure vulnerability. -10- not 2017- The attacker provides a crafted Microsoft 09 yet 14971 CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info Office document containing a link that has a calcuMISC(li UNC pathname associated with an attacker- lated nk is controller server. In one specific scenario, external) the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim's NetNTLMv2 hash. CVE- InFocus Mondopad 2.2.08 is vulnerable to 2017- authentication bypass when accessing not 14972 uploaded files by entering Control-Alt- 2017 yet MISC(li infocus -- mondopad Delete, and then using Task Manager to -10- calcunk is reach a file. 09 lated external) CVE- Insecure platform configuration in system 2017- firmware for Intel NUC7i3BNK, 5701 NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, BID(link NUC7i7BNH versions BN0049 and below is allows an attacker with physical presence to not external) run arbitrary code via unauthorized 2017 yet CONFIR intel -- nuc_firmware firmware modification during BIOS -10- calcuM(link is Recovery. 10 lated external) CVE- Incorrect policy enforcement in system 2017- firmware for Intel NUC7i3BNK, 5722 NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, BID(link NUC7i7BNH versions BN0049 and below is allows attackers with local or physical not external) intel -- nuc_firmware access to bypass enforcement of integrity 2017 yet CONFIR protections via manipulation of firmware -10- calcuM(link is storage. 10 lated external) Insufficient input validation in system CVE- firmware for Intel NUC7i3BNK, 2017- NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, not 5721 NUC7i7BNH versions BN0049 and below 2017 yet CONFIR intel -- nuc_firmware allows local attackers to execute arbitrary -10- calcuM(link is code via manipulation of memory. 10 lated external) CVE- Insufficient protection of password storage 2017- in system firmware for Intel NUC7i3BNK, not 5700 intel -- nuc_firmware NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, 2017 yet BID(link NUC7i7BNH versions BN0049 and below -10- calcuis allows local attackers to bypass 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info Administrator and User passwords via CONFIR access to password storage. M(link is external) Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without CVE- user interaction. However, additional 2016- specifically malformed packets may cause 4925 follow-on line card resets and lead to an BID(link extended service outage. This issue only is affects E Series routers with IPv6 licensed external) and enabled. Routers not configured to SECTR process IPv6 traffic are unaffected by this ACK(lin vulnerability. Juniper SIRT is not aware of k is any malicious exploitation of this not external) vulnerability. No other Juniper Networks 2017 yet CONFIR ipv6 -- ipv6 products or platforms are affected by this -10- calcuM(link is issue. 13 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to a "Possible Stack Corruption not 15243 starting at 2017 yet MISC(li PDF!xmlGetGlobalState+0x000000000005 -10- calcunk is irfanview -- irfanview 68a4." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to a "Possible Stack Corruption not 15261 starting at 2017 yet MISC(li PDF!xmlGetGlobalState+0x000000000005 -10- calcunk is irfanview -- irfanview 7b35." 11 lated external) IrfanView version 4.44 (32bit) with PDF CVE- plugin version 4.43 allows attackers to 2017- execute arbitrary code or cause a denial of not 15257 service via a crafted .pdf file, related to 2017 yet MISC(li "Data from Faulting Address controls Code -10- calcunk is irfanview -- irfanview Flow starting at 11 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info PDF!xmlParserInputRead+0x00000000000 9174a." IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to CVE- execute arbitrary code or cause a denial of 2017- service via a crafted .pdf file, related to a not 15252 "Read Access Violation on Block Data 2017 yet MISC(li irfanview -- irfanview Move starting at -10- calcunk is PDF!xmlListWalk+0x00000000000158cb." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to CVE- execute arbitrary code or cause a denial of 2017- service via a crafted .pdf file, related to a not 15253 "User Mode Write AV starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlGetGlobalState+0x000000000007 -10- calcunk is dff2." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to a "Read Access Violation not 15254 starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlGetGlobalState+0x000000000007 -10- calcunk is dfa5." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to "Data from Faulting Address not 15241 controls Branch Selection starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlParserInputRead+0x00000000000 -10- calcunk is 929f5." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to a "Read Access Violation not 15258 starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlParserInputRead+0x00000000001 -10- calcunk is 61a9c." 11 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to "Data from Faulting Address not 15260 may be used as a return value starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlParserInputRead+0x00000000001 -10- calcunk is 29a59." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to CVE- cause a denial of service or possibly have 2017- unspecified other impact via a crafted .pdf not 15263 file, related to "Data from Faulting Address 2017 yet MISC(li irfanview -- irfanview controls Branch Selection starting at -10- calcunk is PDF!xmlListWalk+0x00000000000166c4." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of CVE- service via a crafted .pdf file, related to 2017- "Data from Faulting Address controls Code not 15262 Flow starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlParserInputRead+0x00000000000 -10- calcunk is 48d0c." 11 lated external) IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from CVE- Faulting Address is used as one or more 2017- arguments in a subsequent Function Call not 15264 starting at 2017 yet MISC(li irfanview -- irfanview image00000000_00400000+0x0000000000 -10- calcunk is 0236e4." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to "Data from Faulting Address not 15259 controls Branch Selection starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlParserInputRead+0x00000000001 -10- calcunk is 1624a." 11 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to "Data from Faulting Address not 15239 may be used as a return value starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlParserInputRead+0x00000000000 -10- calcunk is 40db4." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to "Data from Faulting Address not 15245 controls Branch Selection starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlGetGlobalState+0x000000000005 -10- calcunk is 7b76." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to CVE- execute arbitrary code or cause a denial of 2017- service via a crafted .pdf file, related to a not 15242 "User Mode Write AV starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlGetGlobalState+0x000000000003 -10- calcunk is 1abe." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to CVE- cause a denial of service or possibly have 2017- unspecified other impact via a crafted .pdf not 15256 file, related to "Data from Faulting Address 2017 yet MISC(li irfanview -- irfanview controls Branch Selection starting at -10- calcunk is PDF!xmlListWalk+0x0000000000019fc8." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to an "Error Code (0xe06d7363) not 15244 starting at 2017 yet MISC(li irfanview -- irfanview wow64!Wow64NotifyDebugger+0x000000 -10- calcunk is 000000001d." 11 lated external) IrfanView version 4.44 (32bit) with PDF not CVE- plugin version 4.43 allows attackers to 2017 yet 2017- irfanview -- irfanview cause a denial of service or possibly have -10- calcu15250 unspecified other impact via a crafted .pdf 11 lated MISC(li CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info file, related to a "Read Access Violation nk is starting at external) PDF!xmlParserInputRead+0x00000000001 32e19." IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to a "Read Access Violation not 15240 starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlParserInputRead+0x00000000001 -10- calcunk is 32cef." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of CVE- service via a crafted .pdf file, related to 2017- "Data from Faulting Address controls Code not 15248 Flow starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlGetGlobalState+0x000000000006 -10- calcunk is 3ca6." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to CVE- execute arbitrary code or cause a denial of 2017- service via a crafted .pdf file, related to a not 15246 "Read Access Violation on Block Data 2017 yet MISC(li irfanview -- irfanview Move starting at -10- calcunk is PDF!xmlListWalk+0x000000000001515b." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have CVE- unspecified other impact via a crafted .pdf 2017- file, related to "Data from Faulting Address not 15247 controls Branch Selection starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlParserInputRead+0x00000000001 -10- calcunk is 168a1." 11 lated external) IrfanView version 4.44 (32bit) with PDF CVE- plugin version 4.43 allows attackers to 2017- cause a denial of service or possibly have not 15255 unspecified other impact via a crafted .pdf 2017 yet MISC(li irfanview -- irfanview file, related to a "Read Access Violation -10- calcunk is starting at 11 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info PDF!xmlParserInputRead+0x00000000001 601b0." IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of CVE- service via a crafted .pdf file, related to 2017- "Data from Faulting Address controls Code not 15249 Flow starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlGetGlobalState+0x000000000006 -10- calcunk is 68d6." 11 lated external) IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of CVE- service via a crafted .pdf file, related to 2017- "Data from Faulting Address controls Code not 15251 Flow starting at 2017 yet MISC(li irfanview -- irfanview PDF!xmlParserInputRead+0x00000000000 -10- calcunk is e7326." 11 lated external) An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide not CVE- an undocumented BusyBox Linux shell 2017 yet 2016- jantek -- jtc-200 accessible over the TELNET service -10- calcu5791 without any authentication. 12 lated MISC A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the not CVE- same permissions as a victim user, provided 2017 yet 2016- jantek -- jtc-200 the victim has an active session and is -10- calcu5789 induced to trigger the malicious request. 12 lated MISC CVE- 2015- 7384 BID(link is external) CONFIR M(link is not external) 2017 yet CONFIR javascript -- node Node.js 4.0.0, 4.1.0, and 4.1.1 allows -10- calcuM(link is remote attackers to cause a denial of service. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 CVE- prior to 3.2.5.0. CVE-2017-10616 and 2017- CVE-2017-10617 can be chained together not 10616 and have a combined CVSSv3 score of 5.8 2017 yet CONFIR juniper -- contrail (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C: -10- calcuM(link is L/I:N/A:N). 13 lated external) The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017- CVE- 10616 and CVE-2017-10617 can be chained 2017- together and have a combined CVSSv3 not 10617 score of 5.8 2017 yet CONFIR juniper -- contrail (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N) -10- calcuM(link is . 13 lated external) Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this issue can only be triggered by a packet sent directly to the IP address of the router. Repeated crashes of the rpd daemon can result in an extended denial of service condition. This issue only affects devices running Junos OS 16.1R1 and services releases based off of 16.1R1 (e.g. 16.1R1- CVE- S1, 16.1R1-S2, 16.1R1-S3). No prior 2017- versions of Junos OS are affected by this not 10607 vulnerability, and this issue was resolved in 2017 yet CONFIR juniper -- junos_os Junos OS 16.2 prior to 16.2R1. No other -10- calcuM(link is Juniper Networks products or platforms are 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info affected by this issue. This issue was found during internal product security testing. Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type CVE- of attacker to intercept, inject or disrupt 2017- Junos Space cluster operations between two not 10623 nodes. Affected releases are Juniper 2017 yet CONFIR juniper -- junos_os Networks Junos Space all versions prior to -10- calcuM(link is 17.1R1. 13 lated external) A persistent site scripting vulnerability in CVE- Juniper Networks Junos Space allows users 2017- who can change certain configuration to 10612 implant malicious Javascript or HTML BID(link which may be used to steal information or is perform actions as other Junos Space users not external) or administrators. Affected releases are 2017 yet CONFIR juniper -- junos_space Juniper Networks Junos Space all versions -10- calcuM(link is prior to 17.1R1. 13 lated external) An authentication bypass vulnerability in CVE- Juniper Networks Junos Space Network 2017- Management Platform may allow a remote 10622 unauthenticated network based attacker to BID(link login as any privileged user. This issue only is affects Junos Space Network Management not external) Platform 17.1R1 without Patch v1 and 16.1 2017 yet CONFIR juniper -- junos_space releases prior to 16.1R3. This issue was -10- calcuM(link is found by an external security researcher. 13 lated external) CVE- 2017- Insufficient verification of node certificates 10624 in Juniper Networks Junos Space may allow BID(link a man-in-the-middle type of attacker to is make unauthorized modifications to Space not external) database or add nodes. Affected releases are 2017 yet CONFIR juniper -- junos_space Juniper Networks Junos Space all versions -10- calcuM(link is prior to 17.1R1. 13 lated external) A vulnerability in the pluggable authentication module (PAM) of Juniper not CVE- Networks Junos OS may allow an 2017 yet 2017- juniper -- srx_series_devices unauthenticated network based attacker to -10- calcu10615 potentially execute arbitrary code or crash 13 lated CONFIR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info daemons such as telnetd or sshd that make M(link is use of PAM. Affected Juniper Networks external) Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue. A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55; 12.3X48 prior to 12.3X48- D35; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1 CVE- prior to 15.1F5-S3, 15.1F6, 15.1R4; 2017- 15.1X49 prior to 15.1X49-D60; 15.1X53 not 10613 prior to 15.1X53-D47; 16.1 prior to 16.1R2. 2017 yet CONFIR juniper -- srx_series_devices No other Juniper Networks products or -10- calcuM(link is platforms are affected by this issue. 13 lated external) A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to 12.1X46- D71; 12.3X48 prior to 12.3X48-D50; 14.1 prior to 14.1R8-S5, 14.1R9; 14.1X53 prior to 14.1X53-D50; 14.2 prior to 14.2R7-S9, 14.2R8; 15.1 prior to 15.1F2-S16, 15.1F5- CVE- S7, 15.1F6-S6, 15.1R5-S2, 15.1R6; 2017- 15.1X49 prior to 15.1X49-D90; 15.1X53 not 10621 prior to 15.1X53-D47; 16.1 prior to 16.1R4- 2017 yet CONFIR juniper -- srx_series_devices S1, 16.1R5; 16.2 prior to 16.2R1-S3, -10- calcuM(link is 16.2R2; 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48- CVE- D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 2017- prior to 14.2R6; 15.1 prior to 15.1F5, not 10614 15.1R3; 15.1X49 prior to 15.1X49-D40; 2017 yet CONFIR juniper -- srx_series_devices 15.1X53 prior to 15.1X53-D232, 15.1X53- -10- calcuM(link is D47. 13 lated external) Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show CVE- security tpm status' command. This issue 2017- was discovered by an external security not 10606 researcher. No other Juniper Networks 2017 yet CONFIR juniper -- srx_series_devices products or platforms are affected by this -10- calcuM(link is issue. 13 lated external) On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd CVE- process constitutes an extended denial of 2017- service condition for the SRX Series device. 10610 This issue only occurs if NAT64 is CONFIR configured. Affected releases are Juniper M(link is Networks Junos OS 12.1X46 prior to not external) 12.1X46-D71, 12.3X48 prior to 12.3X48- 2017 yet MISC(li juniper -- srx_series_devices D55, 15.1X49 prior to 15.1X49-D100 on -10- calcunk is SRX Series. No other Juniper Networks 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info products or platforms are affected by this issue. If extended statistics are enabled via 'set chassis extended-statistics', when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart. Repeated crashes of PFE processing can result in an extended denial of service condition. This issue only affects the following platforms: (1) EX2200, EX3300, XRE200 (2) MX Series routers with MPC7E/8E/9E PFEs installed, and only if 'extended-statistics' are enabled under the [edit chassis] configuration. Affected releases are Juniper Networks Junos OS 14.1 prior to 14.1R8-S5, 14.1R9 on MX Series; 14.1X53 prior to 14.1X53- D46, 14.1X53-D50 on EX2200, EX3300, XRE200; 14.2 prior to 14.2R7-S9, 14.2R8 on MX Series; 15.1 prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S3, 15.1R6 on MX Series; 16.1 prior to 16.1R4-S5, 16.1R5, 16.1R6 on MX Series; 16.1X65 prior to 16.1X65-D45 on EX2200, EX3300, XRE200; 16.2 prior to 16.2R2-S1, 16.2R3 on MX Series; 17.1 prior to 17.1R2-S2, 17.1R3 on MX Series; 17.2 prior to 17.2R1- CVE- S3, 17.2R2 on MX Series; 17.2X75 prior to 2017- 17.2X75-D50 on MX Series; 17.3 prior to not 10611 17.3R1-S1, 17.3R2 on MX Series. No other 2017 yet CONFIR juniper -- srx_series_devices Juniper Networks products or platforms are -10- calcuM(link is affected by this issue. 13 lated external) When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high CVE- availability cluster configuration mode, 2017- certain multicast packets might cause the not 10619 flowd process to crash, halting or 2017 yet CONFIR juniper -- srx_series_devices interrupting traffic from flowing through the -10- calcuM(link is device and triggering RG1+ (data-plane) 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info fail-over to the secondary node. Repeated crashes of the flowd process may constitute an extended denial of service condition. This service is not enabled by default and is only supported in high-end SRX platforms. Affected releases are Juniper Networks Junos OS 12.3X48 prior to 12.3X48-D45, 15.1X49 prior to 15.1X49-D80 on SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800. When the 'bgp-error-tolerance' feature â€" designed to help mitigate remote session resets from malformed path attributes â€" is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have 'bgp-error-tolerance' configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D45, 14.1X53- CVE- D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1 2017- prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6, 10618 15.1R6-S2, 15.1R7; 15.1X49 prior to CONFIR 15.1X49-D100; 15.1X53 prior to 15.1X53- M(link is D64, 15.1X53-D70; 16.1 prior to 16.1R3- external) S4, 16.1R4-S3, 16.1R5; 16.2 prior to MISC(li 16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1- nk is S3, 17.1R2; 17.2 prior to 17.2R1-S2, not external) 17.2R2; 17.2X75 prior to 17.2X75-D50. No 2017 yet MISC(li juniper -- srx_series_devices other Juniper Networks products or -10- calcunk is platforms are affected by this issue. 13 lated external) Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server CVE- certificate before downloading anti-virus 2017- updates. This may allow a man-in-the- not 10620 middle attacker to inject bogus signatures to 2017 yet CONFIR juniper -- srx_series_devices cause service disruptions or make the device -10- calcuM(link is not detect certain types of attacks. Affected 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48- D55; 15.1X49 prior to 15.1X49-D110; Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target. Repeated traffic in a cluster may cause repeated flip-flop failure operations or full failure to the flowd daemon halting traffic on all nodes. Only IPv6 traffic is affected by this issue. IPv4 traffic is unaffected. This issues is not seen with to-host traffic. This issue has no relation with HA services themselves, only the ALG service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper CVE- Networks Junos OS 12.1X46 prior to 2017- 12.1X46-D55 on SRX; 12.1X47 prior to not 10608 12.1X47-D45 on SRX; 12.3X48 prior to 2017 yet CONFIR juniper -- srx_series_devices 12.3X48-D32, 12.3X48-D35 on SRX; -10- calcuM(link is 15.1X49 prior to 15.1X49-D60 on SRX. 13 lated external) CVE- 2016- J-Web does not validate certain input that not 1261 may lead to cross-site request forgery 2017 yet CONFIR juniper -- j-web (CSRF) issues or cause a denial of J-Web -10- calcuM(link is service (DoS). 13 lated external) Insufficient cross site scripting protection in J-Web component in Juniper Networks CVE- Junos OS may potentially allow a remote 2016- unauthenticated user to inject web script or 4923 HTML and steal sensitive data and BID(link credentials from a J-Web session and to is perform administrative actions on the Junos not external) device. Juniper SIRT is not aware of any 2017 yet CONFIR juniper -- j-web malicious exploitation of this vulnerability. -10- calcuM(link is Affected releases are Juniper Networks 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D40; 12.1X47 prior to 12.1X47-D30; 12.3 prior to 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2X51 prior to 13.2X51-D39, 13.2X51-D40; 13.3 prior to 13.3R9; 14.1 prior to 14.1R6; 14.2 prior to 14.2R6; 15.1 prior to 15.1R3; 15.1X49 prior to 15.1X49-D20; 15.1X53 prior to 15.1X53-D57. An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. CVE- This issue was found during internal product 2016- security testing. Juniper SIRT is not aware 4924 of any malicious exploitation of this BID(link vulnerability. No other Juniper Networks is products or platforms are affected by this not external) issue. Affected releases are Juniper 2017 yet CONFIR juniper -- junos_os Networks Junos OS 15.1 prior to 15.1F5; -10- calcuM(link is 14.1 prior to 14.1R8 13 lated external) Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to CVE- achieve elevated privileges and gain 2016- complete control of the device. Affected 4922 releases are Juniper Networks Junos OS BID(link 11.4 prior to 11.4R13-S3; 12.1X46 prior to is 12.1X46-D60; 12.1X47 prior to 12.1X47- external) D45; 12.3 prior to 12.3R12; 12.3X48 prior SECTR to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 ACK(lin prior to 13.3R4-S11, 13.3R9; 14.1 prior to k is 14.1R4-S12, 14.1R7; 14.1X53 prior to not external) 14.1X53-D28, 14.1X53-D40; 14.1X55 prior 2017 yet CONFIR juniper -- junos_os to 14.1X55-D35; 14.2 prior to 14.2R3-S10, -10- calcuM(link is 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53- D70. By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router. Transit traffic does not trigger the vulnerability. This issue only affects devices with IPv6 enabled and configured. Devices not configured to process IPv6 traffic are unaffected by this vulnerability. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected CVE- releases are Juniper Networks Junos OS 2016- 11.4 prior to 11.4R13-S3; 12.3 prior to 4921 12.3R3-S4; 12.3X48 prior to 12.3X48-D30; BID(link 13.3 prior to 13.3R10, 13.3R4-S11; 14.1 is prior to 14.1R2-S8, 14.1R4-S12, 14.1R8; external) 14.1X53 prior to 14.1X53-D28, 14.1X53- SECTR D40; 14.1X55 prior to 14.1X55-D35; 14.2 ACK(lin prior to 14.2R3-S10, 14.2R4-S7, 14.2R6; k is 15.1 prior to 15.1F2-S5, 15.1F5-S2, 15.1F6, not external) 15.1R3; 15.1X49 prior to 15.1X49-D40; 2017 yet CONFIR juniper -- junos_os 15.1X53 prior to 15.1X53-D57, 15.1X53- -10- calcuM(link is D70. 13 lated external) A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery CVE- (CSRF), default authentication credentials, 2016- information leak and command injection not 1265 attack vectors. All versions of Juniper 2017 yet CONFIR juniper -- junos_space Networks Junos Space prior to 15.1R3 are -10- calcuM(link is affected. 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CVE- 2017- 10862 MISC(li jwt-scala 1.2.2 and earlier fails to verify nk is token signatures correctly which may lead not external) to an attacker being able to pass specially 2017 yet MISC(li jwt-scala -- jwt-scala crafted JWT data as a correctly signed -10- calcunk is token. 