Vulnerability Summary for the Week of September 4, 2017

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:  High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0  Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9  Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

High Vulnerabilities CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large "nb_index_entries" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be CVE-2017- invoked multiple times if there is more than 14170 one applicable data segment in the crafted 2017-09- CONFIRM(lin

ffmpeg -- ffmpeg MXF file. 07 7.1 k is external) In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is CVE-2017- provided, the loop over 'table_entries_used' 14171 would consume huge CPU resources, since 2017-09- CONFIRM(lin

ffmpeg -- ffmpeg there is no EOF check inside the loop. 07 7.1 k is external) CVE-2017- fujixerox -- Untrusted search path vulnerability in 10851 contentsbridge_util Installer for ContentsBridge Utility for 2017-09- CONFIRM(lin

ity Windows 7.4.0 and earlier allows an attacker 01 9.3 k is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info to gain privileges via a Trojan horse DLL in JVN(link is an unspecified directory. external) Untrusted search path vulnerability in CVE-2017- Installers for DocuWorks 8.0.7 and earlier 10848 and DocuWorks Viewer Light published in CONFIRM(lin Jul 2017 and earlier allows an attacker to gain k is external) fujixerox -- privileges via a Trojan horse DLL in an 2017-09- JVN(link is

docuworks unspecified directory. 01 9.3 external) CVE-2017- Untrusted search path vulnerability in Self- 10849 extracting document generated by CONFIRM(lin DocuWorks 8.0.7 and earlier allows an k is external) fujixerox -- attacker to gain privileges via a Trojan horse 2017-09- JVN(link is

docuworks DLL in an unspecified directory. 01 9.3 external) CVE-2017- 14108 libgedit.a in GNOME gedit through 3.22.1 MISC(link is allows remote attackers to cause a denial of external) service (CPU consumption) via a file that 2017-09- MISC(link is

gnome -- gedit begins with many '\0' characters. 05 7.1 external) HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginControlle CVE-2017- r.php via the admin/login/getWarningInfo/id/ 14145 helpdezk -- PATH_INFO, related to the selectWarning 2017-09- MISC(link is

helpdezk function. 05 7.5 external) The ReadOneLayer function in coders/xcf.c CVE-2017- in ImageMagick 7.0.6-6 allows remote 12691 imagemagick -- attackers to cause a denial of service (memory 2017-09- CONFIRM(lin

imagemagick consumption) via a crafted file. 01 7.1 k is external) The ReadVIFFImage function in coders/viff.c CVE-2017- in ImageMagick 7.0.6-6 allows remote 12692 imagemagick -- attackers to cause a denial of service (memory 2017-09- CONFIRM(lin

imagemagick consumption) via a crafted VIFF file. 01 7.1 k is external) The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows CVE-2017- remote attackers to cause a denial of service 12693 imagemagick -- (memory consumption) via a crafted BMP 2017-09- CONFIRM(lin

imagemagick file. 01 7.1 k is external) ReadWEBPImage in coders/webp.c in CVE-2017- ImageMagick 7.0.6-5 has an issue where 14137 imagemagick -- memory allocation is excessive because it 2017-09- CONFIRM(lin

imagemagick depends only on a length field in a header. 04 7.5 k is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in CVE-2017- coders/webp.c because memory is not freed in 14138 imagemagick -- certain error cases, as demonstrated by VP8 2017-09- CONFIRM(lin

imagemagick errors. 04 7.5 k is external) In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which CVE-2017- claims a large "extent" field in the header but 14172 does not contain sufficient backing data, is CONFIRM(lin provided, the loop over "length" would k is external) imagemagick -- consume huge CPU resources, since there is 2017-09- CONFIRM(lin

imagemagick no EOF check inside the loop. 07 7.1 k is external) In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might CVE-2017- cause huge CPU consumption. When a 14174 crafted PSD file, which claims a large CONFIRM(lin "length" field in the header but does not k is external) contain sufficient backing data, is provided, CONFIRM(lin the loop over "length" would consume huge k is external) imagemagick -- CPU resources, since there is no EOF check 2017-09- CONFIRM(lin

imagemagick inside the loop. 07 7.1 k is external) In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and CVE-2017- columns fields in the header but does not 14175 contain sufficient backing data, is provided, CONFIRM(lin the loop over the rows would consume huge k is external) imagemagick -- CPU resources, since there is no EOF check 2017-09- CONFIRM(lin

imagemagick inside the loop. 07 7.1 k is external) A Code Injection vulnerability in the non- certificate-based authentication mechanism in CVE-2017- McAfee Live Safe versions prior to 16.0.3 3897 and McAfee Security Scan Plus (MSS+) CONFIRM(lin versions prior to 3.11.599.3 allows network k is external) mcafee -- attackers to perform a malicious file 2017-09- BID(link is

security_scan_plus execution via a HTTP backend-response. 01 7.5 external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain CVE-2015- sensitive information from or (2) modify 7746 netapp -- volumes via vectors related to UTF-8 in the 2017-09- CONFIRM(lin

data_ontap volume language. 01 7.5 k is external) CVE-2017- 10829 Untrusted search path vulnerability in Remote CONFIRM(lin Support Tool (Enkaku Support Tool) All k is external) versions distributed through the website till MISC(link is ntt -- 2017 August 10 allow an attacker to gain external) enkaku_support_to privileges via a Trojan horse DLL in an 2017-09- JVN(link is

ol unspecified directory. 01 9.3 external) CVE-2017- 14122 unrar 0.0.1 (aka unrar-free or unrar-gpl) MISC(link is suffers from a stack-based buffer over-read in 2017-09- external)

rarlab -- unrar unrarlib.c, related to ExtrFile and stricomp. 03 7.5 MISC CVE-2015- 5948 MLIST(link is external) MISC(link is external) Race condition in SuiteCRM before 7.2.3 CONFIRM(lin allows remote attackers to execute arbitrary k is external) salesagility -- code. NOTE: this vulnerability exists because 2017-09- CONFIRM(lin

suitecrm of an incomplete fix for CVE-2015-5947. 06 9.3 k is external) CVE-2015- 7241 MISC(link is external) BUGTRAQ(li nk is external) BID(link is external) EXPLOIT- XML External Entity (XXE) vulnerability in 2017-09- DB(link is

sap -- netweaver SAP Netweaver before 7.01. 06 7.5 external) Scrapy 1.4 allows remote attackers to cause a 2017-09- CVE-2017-

scrapy -- scrapy denial of service (memory consumption) via 05 7.8 14158 CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info large files because arbitrarily many files are MISC(link is read into memory, which is especially external) problematic if the files are then individually MISC(link is written in a separate thread to a slow storage external) resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore. The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to CVE-2017- conduct session fixation attacks or possibly 12868 bypass authentication by leveraging missing CONFIRM(lin simplesamlphp -- character conversions before an XOR 2017-09- k is external)

simplesamlphp operation. 01 7.5 CONFIRM SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive CVE-2017- information, gain unauthorized access, or 12873 have unspecified other impacts by leveraging CONFIRM(lin simplesamlphp -- incorrect persistent NameID generation when 2017-09- k is external)

simplesamlphp an Identity Provider (IdP) is misconfigured. 01 7.5 CONFIRM Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to CVE-2017- execute arbitrary OS commands as root via 14127 technicolor -- shell metacharacters in the pingAddr 2017-09- MISC(link is

td5336_firmware parameter to mnt_ping.cgi. 04 10.0 external) Back to top

Medium Vulnerabilities CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info Heap-based buffer overflow in libaxl 0.6.9 allows attackers to CVE- cause a denial of service 2015-3450 (memory corruption) or execute MLIST(lin arbitrary code via a crafted 2017- k is

aspl -- libaxl XML document. 09-06 6.8 external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info BID(link is external) CVE- 2015-3160 MLIST(lin XML external entity (XXE) k is vulnerability in external) bkr/server/jobs.py in Beaker BID(link is before 20.1 allows remote external) authenticated users to obtain CONFIRM sensitive information via CONFIRM submitting job XML to the (link is server containing entity external) references which reference files CONFIRM from the Beaker server's file 2017- (link is

beaker-project -- beaker system. 09-06 4.0 external) CVE- The admin pages for power 2015-3163 types and key types in Beaker MLIST(lin before 20.1 do not have any k is access controls, which allows external) remote authenticated users to BID(link is modify power types and key external) types via navigating to CONFIRM $BEAKER/powertypes and CONFIRM $BEAKER/keytypes 2017- (link is

beaker-project -- beaker respectively. 09-06 4.0 external) The AP4_AtomSampleTable::GetS CVE- ample function in 2017- Core/Ap4AtomSampleTable.cp 12474 p in Bento4 mp42ts before MISC(link 1.5.0-616 allows remote is external) attackers to cause a denial of MISC(link service (NULL pointer is external) dereference and application 2017- MISC(link

bento4 -- bento4 crash) via a crafted mp4 file. 09-06 4.3 is external) The AP4_Processor::Process CVE- function in 2017- Core/Ap4Processor.cpp in 12475 Bento4 mp4encrypt before 2017- MISC(link

bento4 -- bento4 1.5.0-616 allows remote 09-06 4.3 is external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info attackers to cause a denial of MISC(link service (NULL pointer is external) dereference and application MISC(link crash) via a crafted mp4 file. is external) The AP4_AvccAtom::InspectFields CVE- function in 2017- Core/Ap4AvccAtom.cpp in 12476 Bento4 mp4dump before 1.5.0- MISC(link 616 allows remote attackers to is external) cause a denial of service MISC(link (NULL pointer dereference and is external) application crash) via a crafted 2017- MISC(link

bento4 -- bento4 mp4 file. 09-06 4.3 is external) GoAhead 3.4.0 through 3.6.5 has a NULL Pointer CVE- Dereference in the 2017- websDecodeUrl function in 14149 http.c, leading to a crash for a 2017- MISC(link

embedthis -- goahead "POST / HTTP/1.1" request. 09-05 5.0 is external) In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\interface. php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list CVE- parameter to 2017- module/tool_all/select_tool.php 2017- 14118

eyesofnetwork -- eonweb . 09-03 6.5 MISC In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all\tools\snmpwal k.php does not properly restrict popen calls, which allows CVE- remote attackers to execute 2017- arbitrary commands via shell 2017- 14119

eyesofnetwork -- eonweb metacharacters in a parameter. 09-03 6.5 MISC In the mxf_read_primer_pack CVE- function in 2017- 2017-