12 lated external) CVE- 2017- 15210 MISC(li nk is external) MISC(li nk is In Kanboard before 1.0.47, by altering form not external) data, an authenticated user can see 2017 yet MISC(li kanboard -- kanboard thumbnails of pictures from a private project -10- calcunk is of another user. 10 lated external) CVE- 2017- 15211 MISC(li nk is external) MISC(li nk is external) MISC(li nk is In Kanboard before 1.0.47, by altering form not external) data, an authenticated user can add an 2017 yet MISC(li kanboard -- kanboard external link to a private project of another -10- calcunk is user. 10 lated external) CVE- 2017- In Kanboard before 1.0.47, by altering form not 15206 data, an authenticated user can add an 2017 yet MISC(li kanboard -- kanboard internal link to a private project of another -10- calcunk is user. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info MISC(li nk is external) MISC(li nk is external) MISC(li nk is external) CVE- 2017- 15209 MISC(li nk is external) MISC(li nk is In Kanboard before 1.0.47, by altering form not external) data, an authenticated user can remove 2017 yet MISC(li kanboard -- kanboard attachments from a private project of -10- calcunk is another user. 10 lated external) CVE- 2017- 15212 MISC(li nk is external) MISC(li nk is external) MISC(li nk is In Kanboard before 1.0.47, by altering form not external) data, an authenticated user can at least see 2017 yet MISC(li kanboard -- kanboard the names of tags of a private project of -10- calcunk is another user. 10 lated external) CVE- 2017- not 15207 In Kanboard before 1.0.47, by altering form 2017 yet MISC(li kanboard -- kanboard data, an authenticated user can edit tasks of -10- calcunk is a private project of another user. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info MISC(li nk is external) MISC(li nk is external) MISC(li nk is external) CVE- 2017- 15204 MISC(li nk is external) MISC(li nk is external) MISC(li nk is In Kanboard before 1.0.47, by altering form not external) data, an authenticated user can add 2017 yet MISC(li kanboard -- kanboard automatic actions to a private project of -10- calcunk is another user. 10 lated external) CVE- 2017- 15205 MISC(li nk is external) MISC(li nk is In Kanboard before 1.0.47, by altering form not external) data, an authenticated user can download 2017 yet MISC(li kanboard -- kanboard attachments from a private project of -10- calcunk is another user. 10 lated external) CVE- 2017- In Kanboard before 1.0.47, by altering form not 15203 data, an authenticated user can remove 2017 yet MISC(li kanboard -- kanboard categories from a private project of another -10- calcunk is user. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info MISC(li nk is external) MISC(li nk is external) MISC(li nk is external) CVE- 2017- 15196 MISC(li nk is external) MISC(li nk is external) MISC(li nk is In Kanboard before 1.0.47, by altering form not external) data, an authenticated user can remove 2017 yet MISC(li kanboard -- kanboard columns from a private project of another -10- calcunk is user. 10 lated external) CVE- 2017- 15195 MISC(li nk is external) MISC(li nk is external) MISC(li nk is In Kanboard before 1.0.47, by altering form not external) data, an authenticated user can edit 2017 yet MISC(li kanboard -- kanboard swimlanes of a private project of another -10- calcunk is user. 10 lated external) In Kanboard before 1.0.47, by altering form 2017 CVE- kanboard -- kanboard data, an authenticated user can add a new -10- not 2017- task to a private project of another user. 10 yet 15200 CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info calcuMISC(li lated nk is external) MISC(li nk is external) MISC(li nk is external) MISC(li nk is external) CVE- 2017- 15208 MISC(li nk is external) MISC(li nk is external) MISC(li nk is In Kanboard before 1.0.47, by altering form not external) data, an authenticated user can remove 2017 yet MISC(li kanboard -- kanboard automatic actions from a private project of -10- calcunk is another user. 10 lated external) CVE- 2017- 15201 MISC(li nk is external) MISC(li nk is external) MISC(li nk is not external) In Kanboard before 1.0.47, by altering form 2017 yet MISC(li kanboard -- kanboard data, an authenticated user can edit tags of a -10- calcunk is private project of another user. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CVE- 2017- 15202 MISC(li nk is external) MISC(li nk is external) MISC(li nk is not external) In Kanboard before 1.0.47, by altering form 2017 yet MISC(li kanboard -- kanboard data, an authenticated user can edit columns -10- calcunk is of a private project of another user. 10 lated external) CVE- 2017- 15197 MISC(li nk is external) MISC(li nk is external) MISC(li nk is not external) In Kanboard before 1.0.47, by altering form 2017 yet MISC(li kanboard -- kanboard data, an authenticated user can add a new -10- calcunk is category to a private project of another user. 10 lated external) CVE- 2017- 15198 MISC(li nk is external) MISC(li nk is not external) In Kanboard before 1.0.47, by altering form 2017 yet MISC(li kanboard -- kanboard data, an authenticated user can edit a -10- calcunk is category of a private project of another user. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info MISC(li nk is external) CVE- 2017- 15199 MISC(li nk is external) MISC(li nk is external) MISC(li In Kanboard before 1.0.47, by altering form nk is data, an authenticated user can edit metadata not external) of a private project of another user, as 2017 yet MISC(li kanboard -- kanboard demonstrated by Name, Email, Identifier, -10- calcunk is and Description. 10 lated external) CVE- XML external entity (XXE) vulnerability in 2017- the import package functionality of the 13706 deployment module in Lansweeper before MISC(li 6.0.100.67 allows remote authenticated nk is users to obtain sensitive information, cause external) a denial of service, conduct server-side FULLDI request forgery (SSRF) attacks, conduct not SC internal port scans, or have unspecified 2017 yet CONFIR lansweeper -- lansweeper other impact via an XML request, aka bug -10- calcuM(link is #572705. 10 lated external) An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions CVE- 6.01.00/29.03.2007 and prior versions. An 2017- improper authentication vulnerability has 14003 been identified, which, if exploited, would not BID(link allow an attacker with the same IP address 2017 yet is lava -- ether-serial_link to bypass authentication by accessing a -10- calcuexternal) specific uniform resource locator. 11 lated MISC libcurl may read outside of a heap allocated not CVE- buffer when doing FTP. When libcurl 2017 yet 2017- libcurl -- libcurl connects to an FTP server and successfully -10- calcu1000254 logs in (anonymous or not), it asks the 06 lated BID(link CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info server for the current directory with the is `PWD` command. The server then responds external) with a 257 response containing the path, SECTR inside double quotes. The returned path ACK(lin name is then kept by libcurl for subsequent k is uses. Due to a flaw in the string parser for external) this directory name, a directory name passed CONFIR like this but without a closing double quote M(link is would lead to libcurl not adding a trailing external) NUL byte to the buffer holding the name. CONFIR When libcurl would then later access the M(link is string, it could read beyond the allocated external) heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl- based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/c ommit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. CVE- 2017- 15232 MISC(li nk is not external) libjpeg-turbo 1.5.2 has a NULL Pointer 2017 yet MISC(li libjpeg-turbo -- libjpeg-turbo Dereference in jdpostct.c and jquant1.c via a -10- calcunk is crafted JPEG file. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CVE- 2014- 9092 FEDOR A FEDOR A FEDOR A FEDOR A MISC MLIST(l ink is external) BID(link is external) CONFIR M(link is libjpeg-turbo before 1.3.1 allows remote not external) attackers to cause a denial of service (crash) 2017 yet MISC(li libjpeg-turbo -- libjpeg-turbo via a crafted JPEG file, related to the Exif -10- calcunk is marker. 10 lated external) CVE- 2017- 15185 MISC MISC plugins/ogg.c in Libmp3splt 0.9.2 calls the MISC libvorbis vorbis_block_clear function with EXPLOI uninitialized data upon detection of invalid not T- input, which allows remote attackers to 2017 yet DB(link libmp3splt -- libmp3splt cause a denial of service (application crash) -10- calcuis via a crafted file. 09 lated external) In the pcfGetProperties function in CVE- bitmap/pcfread.c in libXfont through 1.5.2 2017- and 2.x before 2.0.2, a missing boundary 13722 check (for PCF files) could be used by local not CONFIR attackers authenticated to an Xserver for a 2017 yet M(link is libxfont -- libxfont buffer over-read, for information disclosure -10- calcuexternal) or a crash of the X server. 11 lated CONFIR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info M(link is external) CONFIR M CONFIR M CVE- 2017- 13720 CONFIR In the PatternMatch function in M(link is fontfile/fontdir.c in libXfont through 1.5.2 external) and 2.x before 2.0.2, an attacker with access CONFIR to an X connection can cause a buffer over- M(link is read during pattern matching of fonts, external) leading to information disclosure or a crash not CONFIR (denial of service). This occurs because '\0' 2017 yet M libxfont -- libxfont characters are incorrectly skipped in -10- calcuCONFIR situations involving ? characters. 11 lated M In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EX TSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EX CVE- TSCAN_PNO_SET_LIST cfg80211 vendor 2017- commands in 11060 __wlan_hdd_cfg80211_set_passpoint_list BID(link and is hdd_extscan_passpoint_fill_network_list not external) function respectively. Android ID: A- 2017 yet CONFIR linux -- 36817548. References: QC-CR#2058447, -10- calcuM(link is code_aurora_forum_android QC-CR#2054770. 10 lated external) In Android for MSM, Firefox OS for MSM, CVE- QRD Android, with all Android releases 2017- from CAF using the Linux kernel, the 11067 Athdiag procfs entry does not have a proper not BID(link address sanity check which may potentially 2017 yet is linux -- lead to the use of an out-of-range pointer -10- calcuexternal) code_aurora_forum_android offset. 10 lated CONFIR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info M(link is external) In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EX TSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EX TSCAN_PNO_SET_LIST cfg80211 vendor CVE- commands in 2017- __wlan_hdd_cfg80211_set_passpoint_list 11064 and BID(link hdd_extscan_passpoint_fill_network_list is function respectively. Android ID: A- not external) 36815952. References: QC-CR#2054770, 2017 yet CONFIR linux -- QC-CR#2058447, QC-CR#2066628, QC- -10- calcuM(link is code_aurora_forum_android CR#2087785 10 lated external) CVE- 2017- In Android for MSM, Firefox OS for MSM, 11057 QRD Android, with all Android releases BID(link from CAF using the Linux kernel, in is compatibility mode, flash_data from 64-bit not external) userspace may cause disclosure of kernel 2017 yet CONFIR linux -- memory or a fault due to using a userspace- -10- calcuM(link is code_aurora_forum_android provided address. 10 lated external) CVE- 2017- 11059 In Android for MSM, Firefox OS for MSM, BID(link QRD Android, with all Android releases is from CAF using the Linux kernel, setting not external) the HMAC key by different threads during 2017 yet CONFIR linux -- SHA operations may potentially lead to a -10- calcuM(link is code_aurora_forum_android buffer overflow. 10 lated external) In Android for MSM, Firefox OS for MSM, CVE- QRD Android, with all Android releases not 2017- from CAF using the Linux kernel, while 2017 yet 11052 linux -- processing a specially crafted -10- calcuBID(link code_aurora_forum_android QCA_NL80211_VENDOR_SUBCMD_ND 10 lated is CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info P cfg80211 vendor command a buffer over- external) read can occur. CONFIR M(link is external) CVE- 2017- 9706 BID(link In Android for MSM, Firefox OS for MSM, is QRD Android, with all Android releases not external) from CAF using the Linux kernel, an array 2017 yet CONFIR linux -- out-of-bounds access can potentially occur -10- calcuM(link is code_aurora_forum_android in a display driver. 