ffmpeg -- ffmpeg libavformat/mxfdec.c in 09-07 6.8 14169 CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info FFmpeg 3.3.3, an integer CONFIRM signedness error might occur (link is when a crafted file, which external) claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value. CVE- 2015-5959 MLIST(lin k is external) Froxlor before 0.9.33.2 with the BID(link is default configuration/setup external) might allow remote attackers to CONFIRM obtain the database password 2017- (link is

froxlor -- froxlor by reading /logs/sql-error.log. 09-06 5.0 external) backend/comics/comics- document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt CVE- file that is a TAR archive 2017- containing a filename 1000083 beginning with a "--" MISC command-line option substring, BID(link is as demonstrated by a -- external) checkpoint-action=exec=bash MISC at the beginning of the 2017- MISC(link

gnome -- evince filename. 09-05 6.8 is external) An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load CVE- _increment functionality of 2017-2862 Gdk-Pixbuf 2.36.6. A specially BID(link is crafted jpeg file can cause a external) heap overflow resulting in 2017- MISC(link

gnome -- gdk-pixbuf remote code execution. An 09-05 6.8 is external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info attacker can send a file or url to trigger this vulnerability. An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can CVE- cause a heap-overflow resulting 2017-2870 in remote code execution. An BID(link is attacker can send a file or a external) URL to trigger this 2017- MISC(link

gnome -- gdk-pixbuf vulnerability. 09-05 6.8 is external) The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU CVE- Binutils 2.29, allows remote 2017- attackers to cause a denial of 14128 service (read_1_byte heap- BID(link is based buffer over-read and external) application crash) via a crafted 2017- CONFIRM

gnu -- binutils ELF file. 09-04 4.3 CONFIRM The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU CVE- Binutils 2.29, allows remote 2017- attackers to cause a denial of 14129 service (parse_comp_unit heap- BID(link is based buffer over-read and external) application crash) via a crafted 2017- CONFIRM

gnu -- binutils ELF file. 09-04 4.3 CONFIRM The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) CVE- library (aka libbfd), as 2017- distributed in GNU Binutils 14130 2.29, allows remote attackers to BID(link is cause a denial of service external) (_bfd_elf_attr_strdup heap- 2017- CONFIRM

gnu -- binutils based buffer over-read and 09-04 4.3 CONFIRM CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info application crash) via a crafted ELF file. The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a CVE- ReadMNGImage out-of-order 2017- CloseBlob call. NOTE: this 14103 vulnerability exists because of MISC(link an incomplete fix for CVE- 2017- is external)

graphicsmagick -- graphicsmagick 2017-11403. 09-01 6.8 MISC HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by CVE- uploading a .php attachment 2017- and then requesting it in the 14146 helpdezk\app\uploads\helpdezk 2017- MISC(link

helpdezk -- helpdezk \attachments\ directory. 09-05 6.5 is external) CVE- 2015-2943 JVN(link is external) JVNDB(li Honda Moto LINC 1.6.1 does 2017- nk is

honda -- moto_linc not verify SSL certificates. 09-06 4.3 external) IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery CVE- which could allow an attacker 2017-1097 to execute malicious and CONFIRM unauthorized actions (link is transmitted from a user that the external) ibm -- website trusts. IBM X-Force 2017- MISC(link

emptoris_strategic_supply_management ID: 120657. 09-05 6.8 is external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info CVE- 2017-1129 CONFIRM (link is external) CONFIRM IBM Notes 8.5 and 9.0 is (link is vulnerable to a denial of external) service. If a user is persuaded MISC(link to click on a malicious link, it is external) could cause the Notes client to EXPLOIT- hang and have to be restarted. 2017- DB(link is

ibm -- inotes IBM X-Force ID: 121370. 09-05 4.3 external) CVE- 2017-1130 CONFIRM IBM Notes 8.5 and 9.0 is (link is vulnerable to a denial of external) service. If a user is persuaded BID(link is to click on a malicious link, it external) would open up many file select MISC(link dialog boxes which would is external) cause the client hang and have EXPLOIT- to be restarted. IBM X-Force 2017- DB(link is

ibm -- inotes ID: 121371. 09-05 4.3 external) IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability CVE- allows users to embed arbitrary 2017-1457 JavaScript code in the Web UI CONFIRM thus altering the intended (link is functionality potentially external) leading to credentials BID(link is disclosure within a trusted external) session. IBM X-Force ID: 2017- MISC(link

ibm -- qradar_network_security 128376. 09-05 4.3 is external) IBM QRadar Network Security CVE- 5.4 is vulnerable to a XML 2017-1458 External Entity Injection CONFIRM (XXE) attack when processing (link is XML data. A remote attacker 2017- external)

ibm -- qradar_network_security could exploit this vulnerability 09-05 5.5 BID(link is CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info to expose sensitive information external) or consume memory resources. MISC(link IBM X-Force ID: 128377. is external) IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used CVE- as a protection mechanism such 2017-1491 as encryption or authentication, CONFIRM but it does not select the (link is strongest algorithm that is external) available to both parties. IBM 2017- MISC(link

ibm -- qradar_network_security X-Force ID: 128689. 09-05 5.0 is external) CVE- 2017- ImageMagick 7.0.6-2 has a 14139 memory leak vulnerability in CONFIRM WriteMSLImage in 2017- (link is

imagemagick -- imagemagick coders/msl.c. 09-04 6.8 external) In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition CVE- operation 2017- "GetQuantumRange(depth)+1" 14173 when "depth" is large, CONFIRM producing a smaller value than (link is expected. As a result, an external) infinite loop would occur for a CONFIRM crafted TXT file that claims a 2017- (link is

imagemagick -- imagemagick very large "max_value" value. 09-07 4.3 external) JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, CVE- related to the 2017- jas_image_ishomosamp 14132 function in 2017- MISC(link

jasper_project -- jasper libjasper/base/jas_image.c. 09-04 4.3 is external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger- CLI 3.1.1. A specially crafted CVE- journal file can cause an integer 2017-2807 underflow resulting in code BID(link is execution. An attacker can external) construct a malicious journal 2017- MISC(link

ledger-cli -- ledger file to trigger this vulnerability. 09-05 6.8 is external) An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free CVE- vulnerability resulting in 2017-2808 arbitrary code execution. An BID(link is attacker can convince a user to external) load a journal file to trigger this 2017- MISC(link

ledger-cli -- ledger vulnerability. 09-05 6.8 is external) An exploitable use-after-free exists in the PDF parsing functionality of Lexmark CVE- Perspective Document Filters 2017-2821 11.3.0.2400 and 11.4.0.2452. A BID(link is crafted PDF document can lead external) to a use-after-free resulting in 2017- MISC(link

lexmark -- perceptive_document_filters direct code execution. 09-05 6.8 is external) An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, CVE- resulting in user controlled data 2017-2822 being written to the stack. A BID(link is maliciously crafted PDF file external) can be used to trigger this 2017- MISC(link

lexmark -- perceptive_document_filters vulnerability. 09-05 6.8 is external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted CVE- xar archive, related to the 2017- mishandling of empty strings in 14166 the atol8 function in MISC archive_read_support_format_ 2017- MISC(link

libarchive -- libarchive xar.c. 09-06 4.3 is external) The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote CVE- attackers to cause a denial of 2017- service (memory allocation 14107 failure in _zip_cdir_grow in MISC zip_dirent.c) via a crafted ZIP 2017- MISC(link

libzip_project -- libzip archive. 09-01 4.3 is external) The tcp_disconnect function in net/ipv4/tcp.c in the Linux CVE- kernel before 4.12 allows local 2017- users to cause a denial of 14106 service (__tcp_select_window CONFIRM divide-by-zero error and system CONFIRM crash) by triggering a (link is disconnect within a certain 2017- external)

linux -- linux_kernel tcp_recvmsg code path. 09-01 4.9 CONFIRM A man-in-the-middle attack vulnerability in the non- certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the CVE- Windows registry value 2017-3898 associated with the McAfee CONFIRM update via the HTTP backend- 2017- (link is

mcafee -- livesafe response. 09-01 4.3 external) MIMEDefang 2.80 and earlier CVE- creates a PID file after 2017- 2017-

mimedefang -- mimedefang dropping privileges to a non- 09-01 4.6 14102 CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info root account, which might MISC(link allow local users to kill is external) arbitrary processes by MISC(link leveraging access to this non- is external) root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init- script.in and mimedefang- init.in scripts. NetApp Clustered Data CVE- ONTAP 8.3.x before 8.3.2P12 2017- allows remote authenticated 12421 users to execute arbitrary code CONFIRM on the storage controller via 2017- (link is

netapp -- clustered_data_ontap unspecified vectors. 09-01 6.5 external) NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 CVE- allows remote authenticated 2017- users to read data on other 12423 Storage Virtual Machines CONFIRM (SVMs) via unspecified 2017- (link is

netapp -- clustered_data_ontap vectors. 09-01 4.0 external) NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated CVE- users to cause a denial of 2016-1895 service via vectors related to CONFIRM unsafe user input string 2017- (link is

netapp -- data_ontap handling. 09-01 4.0 external) NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an CVE- HTTPS session, which makes it 2017- easier for remote attackers to 14053 netapp -- capture this cookie by CONFIRM oncommand_unified_manager_for_clust intercepting its transmission 2017- (link is

ered_data_ontap within an HTTP session. 09-01 5.0 external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info OpenCV (Open Source Computer Vision Library) 3.3 CVE- has an out-of-bounds write 2017- error in the function 14136 FillColorRow1 in utils.cpp MISC(link when reading an image file by is external) using cv::imread. NOTE: this MISC(link vulnerability exists because of is external) an incomplete fix for CVE- 2017- MISC(link

opencv -- opencv 2017-12597. 09-04 4.3 is external) An off-by-one error was discovered in opj_tcd_code_block_enc_alloc ate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The CVE- vulnerability causes an out-of- 2017- bounds write, which may lead 14151 to remote denial of service BID(link is (heap-based buffer overflow external) affecting opj_mqc_flush in MISC lib/openjp2/mqc.c and MISC(link opj_t1_encode_cblk in is external) lib/openjp2/t1.c) or possibly 2017- MISC(link