10 lated external) In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two CVE- concurrent threads/processes can write the 2017- value of "0" to the debugfs file that controls 9687 ipa ipc log which will lead to the double- BID(link free in ipc_log_context_destroy(). Another is issue is the Use-After-Free which can not external) linux -- happen due to the race condition when the 2017 yet CONFIR code_aurora_forum_android ipc log is deallocated via the debugfs call -10- calcuM(link is during a log print. 10 lated external) CVE- 2017- 11054 In Android for MSM, Firefox OS for MSM, BID(link QRD Android, with all Android releases is from CAF using the Linux kernel, while not external) linux -- processing a specially crafted cfg80211 2017 yet CONFIR code_aurora_forum_android vendor command, a buffer over-read can -10- calcuM(link is occur. 10 lated external) CVE- 2017- 11062 In Android for MSM, Firefox OS for MSM, BID(link QRD Android, with all Android releases is from CAF using the Linux kernel, currently not external) linux -- attributes are not validated in 2017 yet CONFIR code_aurora_forum_android __wlan_hdd_cfg80211_do_acs which can -10- calcuM(link is potentially lead to a buffer overread. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CVE- 2017- In Android for MSM, Firefox OS for MSM, 11050 QRD Android, with all Android releases BID(link from CAF using the Linux kernel, when the is pktlogconf tool gives a pktlog buffer of size not external) linux -- less than the minimal possible source data 2017 yet CONFIR code_aurora_forum_android size in the host driver, a buffer overflow can -10- calcuM(link is potentially occur. 10 lated external) CVE- 2017- In Android for MSM, Firefox OS for MSM, 11051 QRD Android, with all Android releases BID(link from CAF using the Linux kernel, is information disclosure is possible in not external) linux -- function __wlan_hdd_cfg80211_testmode 2017 yet CONFIR code_aurora_forum_android since buffer hb_params is not initialized to -10- calcuM(link is zero. 10 lated external) CVE- 2017- In Android for MSM, Firefox OS for MSM, 11063 QRD Android, with all Android releases BID(link from CAF using the Linux kernel, as a is result of a race condition between two not external) linux -- userspace processes that interact with the 2017 yet CONFIR code_aurora_forum_android driver concurrently, a null pointer -10- calcuM(link is dereference can potentially occur. 10 lated external) CVE- 2017- 9686 BID(link In Android for MSM, Firefox OS for MSM, is QRD Android, with all Android releases not external) linux -- from CAF using the Linux kernel, there is a 2017 yet CONFIR code_aurora_forum_android possible double free/use after free in the -10- calcuM(link is SPS driver when debugfs logging is used. 10 lated external) In Android for MSM, Firefox OS for MSM, CVE- QRD Android, with all Android releases 2017- from CAF using the Linux kernel, while not 9683 linux -- flashing a meta image, an integer overflow 2017 yet BID(link code_aurora_forum_android can occur, if user-defined image offset and -10- calcuis size values are too large. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CONFIR M(link is external) CVE- 2017- 9715 BID(link In Android for MSM, Firefox OS for MSM, is QRD Android, with all Android releases not external) linux -- from CAF using the Linux kernel, while 2017 yet CONFIR code_aurora_forum_android processing a vendor command, a buffer -10- calcuM(link is over-read can occur. 10 lated external) CVE- In Android for MSM, Firefox OS for MSM, 2017- QRD Android, with all Android releases 11055 from CAF using the Linux kernel, while BID(link processing a specially crafted is QCA_NL80211_VENDOR_SUBCMD_SE not external) linux -- T_WIFI_CONFIGURATION cfg80211 2017 yet CONFIR code_aurora_forum_android vendor command, a buffer over-read can -10- calcuM(link is occur. 10 lated external) CVE- In Android for MSM, Firefox OS for MSM, 2017- QRD Android, with all Android releases 11053 from CAF using the Linux kernel, when qos BID(link map set IE of length less than 16 is received is in association response or in qos map not external) linux -- configure action frame, a buffer overflow 2017 yet CONFIR code_aurora_forum_android can potentially occur in -10- calcuM(link is ConvertQosMapsetFrame(). 10 lated external) CVE- 2017- 11056 In Android for MSM, Firefox OS for MSM, BID(link QRD Android, with all Android releases is from CAF using the Linux kernel, while not external) linux -- doing sha and cipher operations, a userspace 2017 yet CONFIR code_aurora_forum_android buffer is directly accessed in kernel space -10- calcuM(link is potentially leading to a page fault. 10 lated external) linux -- In Android for MSM, Firefox OS for MSM, 2017 CVE- code_aurora_forum_android QRD Android, with all Android releases -10- not 2017- from CAF using the Linux kernel, an out of 10 yet 9714 CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info bound memory access may happen in calcuBID(link limCheckRxRSNIeMatch in case incorrect lated is RSNIE is received from the client in assoc external) request. CONFIR M(link is external) CVE- 2017- 9717 BID(link In Android for MSM, Firefox OS for MSM, is QRD Android, with all Android releases not external) linux -- from CAF using the Linux kernel, while 2017 yet CONFIR code_aurora_forum_android parsing Netlink attributes, a buffer overread -10- calcuM(link is can occur. 10 lated external) CVE- 2017- 11061 In Android for MSM, Firefox OS for MSM, BID(link QRD Android, with all Android releases is from CAF using the Linux kernel, while not external) linux -- processing cfg80211 vendor sub command 2017 yet CONFIR code_aurora_forum_android QCA_NL80211_VENDOR_SUBCMD_RO -10- calcuM(link is AM, a buffer over-read can occur. 10 lated external) CVE- 2017- 11046 BID(link In Android for MSM, Firefox OS for MSM, is QRD Android, with all Android releases not external) linux -- from CAF using the Linux kernel, when an 2017 yet CONFIR code_aurora_forum_android audio driver ioctl handler is called, a kernel -10- calcuM(link is out-of-bounds write can potentially occur. 10 lated external) CVE- 2017- In Android for MSM, Firefox OS for MSM, 9697 QRD Android, with all Android releases BID(link from CAF using the Linux kernel, a race is condition can allow access to already freed not external) linux -- memory while reading command 2017 yet CONFIR code_aurora_forum_android registration table entries in -10- calcuM(link is diag_dbgfs_read_table. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CVE- 2017- 11048 BID(link In Android for MSM, Firefox OS for MSM, is QRD Android, with all Android releases not external) linux -- from CAF using the Linux kernel, in a 2017 yet CONFIR code_aurora_forum_android display driver function, a Use After Free -10- calcuM(link is condition can occur. 10 lated external) CVE- 2017- 15274 CONFIR M CONFIR M security/keys/keyctl.c in the Linux kernel CONFIR before 4.11.5 does not consider the case of a M(link is NULL payload in conjunction with a external) nonzero length value, which allows local CONFIR users to cause a denial of service (NULL not M(link is pointer dereference and OOPS) via a crafted 2017 yet external) linux -- kernel add_key or keyctl system call, a different -10- calcuCONFIR vulnerability than CVE-2017-12192. 11 lated M CVE- 2017- 15299 MISC(li nk is The KEYS subsystem in the Linux kernel external) through 4.13.7 mishandles use of add_key MISC(li for a key that already exists but is nk is uninstantiated, which allows local users to external) cause a denial of service (NULL pointer not MISC(li dereference and system crash) or possibly 2017 yet nk is linux -- linux_kernel have unspecified other impact via a crafted -10- calcuexternal) system call. 14 lated MISC arch/x86/kvm/mmu.c in the Linux kernel CVE- through 4.13.5, when nested virtualisation is not 2017- used, does not properly traverse guest 2017 yet 12188 linux -- linux_kernel pagetable entries to resolve a guest virtual -10- calcuBID(link address, which allows L1 guest OS users to 11 lated is CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info execute arbitrary code on the host OS or external) cause a denial of service (incorrect index CONFIR during page walking, and host OS crash), M(link is aka an "MMU potential stack buffer external) overrun." CONFIR M CONFIR M A vulnerability was found in the Key CVE- Management sub component of the Linux 2017- kernel, where when trying to issue a 12192 KEYTCL_READ on negative key would not CONFIR lead to a NULL pointer dereference. A local 2017 yet M(link is linux -- linux_kernel attacker could use this flaw to crash the -10- calcuexternal) kernel. 11 lated MISC ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the CVE- scripting engine handles objects in memory, 2017- aka "Scripting Engine Memory Corruption 11808 Vulnerability". This CVE ID is unique from BID(link CVE-2017-11792, CVE-2017-11793, CVE- is 2017-11796, CVE-2017-11797, CVE-2017- external) 11798, CVE-2017-11799, CVE-2017- SECTR 11800, CVE-2017-11801, CVE-2017- ACK(lin 11802, CVE-2017-11804, CVE-2017- k is 11805, CVE-2017-11806, CVE-2017- not external) 11807, CVE-2017-11809, CVE-2017- 2017 yet CONFIR 11810, CVE-2017-11811, CVE-2017- -10- calcuM(link is microsoft -- chakracore 11812, and CVE-2017-11821. 13 lated external) ChakraCore and Microsoft Edge in CVE- Microsoft Windows 10 Gold, 1511, 1607, 2017- 1703, and Windows Server 2016 allows an 11809 attacker to execute arbitrary code in the BID(link context of the current user, due to how the is scripting engine handles objects in memory, external) aka "Scripting Engine Memory Corruption not SECTR Vulnerability". This CVE ID is unique from 2017 yet ACK(lin CVE-2017-11792, CVE-2017-11793, CVE- -10- calcuk is microsoft -- chakracore 2017-11796, CVE-2017-11797, CVE-2017- 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info 11798, CVE-2017-11799, CVE-2017- CONFIR 11800, CVE-2017-11801, CVE-2017- M(link is 11802, CVE-2017-11804, CVE-2017- external) 11805, CVE-2017-11806, CVE-2017- 11807, CVE-2017-11808, CVE-2017- 11810, CVE-2017-11811, CVE-2017- 11812, and CVE-2017-11821. ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the CVE- scripting engine handles objects in memory, 2017- aka "Scripting Engine Memory Corruption 11806 Vulnerability". This CVE ID is unique from BID(link CVE-2017-11792, CVE-2017-11793, CVE- is 2017-11796, CVE-2017-11797, CVE-2017- external) 11798, CVE-2017-11799, CVE-2017- SECTR 11800, CVE-2017-11801, CVE-2017- ACK(lin 11802, CVE-2017-11804, CVE-2017- k is 11805, CVE-2017-11807, CVE-2017- not external) 11808, CVE-2017-11809, CVE-2017- 2017 yet CONFIR 11810, CVE-2017-11811, CVE-2017- -10- calcuM(link is microsoft -- chakracore 11812, and CVE-2017-11821. 13 lated external) ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the CVE- scripting engine handles objects in memory, 2017- aka "Scripting Engine Memory Corruption 11807 Vulnerability". This CVE ID is unique from BID(link CVE-2017-11792, CVE-2017-11793, CVE- is 2017-11796, CVE-2017-11797, CVE-2017- external) 11798, CVE-2017-11799, CVE-2017- SECTR 11800, CVE-2017-11801, CVE-2017- ACK(lin 11802, CVE-2017-11804, CVE-2017- k is 11805, CVE-2017-11806, CVE-2017- not external) 11808, CVE-2017-11809, CVE-2017- 2017 yet CONFIR 11810, CVE-2017-11811, CVE-2017- -10- calcuM(link is microsoft -- chakracore 11812, and CVE-2017-11821. 13 lated external) ChakraCore allows an attacker to execute 2017 CVE- microsoft -- chakracore arbitrary code in the context of the current -10- not 2017- user, due to how the ChakraCore scripting 13 yet 11797 CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info engine handles objects in memory, aka calcuBID(link "Scripting Engine Information Disclosure lated is Vulnerability". This CVE ID is unique from external) CVE-2017-11792, CVE-2017-11793, CVE- CONFIR 2017-11796, CVE-2017-11798, CVE-2017- M(link is 11799, CVE-2017-11800, CVE-2017- external) 11801, CVE-2017-11802, CVE-2017- 11804, CVE-2017-11805, CVE-2017- 11806, CVE-2017-11807, CVE-2017- 11808, CVE-2017-11809, CVE-2017- 11810, CVE-2017-11811, CVE-2017- 11812, and CVE-2017-11821. ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the CVE- scripting engine handles objects in memory, 2017- aka "Scripting Engine Memory Corruption 11811 Vulnerability". This CVE ID is unique from BID(link CVE-2017-11792, CVE-2017-11793, CVE- is 2017-11796, CVE-2017-11797, CVE-2017- external) 11798, CVE-2017-11799, CVE-2017- SECTR 11800, CVE-2017-11801, CVE-2017- ACK(lin 11802, CVE-2017-11804, CVE-2017- k is 11805, CVE-2017-11806, CVE-2017- not external) 11807, CVE-2017-11808, CVE-2017- 2017 yet CONFIR microsoft -- chakracore 11809, CVE-2017-11810, CVE-2017- -10- calcuM(link is 11812, and CVE-2017-11821. 