openjpeg -- openjpeg remote code execution. 09-05 6.8 is external) A mishandled zero case was discovered in opj_j2k_set_cinema_parameter s in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of- bounds write, which may lead CVE- to remote denial of service 2017- (heap-based buffer overflow 14152 affecting opj_write_bytes_LE MISC in lib/openjp2/cio.c and MISC(link opj_j2k_write_sot in is external) lib/openjp2/j2k.c) or possibly 2017- MISC(link

openjpeg -- openjpeg remote code execution. 09-05 6.8 is external) Use-after-free vulnerability in CVE- the sofree function in 2017- slirp/socket.c in QEMU (aka 2017- 13711

qemu -- qemu Quick Emulator) allows 09-01 5.0 MLIST(lin CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info attackers to cause a denial of k is service (QEMU instance crash) external) by leveraging failure to BID(link is properly clear ifq_so from external) pending packets. CONFIRM (link is external) MLIST unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a CVE- directory traversal vulnerability 2017- for RAR v2 archives: 14120 pathnames of the form MISC(link ../[filename] are unpacked into 2017- is external)

rarlab -- unrar the upper directory. 09-03 5.0 MISC The DecodeNumber function in CVE- unrarlib.c in unrar 0.0.1 (aka 2017- unrar-free or unrar-gpl) suffers 14121 from a NULL pointer MISC(link dereference flaw triggered by a 2017- is external)

rarlab -- unrar specially crafted RAR archive. 09-03 6.8 MISC The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML CVE- messages by leveraging an 2017- incorrect check of return values 2017- 12874

simplesamlphp -- infocard_module in signature validation utilities. 09-01 5.0 CONFIRM The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in CVE- config/authsources.php via 2017- vectors related to improper 2017- 12869

simplesamlphp -- simplesamlphp validation of user input. 09-01 5.0 CONFIRM SimpleSAMLphp 1.14.12 and earlier make it easier for man- in-the-middle attackers to CVE- obtain sensitive information by 2017- leveraging use of the 2017- 12870

simplesamlphp -- simplesamlphp aesEncrypt and aesDecrypt 09-01 4.3 CONFIRM CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non- HTTPS service providers. The aesEncrypt method in lib/SimpleSAML/Utils/Crypto. php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier CVE- for context-dependent attackers 2017- to bypass the encryption 12871 protection mechanism by CONFIRM leveraging use of the first 16 (link is bytes of the secret key as the 2017- external)

simplesamlphp -- simplesamlphp initialization vector (IV). 09-01 4.3 CONFIRM The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the CVE- standard comparison operator 2017- to compare secret material 2017- 12872

simplesamlphp -- simplesamlphp against user input. 09-01 4.3 CONFIRM CVE- 2015-5947 MLIST(lin k is external) CONFIRM (link is external) CONFIRM (link is external) SuiteCRM before 7.2.3 allows CONFIRM remote attackers to execute 2017- (link is

suitecrm -- suitecrm arbitrary code. 09-06 6.8 external) TelescopeJS before 0.15 leaks 2017- CVE-

vulcanjs -- vulcan user bcrypt password hashes in 09-06 5.0 2015-3454 CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info websocket messages, which MLIST(lin might allow remote attackers to k is obtain password hashes via a external) cross-site scripting attack. BID(link is external) CONFIRM (link is external) MISC(link is external) CVE- 2017- 14126 MISC(link is external) CONFIRM The Participants Database EXPLOIT- plugin before 1.7.5.10 for 2017- DB(link is

xnau -- participants_database WordPress has XSS. 09-04 4.3 external) Back to top

Low Vulnerabilities Primary Vendor -- CVSS Source & Product Description Published Score Patch Info CVE-2015-3161 MLIST(link is external) BID(link is external) CONFIRM MISC(link is beaker- The search bar code in bkr/server/widgets.py in external) project -- Beaker before 20.1 does not escape 2017-09- CONFIRM(link

beaker tags in string literals when producing JSON. 06 3.5 is external) Cross-site scripting (XSS) vulnerability in the CVE-2015-3162 edit comment dialog in bkr/server/widgets.py in MLIST(link is Beaker 20.1 allows remote authenticated users external) beaker- to inject arbitrary web script or HTML via BID(link is project -- writing a crafted comment on an acked or 2017-09- external)

beaker nacked cancelled job. 06 3.5 CONFIRM Primary Vendor -- CVSS Source & Product Description Published Score Patch Info MISC(link is external) CONFIRM(link is external) CVE-2017- The move_pages system call in mm/migrate.c in 14140 the Linux kernel before 4.12.9 doesn't check the CONFIRM effective uid of the target process, enabling a CONFIRM linux -- local attacker to learn the memory layout of a 2017-09- CONFIRM(link

linux_kernel setuid executable despite ASLR. 05 2.1 is external) CVE-2017- 14156 BID(link is The atyfb_ioctl function in external) drivers/video/fbdev/aty/atyfb_base.c in the MISC(link is Linux kernel through 4.12.10 does not initialize external) a certain data structure, which allows local users MISC(link is to obtain sensitive information from kernel stack external) linux -- memory by reading locations associated with 2017-09- MISC(link is

linux_kernel padding bytes. 05 2.1 external) CVE-2017- 13672 MLIST(link is external) QEMU (aka Quick Emulator), when built with BID(link is the VGA display emulator support, allows local external) guest OS privileged users to cause a denial of CONFIRM(link qemu -- service (out-of-bounds read and QEMU process 2017-09- is external)

qemu crash) via vectors involving display update. 01 2.1 MLIST Back to top

Severity Not Yet Assigned Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2015- not 5060 Cross-site scripting (XSS) yet CONFIRM anchor-cms -- anchor-cms vulnerability in anchor-cms before 2017- calcul (link is 0.9-dev. 09-07 ated external) apache -- hadoop The YARN NodeManager in Apache 2017- not CVE-2016- Hadoop 2.6.x before 2.6.5 and 2.7.x 09-05 yet 3086 Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info before 2.7.3 can leak the password calcul MLIST for credential store provider used by ated BID(link is the NodeManager to YARN external) Applications. CVE-2015- 3250 CONFIRM MLIST(lin k is external) MLIST(lin k is Apache Directory LDAP API before not external) 1.0.0-M31 allows attackers to yet CONFIRM apache_directory -- ldap_api conduct timing attacks via 2017- calcul (link is unspecified vectors. 09-07 ated external) CVE-2015- 3169 MLIST(lin k is external) BID(link is not external) Cross-site scripting (XSS) yet CONFIRM askbot -- askbot vulnerability in askbot 0.7.51- 2017- calcul (link is 4.el6.noarch. 09-07 ated external) In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. CVE-2017- The application uses the caller-id 14100 name and number as part of a built CONFIRM string passed to the OS shell for SECTRAC interpretation and execution. Since not K(link is the caller-id name and number can yet external) come from an untrusted source, a 2017- calcul CONFIRM asterisk -- asterisk crafted caller-id name or number 09-02 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info allows an arbitrary shell command injection. CVE-2017- 14098 CONFIRM BID(link is external) In the pjsip channel driver (res_pjsip) SECTRAC in Asterisk 13.x before 13.17.1 and not K(link is 14.x before 14.6.1, a carefully crafted yet external) asterisk -- asterisk tel URI in a From, To, or Contact 2017- calcul CONFIRM header could cause Asterisk to crash. 09-02 ated CONFIRM In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6- cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not CVE-2017- enabled by default, but is commonly 14099 enabled to handle devices behind CONFIRM NAT. A change was made to the SECTRAC strict RTP support in the RTP stack K(link is to better tolerate late media when a external) reinvite occurs. When combined with not CONFIRM the symmetric RTP support, this yet CONFIRM asterisk -- asterisk introduced an avenue where media 2017- calcul MISC(link could be hijacked. Instead of only 09-02 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well. The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows CVE-2017- remote attackers to obtain sensitive 10793 information (such as the Wi-Fi BID(link is password) by leveraging knowledge external) of a hardware identifier, related to not MISC(link the Bulk Data Collection (BDC) yet is external) at&t -- u-verse_firmware mechanism defined in Broadband 2017- calcul MISC(link Forum technical reports. 09-03 ated is external) The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to CVE-2017- a caserver https service with the tech 14116 account and an empty password, BID(link is which allows remote attackers to external) obtain root privileges by establishing not MISC(link a session on port 49955 and then yet is external) at&t -- u-verse_firmware installing new software, such as 2017- calcul MISC(link BusyBox with "nc -l" support. 09-03 ated is external) The AT&T U-verse 9.2.2h0d83 CVE-2017- firmware for the Arris NVG589 and not 14115 NVG599 devices, when IP yet BID(link is at&t -- u-verse_firmware Passthrough mode is not used, 2017- calcul external) configures ssh-permanent-enable 09-03 ated MISC(link Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info WAN SSH logins to the remotessh is external) account with the 5SaP9I26 password, MISC(link which allows remote attackers to is external) access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, CVE-2017- configures an unauthenticated proxy 14117 service on WAN TCP port 49152, BID(link is which allows remote attackers to external) establish arbitrary TCP connections not MISC(link to intranet hosts by sending yet is external) at&t -- u-verse_firmware \x2a\xce\x01 followed by other 2017- calcul MISC(link predictable values. 09-03 ated is external) An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search CVE-2017- path element vulnerability has been not 5147 identified, which may execute yet BID(link is azeotech -- daqfactory malicious DLL files that have been 2017- calcul external) placed within the search path. 09-08 ated MISC An Incorrect Default Permissions issue was discovered in AzeoTech CVE-2017- DAQFactory versions prior to 17.1. not 12699 Local, non-administrative users may yet BID(link is azeotech -- daqfactory be able to replace or modify original 2017- calcul external) application files with malicious ones. 09-08 ated MISC not CVE-2015- yet 7672 centreon -- centreon Cross-site scripting (XSS) 2017- calcul MISC(link vulnerability in Centreon 2.6.1. 09-07 ated is external) A vulnerability in the malware CVE-2017- detection functionality within 12218 Advanced Malware Protection not SECTRAC cisco -- (AMP) of Cisco AsyncOS Software yet K(link is asyncos_software_for_cisco_sec for Cisco Email Security Appliances 2017- calcul external) urity_appliances (ESAs) could allow an 09-07 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info unauthenticated, remote attacker to (link is cause an email attachment containing external) malware to be delivered to the end user. The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user. Vulnerable Products: This vulnerability affects Cisco AsyncOS Software for Cisco ESA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA. Cisco Bug IDs: CSCuz81533. A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used CVE-2017- in SQL queries that bypass protection 12227 filters. An attacker could exploit this BID(link is vulnerability by sending crafted external) URLs that include SQL statements. SECTRAC An exploit could allow the attacker K(link is to view or modify entries in some not external) database tables, affecting the yet CONFIRM cisco -- emergency_responder integrity of the data. Cisco Bug IDs: 2017- calcul (link is CSCvb58973. 