13 lated external) ChakraCore and Microsoft Edge in CVE- Microsoft Windows 10 1511, 1607, 1703, 2017- and Windows Server 2016 allows an 11812 attacker to execute arbitrary code in the BID(link context of the current user, due to how the is scripting engine handles objects in memory, external) aka "Scripting Engine Memory Corruption SECTR Vulnerability". This CVE ID is unique from ACK(lin CVE-2017-11792, CVE-2017-11793, CVE- k is 2017-11796, CVE-2017-11797, CVE-2017- not external) 11798, CVE-2017-11799, CVE-2017- 2017 yet CONFIR microsoft -- chakracore 11800, CVE-2017-11801, CVE-2017- -10- calcuM(link is 11802, CVE-2017-11804, CVE-2017- 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info 11805, CVE-2017-11806, CVE-2017- 11807, CVE-2017-11808, CVE-2017- 11809, CVE-2017-11810, CVE-2017- 11812, and CVE-2017-11821. ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine CVE- handles objects in memory, aka "Scripting 2017- Engine Memory Corruption Vulnerability". 11796 This CVE ID is unique from CVE-2017- BID(link 11792, CVE-2017-11793, CVE-2017- is 11797, CVE-2017-11798, CVE-2017- external) 11799, CVE-2017-11800, CVE-2017- SECTR 11801, CVE-2017-11802, CVE-2017- ACK(lin 11804, CVE-2017-11805, CVE-2017- k is 11806, CVE-2017-11807, CVE-2017- not external) 11808, CVE-2017-11809, CVE-2017- 2017 yet CONFIR microsoft -- chakracore 11810, CVE-2017-11811, CVE-2017- -10- calcuM(link is 11812, and CVE-2017-11821. 13 lated external) ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the CVE- scripting engine handles objects in memory, 2017- aka "Scripting Engine Memory Corruption 11805 Vulnerability". This CVE ID is unique from BID(link CVE-2017-11792, CVE-2017-11793, CVE- is 2017-11796, CVE-2017-11797, CVE-2017- external) 11798, CVE-2017-11799, CVE-2017- SECTR 11800, CVE-2017-11801, CVE-2017- ACK(lin 11802, CVE-2017-11804, CVE-2017- k is 11806, CVE-2017-11807, CVE-2017- not external) 11808, CVE-2017-11809, CVE-2017- 2017 yet CONFIR microsoft -- chakracore 11810, CVE-2017-11811, CVE-2017- -10- calcuM(link is 11812, and CVE-2017-11821. 13 lated external) ChakraCore and Microsoft Edge in CVE- Microsoft Windows 10 Gold, 1511, 1607, 2017- 1703, and Windows Server 2016 allows an not 11799 attacker to execute arbitrary code in the 2017 yet BID(link microsoft -- chakracore context of the current user, due to how the -10- calcuis scripting engine handles objects in memory, 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info aka "Scripting Engine Memory Corruption SECTR Vulnerability". This CVE ID is unique from ACK(lin CVE-2017-11792, CVE-2017-11793, CVE- k is 2017-11796, CVE-2017-11797, CVE-2017- external) 11798, CVE-2017-11800, CVE-2017- CONFIR 11801, CVE-2017-11802, CVE-2017- M(link is 11804, CVE-2017-11805, CVE-2017- external) 11806, CVE-2017-11807, CVE-2017- 11808, CVE-2017-11809, CVE-2017- 11810, CVE-2017-11811, CVE-2017- 11812, and CVE-2017-11821. ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the CVE- scripting engine handles objects in memory, 2017- aka "Scripting Engine Memory Corruption 11804 Vulnerability". This CVE ID is unique from BID(link CVE-2017-11792, CVE-2017-11793, CVE- is 2017-11796, CVE-2017-11797, CVE-2017- external) 11798, CVE-2017-11799, CVE-2017- SECTR 11800, CVE-2017-11801, CVE-2017- ACK(lin 11802, CVE-2017-11805, CVE-2017- k is 11806, CVE-2017-11807, CVE-2017- not external) 11808, CVE-2017-11809, CVE-2017- 2017 yet CONFIR microsoft -- chakracore 11810, CVE-2017-11811, CVE-2017- -10- calcuM(link is 11812, and CVE-2017-11821. 13 lated external) ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, CVE- 1703, and Windows Server 2016 allows an 2017- attacker to execute arbitrary code in the 11802 context of the current user, due to how the BID(link scripting engine handles objects in memory, is aka "Scripting Engine Memory Corruption external) Vulnerability". This CVE ID is unique from SECTR CVE-2017-11792, CVE-2017-11793, CVE- ACK(lin 2017-11796, CVE-2017-11797, CVE-2017- k is 11798, CVE-2017-11799, CVE-2017- not external) 11800, CVE-2017-11801, CVE-2017- 2017 yet CONFIR microsoft -- chakracore 11804, CVE-2017-11805, CVE-2017- -10- calcuM(link is 11806, CVE-2017-11807, CVE-2017- 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info 11808, CVE-2017-11809, CVE-2017- 11810, CVE-2017-11811, CVE-2017- 11812, and CVE-2017-11821. ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE- CVE- 2017-11796, CVE-2017-11797, CVE-2017- 2017- 11798, CVE-2017-11799, CVE-2017- 11801 11800, CVE-2017-11802, CVE-2017- BID(link 11804, CVE-2017-11805, CVE-2017- is 11806, CVE-2017-11807, CVE-2017- not external) 11808, CVE-2017-11809, CVE-2017- 2017 yet CONFIR microsoft -- chakracore 11810, CVE-2017-11811, CVE-2017- -10- calcuM(link is 11812, and CVE-2017-11821. 13 lated external) ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the CVE- scripting engine handles objects in memory, 2017- aka "Scripting Engine Memory Corruption 11821 Vulnerability". This CVE ID is unique from BID(link CVE-2017-11792, CVE-2017-11793, CVE- is 2017-11796, CVE-2017-11797, CVE-2017- external) 11798, CVE-2017-11799, CVE-2017- SECTR 11800, CVE-2017-11801, CVE-2017- ACK(lin 11802, CVE-2017-11804, CVE-2017- k is 11805, CVE-2017-11806, CVE-2017- not external) 11807, CVE-2017-11808, CVE-2017- 2017 yet CONFIR microsoft -- chakracore 11809, CVE-2017-11810, CVE-2017- -10- calcuM(link is 11811, and CVE-2017-11812. 13 lated external) Microsoft Edge in Microsoft Windows 10 CVE- Gold, 1511, 1607, and Windows Server 2017- 2016 allows an attacker to execute arbitrary 11800 code in the context of the current user, due BID(link to how the scripting engine handles objects not is in memory, aka "Scripting Engine Memory 2017 yet external) Corruption Vulnerability". This CVE ID is -10- calcuSECTR microsoft -- edge unique from CVE-2017-11792, CVE-2017- 13 lated ACK(lin CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info 11793, CVE-2017-11796, CVE-2017- k is 11797, CVE-2017-11798, CVE-2017- external) 11799, CVE-2017-11801, CVE-2017- CONFIR 11802, CVE-2017-11804, CVE-2017- M(link is 11805, CVE-2017-11806, CVE-2017- external) 11807, CVE-2017-11808, CVE-2017- 11809, CVE-2017-11810, CVE-2017- 11811, CVE-2017-11812, and CVE-2017- 11821. Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine CVE- handles objects in memory, aka "Scripting 2017- Engine Memory Corruption Vulnerability". 11798 This CVE ID is unique from CVE-2017- BID(link 11792, CVE-2017-11793, CVE-2017- is 11796, CVE-2017-11797, CVE-2017- external) 11799, CVE-2017-11800, CVE-2017- SECTR 11801, CVE-2017-11802, CVE-2017- ACK(lin 11804, CVE-2017-11805, CVE-2017- k is 11806, CVE-2017-11807, CVE-2017- not external) 11808, CVE-2017-11809, CVE-2017- 2017 yet CONFIR microsoft -- edge 11810, CVE-2017-11811, CVE-2017- -10- calcuM(link is 11812, and CVE-2017-11821. 13 lated external) CVE- 2017- 11794 BID(link is Microsoft Edge in Microsoft Windows 10 external) 1703 allows an attacker to obtain SECTR information to further compromise the user's ACK(lin system, due to how Microsoft Edge handles k is objects in memory, aka "Microsoft Edge not external) Information Disclosure Vulnerability". This 2017 yet CONFIR microsoft -- edge CVE ID is unique from CVE-2017-8726 -10- calcuM(link is and CVE-2017-11803. 13 lated external) Internet Explorer in Microsoft Windows 7 2017 CVE- microsoft -- internet_explorer SP1, Windows Server 2008 SP2 and R2 -10- not 2017- SP1, Windows 8.1 and Windows RT 8.1, 13 yet 11790 CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info Windows Server 2012 and R2, Windows 10 calcuBID(link Gold, 1511, 1607, 1703, and Windows lated is Server 2016 allows an attacker to obtain external) information to further compromise the user's SECTR system, due to how Internet Explorer ACK(lin handles objects in memory, aka "Internet k is Explorer Information Disclosure external) Vulnerability". CONFIR M(link is external) CVE- 2017- Internet Explorer in Microsoft Windows 7 11822 SP1, Windows Server 2008 SP2 and R2 BID(link SP1, Windows 8.1 and Windows RT 8.1, is Windows Server 2012 and R2, Windows 10 external) Gold, 1511, 1607, 1703, and Windows SECTR Server 2016 allows an attacker to execute ACK(lin arbitrary code in the context of the current k is user, due to how Internet Explorer handles not external) objects in memory, aka "Internet Explorer 2017 yet CONFIR microsoft -- internet_explorer Memory Corruption Vulnerability". This -10- calcuM(link is CVE ID is unique from CVE-2017-11813. 13 lated external) Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute CVE- arbitrary code in the context of the current 2017- user, due to how the scripting engine 11810 handles objects in memory, aka "Scripting BID(link Engine Memory Corruption Vulnerability". is This CVE ID is unique from CVE-2017- external) 11792, CVE-2017-11793, CVE-2017- SECTR 11796, CVE-2017-11798, CVE-2017- ACK(lin 11799, CVE-2017-11800, CVE-2017- k is 11801, CVE-2017-11802, CVE-2017- not external) 11804, CVE-2017-11805, CVE-2017- 2017 yet CONFIR microsoft -- internet_explorer 11806, CVE-2017-11807, CVE-2017- -10- calcuM(link is 11808, CVE-2017-11809, CVE-2017- 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info 11811, CVE-2017-11812, and CVE-2017- 11821. Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine CVE- handles objects in memory, aka "Scripting 2017- Engine Memory Corruption Vulnerability". 11793 This CVE ID is unique from CVE-2017- BID(link 11792, CVE-2017-11796, CVE-2017- is 11798, CVE-2017-11799, CVE-2017- external) 11800, CVE-2017-11801, CVE-2017- SECTR 11802, CVE-2017-11804, CVE-2017- ACK(lin 11805, CVE-2017-11806, CVE-2017- k is 11807, CVE-2017-11808, CVE-2017- not external) 11809, CVE-2017-11810, CVE-2017- 2017 yet CONFIR microsoft -- internet_explorer 11811, CVE-2017-11812, and CVE-2017- -10- calcuM(link is 11821. 13 lated external) CVE- 2017- 11786 BID(link is external) Skype for Business in Microsoft Lync 2013 SECTR SP1 and Skype for Business 2016 allows an ACK(lin attacker to steal an authentication hash that k is can be reused elsewhere, due to how Skype not external) for Business handles authentication 2017 yet CONFIR microsoft -- lync requests, aka "Skype for Business Elevation -10- calcuM(link is of Privilege Vulnerability." 13 lated external) Microsoft Office 2010, SharePoint CVE- Enterprise Server 2010, SharePoint Server 2017- 2010, Web Applications, Office Web Apps 11826 Server 2010 and 2013, Word Viewer, Word not BID(link 2007, 2010, 2013 and 2016, Word 2017 yet is microsoft -- multiple_products Automation Services, and Office Online -10- calcuexternal) Server allow remote code execution when 13 lated SECTR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info the software fails to properly handle objects ACK(lin in memory. k is external) CONFIR M(link is external) CVE- 2017- 11825 BID(link is Microsoft Office 2016 Click-to-Run (C2R) external) and Microsoft Office 2016 for Mac allow an SECTR attacker to use a specially crafted file to ACK(lin perform actions in the security context of k is the current user, due to how Microsoft not external) Office handles files in memory, aka 2017 yet CONFIR microsoft -- office "Microsoft Office Remote Code Execution -10- calcuM(link is Vulnerability". 13 lated external) CVE- 2017- 11776 BID(link is external) SECTR ACK(lin Microsoft Outlook 2016 allows an attacker k is to obtain the email content of a user, due to not external) how Outlook 2016 discloses user email 2017 yet CONFIR microsoft -- outlook content, aka "Microsoft Outlook -10- calcuM(link is Information Disclosure Vulnerability." 13 lated external) CVE- 2017- 11774 BID(link Microsoft Outlook 2010 SP2, Outlook 2013 is SP1 and RT SP1, and Outlook 2016 allow external) an attacker to execute arbitrary commands, not SECTR microsoft -- outlook due to how Microsoft Office handles objects 2017 yet ACK(lin in memory, aka "Microsoft Outlook -10- calcuk is Security Feature Bypass Vulnerability." 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CONFIR M(link is external) CVE- 2017- Microsoft SharePoint Enterprise Server 11775 2013 SP1 and Microsoft SharePoint BID(link Enterprise Server 2016 allow an attacker to is exploit a cross-site scripting (XSS) external) vulnerability by sending a specially crafted SECTR request to an affected SharePoint server, due ACK(lin to how SharePoint Server sanitizes web k is requests, aka "Microsoft Office SharePoint not external) microsoft -- sharepoint XSS Vulnerability". This CVE ID is unique 2017 yet CONFIR from CVE-2017-11777 and CVE-2017- -10- calcuM(link is 11820. 