09-07 ated external) A vulnerability in the web-based management interface of Cisco CVE-2017- Firepower Management Center could not 12220 cisco -- allow an unauthenticated, remote yet BID(link is firepower_management_center attacker to conduct a reflected cross- 2017- calcul external) site scripting (XSS) attack against a 09-07 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info user of the web-based management (link is interface of an affected device. The external) vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser- based information. Cisco Bug IDs: CSCvc50771. A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user- CVE-2017- supplied input by the affected 12221 software. Successful exploitation of BID(link is cisco -- this vulnerability could allow the not external) firepower_management_center attacker to execute arbitrary code in yet CONFIRM the context of the affected system. 2017- calcul (link is Cisco Bug IDs: CSCvc38983. 09-07 ated external) A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) CVE-2017- Gateways could allow an 12217 unauthenticated, remote attacker to BID(link is cause a partial denial of service external) (DoS) condition on an affected SECTRAC device. The vulnerability is due to K(link is improper input validation of GPRS not external) Tunneling Protocol packet headers. yet CONFIRM cisco -- gprs_tunneling_protocol An attacker could exploit this 2017- calcul (link is vulnerability by sending a malformed 09-07 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info GPRS Tunneling Protocol packet to an affected device. A successful exploit could allow the attacker to cause the GTPUMGR process on an affected device to restart unexpectedly, resulting in a partial DoS condition. If the GTPUMGR process restarts, there could be a brief impact on traffic passing through the device. Cisco Bug IDs: CSCve07119. A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow CVE-2017- an authenticated, remote attacker to 12211 cause high CPU usage or a reload of BID(link is the device. The vulnerability is due external) to IPv6 sub block corruption. An SECTRAC attacker could exploit this K(link is vulnerability by polling the affected external) device IPv6 information. An exploit CONFIRM could allow the attacker to trigger (link is high CPU usage or a reload of the not external) device. Known Affected Releases: yet CONFIRM cisco -- ios_and_ios_xe Denali-16.3.1. Cisco Bug IDs: 2017- calcul (link is CSCvb14640. 09-07 ated external) A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a CVE-2017- denial of service (DoS) condition. 6627 The vulnerability is due to Cisco IOS BID(link is Software application changes that external) create UDP sockets and leave the SECTRAC sockets idle without closing them. K(link is An attacker could exploit this not external) vulnerability by sending UDP yet CONFIRM cisco -- ios_and_ios_xe packets with a destination port of 0 to 2017- calcul (link is an affected device. A successful 09-07 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506. A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this CVE-2017- vulnerability by modifying the 6796 platform usb modem command in the BID(link is CLI of an affected device. A external) successful exploit could allow the SECTRAC attacker to inject and execute K(link is arbitrary commands on the not external) underlying operating system of an yet CONFIRM cisco -- ios_xe affected device. Cisco Bug IDs: 2017- calcul (link is CSCve48949. 09-07 ated external) A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent CVE-2017- attacker to cause dynamic ACL 12213 assignment to fail and the port to fail BID(link is open. This could allow the attacker to external) pass traffic to the default VLAN of SECTRAC the affected port. The vulnerability is K(link is due to an uncaught error condition not external) that may occur during the yet CONFIRM cisco -- ios_xe reassignment of the auth-default- 2017- calcul (link is ACL dynamic ACL to a switch port 09-07 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751. A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An CVE-2017- attacker could exploit this 6795 vulnerability by modifying the BID(link is platform usb modem command in the external) CLI of an affected device. A SECTRAC successful exploit could allow the K(link is attacker to overwrite arbitrary files not external) on the underlying operating system yet CONFIRM cisco -- ios_xe of an affected device. Cisco Bug IDs: 2017- calcul (link is CSCvf10783. 09-07 ated external) A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient CVE-2017- rate-limiting protection. An attacker 6780 could exploit this vulnerability by BID(link is sending a high rate of TCP packets to not external) a specific group of open listening yet CONFIRM cisco -- ports on a targeted device. An exploit 2017- calcul (link is iot_field_network_director could allow the attacker to cause the 09-07 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process. This vulnerability affects the following Cisco products: Connected Grid Network Management System, if running a software release prior to IoT-FND Release 4.0; IoT Field Network Director, if running a software release prior to IoT-FND Release 4.0. Cisco Bug IDs: CSCvc77164. A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering CVE-2017- ROMMON mode and modifying 12223 ROMMON variables. A successful SECTRAC exploit could allow the attacker to K(link is cisco -- execute arbitrary code and install a not external) ir800_integrated_services_route malicious version of Hypervisor yet CONFIRM r_software firmware on an affected device. 2017- calcul (link is Cisco Bug IDs: CSCvb44027. 