13 lated external) CVE- 2017- Microsoft SharePoint Enterprise Server 11820 2013 SP1 and Microsoft SharePoint BID(link Enterprise Server 2016 allow an attacker to is exploit a cross-site scripting (XSS) external) vulnerability by sending a specially crafted SECTR request to an affected SharePoint server, due ACK(lin to how SharePoint Server sanitizes web k is requests, aka "Microsoft Office SharePoint not external) XSS Vulnerability". This CVE ID is unique 2017 yet CONFIR microsoft -- sharepoint from CVE-2017-11775 and CVE-2017- -10- calcuM(link is 11777. 13 lated external) CVE- 2017- Microsoft SharePoint Enterprise Server 11777 2013 SP1 and Microsoft SharePoint BID(link Enterprise Server 2016 allow an attacker to is exploit a cross-site scripting (XSS) external) vulnerability by sending a specially crafted SECTR request to an affected SharePoint server, due ACK(lin to how SharePoint Server sanitizes web k is requests, aka "Microsoft Office SharePoint not external) XSS Vulnerability". This CVE ID is unique 2017 yet CONFIR microsoft -- sharepoint from CVE-2017-11775 and CVE-2017- -10- calcuM(link is 11820. 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CVE- 2017- The Microsoft Graphics Component on 11824 Microsoft Windows Server 2008 SP2 and BID(link R2 SP1, Windows 7 SP1, Windows 8.1, is Windows Server 2012 Gold and R2, external) Windows RT 8.1, Windows 10 Gold, 1511, SECTR 1607, and 1703, and Windows Server 2016 ACK(lin allows an elevation of privilege k is vulnerability in the way it handles objects in not external) memory, aka "Windows Graphics 2017 yet CONFIR Component Elevation of Privilege -10- calcuM(link is microsoft -- windows Vulnerability". 13 lated external) CVE- 2017- 8715 BID(link is external) SECTR The Microsoft Device Guard on Microsoft ACK(lin Windows 10 Gold, 1511, 1607, and 1703, k is and Windows Server 2016 allows a security not external) feature bypass by the way it handles 2017 yet CONFIR Windows PowerShell sessions, aka -10- calcuM(link is microsoft -- windows "Windows Security Feature Bypass". 13 lated external) CVE- 2017- 11829 BID(link is external) SECTR ACK(lin Microsoft Windows 10 allows an elevation k is of privilege vulnerability when the not external) Windows Update Delivery Optimization 2017 yet CONFIR does not properly enforce file share -10- calcuM(link is microsoft -- windows permissions. 13 lated external) The Microsoft Windows Kernel component 2017 CVE- on Microsoft Windows Server 2008 SP2 -10- not 2017- microsoft -- windows and R2 SP1, Windows 7 SP1, Windows 8.1, 13 yet 11817 CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info Windows Server 2012 Gold and R2, calcuBID(link Windows RT 8.1, Windows 10 Gold, 1511, lated is 1607, and 1703, and Windows Server 2016, external) allows an information disclosure SECTR vulnerability when it improperly validates ACK(lin objects in memory, aka "Windows k is Information Disclosure Vulnerability". external) CONFIR M(link is external) CVE- 2017- 8693 BID(link is external) The Microsoft Graphics Component on SECTR Microsoft Windows 10 Gold, 1511, 1607, ACK(lin and 1703, and Windows Server 2016 allows k is an information disclosure vulnerability in not external) the way it handles objects in memory, aka 2017 yet CONFIR "Microsoft Graphics Information Disclosure -10- calcuM(link is microsoft -- windows Vulnerability". 13 lated external) CVE- 2017- 11783 BID(link is Microsoft Windows 8.1, Windows Server external) 2012 R2, Windows RT 8.1, Windows 10 SECTR Gold, 1511, 1607, and 1703, and Windows ACK(lin Server 2016 allows an elevation of privilege k is vulnerability in the way it handles calls to not external) Advanced Local Procedure Call (ALPC), 2017 yet CONFIR microsoft -- windows aka "Windows Elevation of Privilege -10- calcuM(link is Vulnerability". 13 lated external) The Server Message Block 1.0 (SMBv1) on CVE- Microsoft Windows Server 2008 SP2 and 2017- R2 SP1, Windows 7 SP1, Windows 8.1, not 11780 Windows Server 2012 Gold and R2, 2017 yet BID(link microsoft -- windows Windows RT 8.1, Windows 10 Gold, 1511, -10- calcuis 1607, and 1703, and Windows Server 2016, 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info allows a remote code execution SECTR vulnerability when it fails to properly handle ACK(lin certain requests, aka "Windows SMB k is Remote Code Execution Vulnerability". external) CONFIR M(link is external) CVE- 2017- 11779 BID(link The Microsoft Windows Domain Name is System (DNS) DNSAPI.dll on Microsoft external) Windows 8.1, Windows Server 2012 R2, SECTR Windows RT 8.1, Windows 10 Gold, 1511, ACK(lin 1607, and 1703, and Windows Server 2016 k is allows a remote code execution not external) vulnerability when it fails to properly handle 2017 yet CONFIR microsoft -- windows DNS responses, aka "Windows DNSAPI -10- calcuM(link is Remote Code Execution Vulnerability". 13 lated external) CVE- 2017- 11769 BID(link is external) The Microsoft Windows TRIE component SECTR on Microsoft Windows 10 Gold, 1511, ACK(lin 1607, and 1703, and Windows Server 2016 k is allows a remote code execution not external) microsoft -- windows vulnerability in the way it handles loading 2017 yet CONFIR dll files, aka "TRIE Remote Code Execution -10- calcuM(link is Vulnerability". 13 lated external) The Microsoft Graphics Component on CVE- Microsoft Windows Server 2008 SP2 and 2017- R2 SP1, Windows 7 SP1, Windows 8.1, 11762 Windows Server 2012 Gold and R2, BID(link Windows RT 8.1, Windows 10 Gold, 1511, is 1607, and 1703, and Windows Server 2016 not external) allows a remote code execution 2017 yet SECTR microsoft -- windows vulnerability in the way it handles specially -10- calcuACK(lin crafted embedded fonts, aka "Microsoft 13 lated k is CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info Graphics Remote Code Execution external) Vulnerability". This CVE ID is unique from CONFIR CVE-2017-11763. M(link is external) CVE- 2017- 11771 The Microsoft Windows Search component BID(link on Microsoft Windows Server 2008 SP2 is and R2 SP1, Windows 7 SP1, Windows 8.1, external) Windows Server 2012 Gold and R2, SECTR Windows RT 8.1, Windows 10 Gold, 1511, ACK(lin 1607, and 1703, and Windows Server 2016 k is allows a remote code execution not external) vulnerability when it fails to properly handle 2017 yet CONFIR microsoft -- windows DNS responses, aka "Windows Search -10- calcuM(link is Remote Code Execution Vulnerability". 13 lated external) CVE- 2017- 11815 The Microsoft Server Block Message BID(link (SMB) on Microsoft Windows Server 2008 is SP2 and R2 SP1, Windows 7 SP1, Windows external) 8.1, Windows Server 2012 Gold and R2, SECTR Windows RT 8.1, Windows 10 Gold, 1511, ACK(lin 1607, and 1703, and Windows Server 2016, k is allows an information disclosure not external) vulnerability in the way that it handles 2017 yet CONFIR microsoft -- windows certain requests, aka "Windows SMB -10- calcuM(link is Information Disclosure Vulnerability". 13 lated external) The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 CVE- and R2 SP1, Windows 7 SP1, Windows 8.1, 2017- Windows Server 2012 Gold and R2, 11785 Windows RT 8.1, Windows 10 Gold, 1511, BID(link 1607, and 1703, and Windows Server 2016, is allows an information disclosure external) vulnerability when it improperly handles SECTR objects in memory, aka "Windows Kernel not ACK(lin Information Disclosure Vulnerability". This 2017 yet k is microsoft -- windows CVE ID is unique from CVE-2017-11765, -10- calcuexternal) CVE-2017-11784, and CVE-2017-11814. 13 lated CONFIR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info M(link is external) CVE- 2017- 11818 BID(link The Microsoft Windows Storage component is on Microsoft Windows 8.1, Windows external) Server 2012 R2, Windows RT 8.1, SECTR Windows 10 Gold, 1511, 1607, and 1703, ACK(lin and Windows Server 2016 allows a security k is feature bypass vulnerability when it fails to not external) validate an integrity-level check, aka 2017 yet CONFIR microsoft -- windows "Windows Storage Security Feature Bypass -10- calcuM(link is Vulnerability". 13 lated external) CVE- 2017- The Microsoft Windows Kernel component 11784 on Microsoft Windows Server 2008 SP2 BID(link and R2 SP1, Windows 7 SP1, Windows 8.1, is Windows Server 2012 Gold and R2, external) Windows RT 8.1, and Windows 10 Gold, SECTR allows an information disclosure ACK(lin vulnerability when it improperly handles k is objects in memory, aka "Windows Kernel not external) Information Disclosure Vulnerability". This 2017 yet CONFIR microsoft -- windows CVE ID is unique from CVE-2017-11765, -10- calcuM(link is CVE-2017-11785, and CVE-2017-11814. 13 lated external) CVE- The Microsoft Windows Kernel component 2017- on Microsoft Windows Server 2008 SP2 11814 and R2 SP1, Windows 7 SP1, Windows 8.1, BID(link Windows Server 2012 Gold and R2, is Windows RT 8.1, Windows 10 Gold, 1511, external) 1607, and 1703, and Windows Server 2016, SECTR allows an information disclosure ACK(lin vulnerability when it improperly handles k is objects in memory, aka "Windows Kernel not external) Information Disclosure Vulnerability". This 2017 yet CONFIR microsoft -- windows CVE ID is unique from CVE-2017-11765, -10- calcuM(link is CVE-2017-11784, and CVE-2017-11785. 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CVE- 2017- The Microsoft Windows Graphics Device 11816 Interface (GDI) on Microsoft Windows BID(link Server 2008 SP2 and R2 SP1, Windows 7 is SP1, Windows 8.1, Windows Server 2012 external) Gold and R2, Windows RT 8.1, Windows SECTR 10 Gold, 1511, 1607, and 1703, and ACK(lin Windows Server 2016 allows an k is information disclosure vulnerability in the not external) way it handles objects in memory, aka 2017 yet CONFIR microsoft -- windows "Windows GDI Information Disclosure -10- calcuM(link is Vulnerability". 13 lated external) ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an attacker to execute arbitrary code in the context of the current user, due to how the CVE- scripting engine handles objects in memory, 2017- aka "Scripting Engine Memory Corruption 11792 Vulnerability". This CVE ID is unique from BID(link CVE-2017-11793, CVE-2017-11796, CVE- is 2017-11798, CVE-2017-11799, CVE-2017- external) 11800, CVE-2017-11801, CVE-2017- SECTR 11802, CVE-2017-11804, CVE-2017- ACK(lin 11805, CVE-2017-11806, CVE-2017- k is 11807, CVE-2017-11808, CVE-2017- not external) 11809, CVE-2017-11810, CVE-2017- 2017 yet CONFIR microsoft -- windows 11811, CVE-2017-11812, and CVE-2017- -10- calcuM(link is 11821. 13 lated external) CVE- 2017- The Microsoft JET Database Engine in 8717 Windows Server 2008 SP2 and R2 SP1, BID(link Windows 7 SP1, Windows 8.1 and RT 8.1, is Windows Server 2012 and R2, Windows 10 external) Gold, 1511, 1607, 1703, and Windows SECTR Server 2016 allows an attacker to take ACK(lin control of an affected system, due to how it k is handles objects in memory, aka "Microsoft not external) JET Database Engine Remote Code 2017 yet CONFIR microsoft -- windows Execution Vulnerability". This CVE ID is -10- calcuM(link is unique from CVE-2017-8718. 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CVE- 2017- The Microsoft JET Database Engine in 8718 Windows Server 2008 SP2 and R2 SP1, BID(link Windows 7 SP1, Windows 8.1 and RT 8.1, is Windows Server 2012 and R2, Windows 10 external) Gold, 1511, 1607, 1703, and Windows SECTR Server 2016 allows an attacker to take ACK(lin control of an affected system, due to how it k is handles objects in memory, aka "Microsoft not external) JET Database Engine Remote Code 2017 yet CONFIR microsoft -- windows Execution Vulnerability". This CVE ID is -10- calcuM(link is unique from CVE-2017-8717. 13 lated external) CVE- 2017- 11772 The Microsoft Windows Search component BID(link on Microsoft Windows Server 2008 SP2 is and R2 SP1, Windows 7 SP1, Windows 8.1, external) Windows Server 2012 Gold and R2, SECTR Windows RT 8.1, Windows 10 Gold, 1511, ACK(lin 1607, and 1703, and Windows Server 2016 k is allows an information disclosure when it not external) microsoft -- windows fails to properly handle objects in memory, 2017 yet CONFIR aka "Microsoft Search Information -10- calcuM(link is Disclosure Vulnerability". 13 lated external) CVE- The Microsoft Windows Kernel component 2017- on Microsoft Windows Server 2008 SP2 11765 and R2 SP1, Windows 7 SP1, Windows 8.1, BID(link Windows Server 2012 Gold and R2, is Windows RT 8.1, Windows 10 Gold, 1511, external) 1607, and 1703, and Windows Server 2016, SECTR allows an information disclosure ACK(lin vulnerability when it improperly handles k is objects in memory, aka "Windows Kernel not external) microsoft -- windows Information Disclosure Vulnerability". This 2017 yet CONFIR CVE ID is unique from CVE-2017-11784, -10- calcuM(link is CVE-2017-11785, and CVE-2017-11814. 13 lated external) Microsoft Edge in Microsoft Windows 10 2017 CVE- microsoft -- windows Gold, 1511, 1607, 1703, and Windows -10- not 2017- Server 2016 allows an attacker to execute 13 yet 8726 CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info arbitrary code in the context of the current calcuBID(link user, due to how affected Microsoft lated is scripting engines handle objects in memory, external) aka "Microsoft Edge Memory Corruption SECTR Vulnerability". This CVE ID is unique from ACK(lin CVE-2017-11794 and CVE-2017-11803. k is external) CONFIR M(link is external) CVE- 2017- The Microsoft Windows Kernel Mode 8694 Driver on Microsoft Windows Server 2008 BID(link SP2 and R2 SP1, Windows 7 SP1, Windows is 8.1, Windows Server 2012 Gold and R2, external) Windows RT 8.1, Windows 10 Gold, 1511, SECTR 1607, and 1703, and Windows Server 2016 ACK(lin allows an elevation of privilege k is vulnerability when it fails to properly handle not external) objects in memory, aka "Win32k Elevation 2017 yet CONFIR microsoft -- windows of Privilege Vulnerability". This CVE ID is -10- calcuM(link is unique from CVE-2017-8689. 13 lated external) CVE- The Microsoft Graphics Component on 2017- Microsoft Windows Server 2008 SP2 and 11763 R2 SP1, Windows 7 SP1, Windows 8.1, BID(link Windows Server 2012 Gold and R2, is Windows RT 8.1, Windows 10 Gold, 1511, external) 1607, and 1703, and Windows Server 2016 SECTR allows a remote code execution ACK(lin vulnerability in the way it handles specially k is crafted embedded fonts, aka "Microsoft not external) microsoft -- windows Graphics Remote Code Execution 2017 yet CONFIR Vulnerability". This CVE ID is unique from -10- calcuM(link is CVE-2017-11763. 13 lated external) The Microsoft Windows Kernel Mode CVE- Driver on Microsoft Windows Server 2008 2017- SP2 and R2 SP1, Windows 7 SP1, Windows not 8689 8.1, Windows Server 2012 Gold and R2, 2017 yet BID(link microsoft -- windows Windows RT 8.1, Windows 10 Gold, 1511, -10- calcuis 1607, and 1703, and Windows Server 2016 13 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info allows an elevation of privilege SECTR vulnerability when it fails to properly handle ACK(lin objects in memory, aka "Win32k Elevation k is of Privilege Vulnerability". This CVE ID is external) unique from CVE-2017-8694. CONFIR M(link is external) CVE- 2017- 8727 Microsoft Windows Server 2008 SP2 and BID(link R2 SP1, Windows 7 SP1, Windows 8.1 and is RT 8.1, Windows Server 2012 and R2, external) Windows 10 Gold, 1511, 1607, 1703, and SECTR Windows Server 2016 allow an attacker to ACK(lin execute arbitrary code in the context of the k is current user, due to how Microsoft not external) Windows Text Services Framework handles 2017 yet CONFIR microsoft -- windows objects in memory, aka "Windows Shell -10- calcuM(link is Memory Corruption Vulnerability". 13 lated external) CVE- 2017- 8703 BID(link is external) SECTR The Microsoft Windows Subsystem for ACK(lin Linux on Microsoft Windows 10 1703 k is allows a denial of service vulnerability not external) when it improperly handles objects in 2017 yet CONFIR microsoft -- windows memory, aka "Windows Subsystem for -10- calcuM(link is Linux Denial of Service Vulnerability". 13 lated external) CVE- 2017- 11819 Microsoft Windows 7 SP1 allows an BID(link attacker to execute arbitrary code in the is context of the current user, due to how not external) Microsoft browsers handle objects in 2017 yet SECTR microsoft -- windows memory, aka "Windows Shell Remote Code -10- calcuACK(lin Execution Vulnerability". 13 lated k is CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info external) CONFIR M(link is external) CVE- 2017- 11782 BID(link is external) The Microsoft Server Block Message SECTR (SMB) on Microsoft Windows 10 1607 and ACK(lin Windows Server 2016, allows an elevation k is of privilege vulnerability when an attacker not external) sends specially crafted requests to the 2017 yet CONFIR microsoft -- windows server, aka "Windows SMB Elevation of -10- calcuM(link is Privilege Vulnerability". 13 lated external) CVE- 2017- 11781 The Microsoft Server Block Message BID(link (SMB) on Microsoft Windows Server 2008 is SP2 and R2 SP1, Windows 7 SP1, Windows external) 8.1, Windows Server 2012 Gold and R2, SECTR Windows RT 8.1, Windows 10 Gold, 1511, ACK(lin 1607, and 1703, and Windows Server 2016, k is allows a denial of service vulnerability not external) when an attacker sends specially crafted 2017 yet CONFIR microsoft -- windows requests to the server, aka "Windows SMB -10- calcuM(link is Denial of Service Vulnerability". 13 lated external) CVE- 2017- 11823 BID(link The Microsoft Device Guard on Microsoft is Windows 10 Gold, 1511, 1607, and 1703, external) and Windows Server 2016 allows a security SECTR feature bypass by the way it handles not ACK(lin Windows PowerShell sessions, aka 2017 yet k is microsoft -- windows "Microsoft Windows Security Feature -10- calcuexternal) Bypass". 13 lated CONFIR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info M(link is external) CVE- 2017- 15290 Mirasys Video Management System (VMS) MISC(li 6.x before 6.4.6, 7.x before 7.5.15, and 8.x nk is before 8.1.1 has a login process in which not external) mirasys -- cleartext data is sent from a server to a 2017 yet MISC(li video_management_system client, and not all of this data is required for -10- calcunk is the client functionality. 12 lated external) CVE- 2017- 15216 CONFIR MISP before 2.4.81 has a potential reflected M(link is XSS in a quickDelete action that is used to not external) delete a sighting, related to 2017 yet CONFIR misp -- misp app/View/Sightings/ajax/quickDeleteConfir -10- calcuM(link is mationForm.ctp and app/webroot/js/misp.js. 10 lated external) CVE- 2017- 15305 MISC(li nk is not external) 2017 yet MISC(li nexusphp -- nexusphp XSS exists in NexusPHP 1.5 via the -10- calcunk is keyword parameter to messages.php. 14 lated external) CVE- 2015- 5639 MISC(li nk is external) JVN(link is external) niconico App for iOS before 6.38 does not not JVNDB( verify SSL certificates which could allow 2017 yet link is niconico -- app_for_iOS remote attackers to execute man-in-the- -10- calcuexternal) middle attacks. 10 lated BID(link CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info is external) CVE- 2017- 15284 MISC(li Cross-Site Scripting exists in OctoberCMS nk is 1.0.425 (aka Build 425), allowing a least external) privileged user to upload an SVG file EXPLOI containing malicious code as the Avatar for not T- the profile. When this is opened by the 2017 yet DB(link octobercms -- octobercms Admin, it causes JavaScript execution in the -10- calcuis context of the Admin account. 12 lated external) OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create not CVE- opentext -- his own dmr_content object, pointing to 2017 yet 2017- documentum_content_server already existing content in the Content -10- calcu15014 Server filesystem. 13 lated MISC OpenText Documentum Content Server (formerly EMC Documentum Content not CVE- opentext -- Server) through 7.3 contains the following 2017 yet 2017- documentum_content_server design gap, which allows an authenticated -10- calcu15013 user to gain superuser privileges: Content 13 lated MISC CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. not CVE- opentext -- Because some files on the Content Server 2017 yet 2017- documentum_content_server filesystem are security-sensitive, this leads -10- calcu15276 to privilege escalation. 13 lated MISC OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC- command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some not CVE- opentext -- files on the Content Server filesystem are 2017 yet 2017- documentum_content_server security-sensitive, this leads to privilege -10- calcu15012 escalation. 13 lated MISC CVE- 2016- not 10513 Cross Site Scripting (XSS) exists in Piwigo 2017 yet CONFIR piwigo -- piwigo before 2.8.3 via a crafted search expression -10- calcuM to include/functions_search.inc.php. 10 lated CONFIR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info M(link is external) CONFIR M(link is external) CVE- 2016- 10514 CONFIR url_check_format in M include/functions.inc.php in Piwigo before CONFIR 2.8.3 allows remote attackers to bypass M(link is intended access restrictions via a URL that not external) contains a " character, or a URL beginning 2017 yet CONFIR piwigo -- url_check_format with a substring other than the http:// or -10- calcuM(link is https:// substring. 10 lated external) Stored Cross-site scripting (XSS) CVE- vulnerability in Pure Storage Purity 4.7.5 2017- allows remote authenticated users to inject not 7352 arbitrary web script or HTML via the "host" 2017 yet MISC(li pure_storage -- purity parameter on the 'System > Configuration > -10- calcunk is SNMP > Add SNMP Trap Manager' screen. 11 lated external) CVE- 2017- 15268 Qemu through 2.10.0 allows remote not CONFIR attackers to cause a memory leak by 2017 yet M(link is qemu -- qemu triggering slow data-channel read -10- calcuexternal) operations, related to io/channel-websock.c. 12 lated MLIST CVE- Race condition in the v9fs_xattrwalk 2017- function in hw/9pfs/9p.c in QEMU (aka 15038 Quick Emulator) allows local guest OS not MLIST(l users to obtain sensitive information from 2017 yet ink is qemu -- qemu host heap memory via vectors related to -10- calcuexternal) reading extended attributes. 09 lated MLIST CVE- 2015- Rakuten card App for iOS 5.2.0 through not 2988 5.2.4 does not verify SSL certificates which 2017 yet JVN(link rakuten -- rakuten_card might allow remote attackers to execute -10- calcuis man-in-the-middle attacks. 10 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info JVNDB( link is external) BID(link is external) CVE- 2017- RSA Archer GRC Platform prior to 6.2.0.5 8016 is affected by stored cross-site scripting via CONFIR the Questionnaire ID field. An authenticated M attacker may potentially exploit this to not SECTR execute arbitrary HTML in the user's 2017 yet ACK(lin rsa_archer -- grc_platform browser session in the context of the -10- calcuk is affected RSA Archer application. 11 lated external) CVE- 2017- 14369 CONFIR M BID(link RSA Archer GRC Platform prior to 6.2.0.5 is is affected by a privilege escalation external) vulnerability. A low privileged RSA Archer not SECTR user may potentially exploit this 2017 yet ACK(lin rsa_archer -- grc_platform vulnerability to elevate their privileges and -10- calcuk is export certain application records. 11 lated external) CVE- 2017- RSA Archer GRC Platform prior to 6.2.0.5 14370 is affected by stored cross-site scripting via CONFIR the Source Asset ID field. An authenticated M attacker may potentially exploit this to not SECTR execute arbitrary HTML in the user's 2017 yet ACK(lin rsa_archer -- grc_platform browser session in the context of the -10- calcuk is affected RSA Archer application. 11 lated external) CVE- RSA Archer GRC Platform prior to 6.2.0.5 2017- is affected by reflected cross-site scripting not 14372 vulnerabilities via certain RSA Archer Help 2017 yet CONFIR rsa_archer -- grc_platform pages. Attackers could potentially exploit -10- calcuM this to execute arbitrary HTML in the user's 11 lated BID(link CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info browser session in the context of the is affected RSA Archer application. external) SECTR ACK(lin k is external) CVE- 2017- 14371 CONFIR M RSA Archer GRC Platform prior to 6.2.0.5 BID(link is affected by reflected cross-site scripting is via the request URL. Attackers could external) potentially exploit this to execute arbitrary not SECTR HTML in the user's browser session in the 2017 yet ACK(lin rsa_archer -- grc_platform context of the affected RSA Archer -10- calcuk is application. 11 lated external) CVE- 2017- 8025 CONFIR M RSA Archer GRC Platform prior to 6.2.0.5 BID(link is affected by an arbitrary file upload is vulnerability. A remote unauthenticated external) attacker may potentially exploit this not SECTR vulnerability to upload malicious files via 2017 yet ACK(lin rsa_archer -- grc_platform attachments to arbitrary paths on the web -10- calcuk is server. 11 lated external) CVE- 2017- 0903 MISC RubyGems versions between 2.0.0 and MISC 2.6.13 are vulnerable to a possible remote MISC(li code execution vulnerability. YAML nk is deserialization of gem specifications can not external) bypass class white lists. Specially crafted 2017 yet MISC(li rubygems -- rubygems serialized objects can possibly be used to -10- calcunk is escalate to remote code execution. 11 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain CVE- OS Command Injection vulnerabilities in 2017- the ping functionality that could allow local not 6223 ruckus_wireless -- authenticated users to execute arbitrary 2017 yet CONFIR zonedirector_controller privileged commands on the underlying -10- calcuM(link is operating system. 13 lated external) Ruckus Wireless ZoneDirector Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow CVE- local authenticated users to execute arbitrary 2017- privileged commands on the underlying not 6224 ruckus_wireless -- operating system by appending those 2017 yet CONFIR zonedirector_controller commands in the Common Name field in -10- calcuM(link is the Certificate Generation Request. 13 lated external) CVE- 2015- 6918 CONFIR M(link is not external) 2017 yet CONFIR salt -- salt salt before 2015.5.5 leaks git usernames and -10- calcuM(link is passwords to the log. 10 lated external) An exploitable integer overflow CVE- vulnerability exists when creating a new 2017- RGB Surface in SDL 2.0.5. A specially 2888 crafted file can cause an integer overflow BID(link resulting in too little memory being is allocated which can lead to a buffer not external) overflow and potential code execution. An 2017 yet MISC(li sdl -- sdl attacker can provide a specially crafted -10- calcunk is image file to trigger this vulnerability. 11 lated external) An exploitable buffer overflow vulnerability not CVE- exists in the XCF property handling 2017 yet 2017- sdl -- sdl functionality of SDL_image 2.0.1. A -10- calcu2887 specially crafted xcf file can cause a stack- 11 lated BID(link CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info based buffer overflow resulting in potential is code execution. An attacker can provide a external) specially crafted XCF file to trigger this MISC(li vulnerability. nk is external) CVE- 2013- 6924 MISC(li nk is external) BID(link Seagate BlackArmor NAS devices with is firmware sg2000-2000.1331 allow remote not external) attackers to execute arbitrary commands via 2017 yet XF(link seagate -- blackarmor_nas shell metacharacters in the ip parameter to -10- calcuis backupmgt/getAlias.php. 11 lated external) CVE- 2017- 15215 Reflected XSS vulnerability in Shaarli MISC(li v0.9.1 allows an unauthenticated attacker to nk is inject JavaScript via the searchtags external) parameter to index.php. If the victim is an MISC(li administrator, an attacker can (for example) nk is take over the admin session or change not external) global settings or add/delete links. It is also 2017 yet MISC(li shaarli -- shaarli possible to execute JavaScript against -10- calcunk is unauthenticated users. 10 lated external) Response discrepancy in the login and CVE- password reset forms in SilverStripe CMS not 2017- before 3.5.5 and 3.6.x before 3.6.1 allows 2017 yet 12849 silverstripe -- silverstripe _cms remote attackers to enumerate users via -10- calcuCONFIR timing attacks. 12 lated M SQLite 3.20.1 has a NULL pointer CVE- dereference in tableColumnList in shell.c 2017- because it fails to consider certain cases not 15286 where 2017 yet MISC(li sqlite -- sqlite `sqlite3_step(pStmt)==SQLITE_ROW` is -10- calcunk is false and a data structure is never initialized. 12 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CVE- 2015- 8239 MLIST(l ink is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR The SHA-2 digest support in the sudoers M(link is plugin in sudo after 1.8.7 allows local users not external) with write permissions to parts of the called 2017 yet CONFIR sudo-- sudoers_plugin command to replace them before it is -10- calcuM(link is executed. 10 lated external) CVE- 2017- A denial of service (DoS) attack in 13679 Symantec Encryption Desktop before SED BID(link 10.4.1 MP2HF1 allows remote attackers to is make a particular machine or network not external) symantec -- resource unavailable to its intended users by 2017 yet CONFIR endpoint_encryption temporarily or indefinitely disrupting -10- calcuM(link is services of a specific host within a network. 10 lated external) CVE- 2017- A denial of service (DoS) attack in 13675 Symantec Endpoint Encryption before SEE BID(link 11.1.3HF2 allows remote attackers to make is a particular machine or network resource not external) symantec -- unavailable to its intended users by 2017 yet CONFIR endpoint_encryption temporarily or indefinitely disrupting -10- calcuM(link is services of a specific host within a network. 10 lated external) CVE- 2017- Buffer overflow in Sync Breeze Enterprise not 14980 10.0.28 allows remote attackers to have 2017 yet MISC(li sync_breeze -- enterprise unspecified impact via a long username -10- calcunk is parameter to /login. 09 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CVE- 2017- 15278 CONFIR Cross-Site Scripting (XSS) was discovered M(link is in TeamPass before 2.1.27.9. The external) vulnerability exists due to insufficient CONFIR filtration of data (in M(link is /sources/folders.queries.php). An attacker not external) could execute arbitrary HTML and script 2017 yet CONFIR teampass -- teampass code in a browser in the context of the -10- calcuM(link is vulnerable website. 12 lated external) Tiandy IP cameras 5.56.17.120 do not CVE- properly restrict a certain proprietary 2017- protocol, which allows remote attackers to not 15236 read settings via a crafted request to TCP 2017 yet MISC(li tiandy -- ip_cameras port 3001, as demonstrated by config* files -10- calcunk is and extendword.txt. 10 lated external) Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. CVE- NOTE: this software is independently 2017- deployed at multiple municipal transit not 14943 systems; it is not found exclusively on the 2017 yet MISC(li trapeze -- transitmaster "webwatch.(REDACTED).com" server -10- calcunk is mentioned in the reference. 10 lated external) CVE- 2008- 7315 MLIST(l ink is external) BID(link is external) not CONFIR 2017 yet M ui-dialog -- ui-dialog UI-Dialog 1.09 and earlier allows remote -10- calcuCONFIR attackers to execute arbitrary commands. 10 lated M CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info CONFIR M CVE- XML external entity (XXE) vulnerability in 2017- Umbraco CMS before 7.7.3 allows attackers 15280 to obtain sensitive information by reading CONFIR files on the server or sending TCP requests not M to intranet hosts (aka SSRF), related to 2017 yet CONFIR umbraco_cms -- umbraco_cms Umbraco.Web/umbraco.presentation/umbra -10- calcuM(link is co/dialogs/importDocumenttype.aspx.cs. 12 lated external) Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or CVE- HTML via the "page name" (aka nodename) 2017- parameter during the creation of a new page, 15279 related to CONFIR Umbraco.Web.UI/umbraco/dialogs/Publish. not M aspx.cs and 2017 yet CONFIR umbraco_cms -- umbraco_cms Umbraco.Web/umbraco.presentation/umbra -10- calcuM(link is co/dialogs/notifications.aspx.cs. 12 lated external) CVE- 2017- 11813 Internet Explorer in Microsoft Windows 7 BID(link SP1, Windows Server 2008 R2 SP1, is Windows 8.1 and Windows RT 8.1, and external) Windows Server 2012 R2 allows an attacker SECTR to execute arbitrary code in the context of ACK(lin the current user, due to how Internet k is Explorer handles objects in memory, aka not external) "Internet Explorer Memory Corruption 2017 yet CONFIR windows -- internet_explorer Vulnerability". This CVE ID is unique from -10- calcuM(link is CVE-2017-11822. 13 lated external) CVE- 2017- 15191 BID(link In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, is and 2.0.0 to 2.0.15, the DMP dissector could not external) crash. This was addressed in 2017 yet CONFIR epan/dissectors/packet-dmp.c by validating -10- calcuM wireshark -- wireshark a string length. 10 lated CONFIR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info M CONFIR M CONFIR M CVE- 2017- 15190 BID(link is external) CONFIR M CONFIR M In Wireshark 2.4.0 to 2.4.1, the RTSP not CONFIR dissector could crash. This was addressed in 2017 yet M wireshark -- wireshark epan/dissectors/packet-rtsp.c by correcting -10- calcuCONFIR the scope of a variable. 10 lated M CVE- 2017- 15193 BID(link is external) CONFIR M In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to CONFIR 2.2.9, the MBIM dissector could crash or M exhaust system memory. This was not CONFIR addressed in epan/dissectors/packet-mbim.c 2017 yet M wireshark -- wireshark by changing the memory-allocation -10- calcuCONFIR approach. 10 lated M CVE- 2017- 15189 BID(link is In Wireshark 2.4.0 to 2.4.1, the DOCSIS not external) dissector could go into an infinite loop. This 2017 yet CONFIR wireshark -- wireshark was addressed in plugins/docsis/packet- -10- calcuM docsis.c by adding decrements. 10 lated CONFIR CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info M CONFIR M CONFIR M CVE- 2017- 15192 BID(link is external) CONFIR In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to M 2.2.9, the BT ATT dissector could crash. CONFIR This was addressed in M epan/dissectors/packet-btatt.c by not CONFIR considering a case where not all of the 2017 yet M wireshark -- wireshark BTATT packets have the same -10- calcuCONFIR encapsulation level. 10 lated M WordPress through 4.8.2, when domain- based flashmediaelement.swf sandboxing is CVE- not used, allows remote attackers to conduct 2016- cross-domain Flash injection (XSF) attacks not 9263 by leveraging code contained within the wp- 2017 yet MISC(li wordpress -- wordpress includes/js/mediaelement/flashmediaelemen -10- calcunk is t.swf file. 12 lated external) The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the CVE- WP EasyCart plugin 1.1.30 through 3.0.20 2015- for WordPress allow remote attackers to not 2673 gain administrator privileges and execute 2017 yet MISC(li wordpress -- wordpress arbitrary code via the option_name and -10- calcunk is option_value parameters. 06 lated external) X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application CVE- fails to check remote file extensions before 2017- saving locally. This vulnerability can be not 15285 exploited by anyone with Vendor access or 2017 yet MISC(li x-cart -- x-cart higher. One attack methodology is to upload -10- calcunk is an image file in the Attachments section of a 12 lated external) CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory. CVE- 2017- 13723 MLIST(l ink is In X.Org Server (aka xserver and xorg- external) server) before 1.19.4, a local attacker BID(link authenticated to the X server could overflow is a global buffer, causing crashes of the X not external) x.org_foundation -- server or potentially other problems by 2017 yet CONFIR x.org_server injecting large or malformed XKB related -10- calcuM atoms and accessing them via xkbcomp. 09 lated MLIST CVE- 2017- 13721 MLIST(l ink is In X.Org Server (aka xserver and xorg- external) server) before 1.19.4, an attacker BID(link authenticated to an X server with the X is shared memory extension enabled can cause not external) x.org_foundation -- aborts of the X server or replace shared 2017 yet CONFIR x.org_server memory segments of other X clients in the -10- calcuM same session. 09 lated MLIST CVE- 2015- 7503 CONFIR M(link is Zend Framework before 2.4.9, zend- not external) zend_framework -- framework/zend-crypt 2.4.x before 2.4.9, 2017 yet CONFIR zend_framework and 2.5.x before 2.5.2 allows remote -10- calcuM(link is attackers to recover the RSA private key. 10 lated external) Zyxel NBG6716 V1.00(AAKG.9)C0 not CVE- devices allow command injection in the 2017 yet 2017- zyxel -- zyxel ozkerz component because beginIndex and -10- calcu15226 endIndex are used directly in a popen call. 10 lated MISC(li CVS Publ S Source Primary ishe Scor & Patch Vendor -- Product Description d e Info nk is external)