09-07 ated external) A vulnerability in the ability for guest users to join meetings via a CVE-2017- hyperlink with Cisco Meeting Server 12224 could allow an authenticated, remote BID(link is attacker to enter a meeting with a external) hyperlink URL, even though access not SECTRAC should be denied. The vulnerability yet K(link is cisco -- meeting server is due to the incorrect 2017- calcul external) implementation of the configuration 09-07 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info setting Guest access via hyperlinks, (link is which should allow the external) administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected. Cisco Bug IDs: CSCve20873. A vulnerability in the CLI command- parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution CVE-2017- at the Cisco Meeting Server CLI. An 6794 exploit could allow the attacker to BID(link is perform command injection and external) escalate their privilege level to root. SECTRAC Vulnerable Products: This K(link is vulnerability exists in Cisco Meeting not external) Server software versions prior to and yet CONFIRM cisco -- meeting_server including 2.0, 2.1, and 2.2. Cisco 2017- calcul (link is Bug IDs: CSCvf53830. 09-07 ated external) A vulnerability in the Inventory CVE-2017- cisco -- Management feature of Cisco Prime not 6793 prime_collaboration_provisioninCollaboration Provisioning Tool yet SECTRAC g_tool could allow an authenticated, remote 2017- calcul K(link is attacker to view sensitive 09-07 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info information on the system. The CONFIRM vulnerability is due to insufficient (link is protection of restricted information. external) An attacker could exploit this vulnerability by accessing unauthorized information via the user interface. Cisco Bug IDs: CSCvd61932. A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote CVE-2017- attacker to overwrite system files as 6792 root. The vulnerability is due to lack BID(link is of input validation of the parameters external) in BatchFileName and Directory. An SECTRAC attacker could exploit this K(link is cisco -- vulnerability by manipulating the not external) prime_collaboration_provisioninparameters of the batch action file yet CONFIRM g_tool function. Cisco Bug IDs: 2017- calcul (link is CSCvd61766. 09-07 ated external) A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user's administrative session, aka a Session Fixation Vulnerability. The CVE-2017- vulnerability is due to the reuse of a 12225 preauthentication session token as SECTRAC part of the postauthentication session. K(link is An attacker could exploit this external) vulnerability by obtaining the CONFIRM presession token ID. An exploit (link is cisco -- could allow an attacker to hijack an not external) prime_lan_management_solutio existing user's session. Known yet CONFIRM n Affected Releases 4.2(5). Cisco Bug 2017- calcul (link is IDs: CSCvf58392. 09-07 ated external) A vulnerability in the web-based user CVE-2017- interface of Cisco SocialMiner could 12216 allow an unauthenticated, remote not BID(link is attacker to have read and write yet external) cisco -- socialminer access to information stored in the 2017- calcul SECTRAC affected system. The vulnerability is 09-07 ated K(link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info due to improper handling of XML external) External Entity (XXE) entries when CONFIRM parsing an XML file. An attacker (link is could exploit this vulnerability by external) convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946. A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An CVE-2017- attacker could exploit this 6791 vulnerability by generating BID(link is incomplete traffic streams. A external) successful exploit could allow the SECTRAC attacker to deny access to the TVS K(link is for an affected device, resulting in a external) DoS condition, until an administrator CONFIRM restarts the service. Known Affected (link is Releases 10.0(1.10000.24) not external) cisco -- 10.5(2.10000.5) 11.0(1.10000.10) yet CONFIRM unified_intelligence_center 9.1(2.10000.28). Cisco Bug IDs: 2017- calcul (link is CSCux21905. 09-07 ated external) A vulnerability in the Cisco Unified CVE-2017- Intelligence Center web interface 6789 could allow an unauthenticated, BID(link is remote attacker to impact the external) integrity of the system by executing a SECTRAC Document Object Model (DOM)- K(link is based, environment or client-side external) cross-site scripting (XSS) attack. The not CONFIRM cisco -- vulnerability occurs because user- yet (link is unified_intelligence_center supplied data in the DOM input is 2017- calcul external) not validated. An attacker could 09-07 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info exploit this vulnerability by sending (link is crafted URLs that contain malicious external) DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325. A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected CVE-2017- system. The vulnerability is due to 12212 insufficient input validation of BID(link is certain parameters that are passed to external) the affected software via the HTTP SECTRAC GET and HTTP POST methods. An K(link is attacker who can convince a user to external) follow an attacker-supplied link CONFIRM could execute arbitrary script or (link is HTML code in the user's browser in not external) the context of an affected site. yet CONFIRM cisco -- unity_connection Known Affected Releases 10.5(2). 2017- calcul (link is Cisco Bug IDs: CSCvf25345. 09-07 ated external) A vulnerability in the HTTP remote procedure call (RPC) service of set- top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the firmware of an affected device fails to handle certain XML CVE-2017- values that are passed to the HTTP 6631 RPC service listening on the local BID(link is subnet of the device. An attacker not external) could exploit this vulnerability by yet CONFIRM cisco -- yes_set-top_boxes submitting a malformed request to an 2017- calcul (link is affected device. A successful attack 09-07 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info could cause the affected device to restart, resulting in a DoS condition. Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action. Vulnerable Products: This vulnerability affects YesMaxTotal, YesMax HD, and YesQuattro STB devices. Cisco Bug IDs: CSCvd08812. not CVE-2015- yet 4724 concrete5 -- concrete5 SQL injection vulnerability in 2017- calcul MISC(link Concrete5 5.7.3.1. 09-07 ated is external) not CVE-2015- yet 4721 concrete5 -- concrete5 Multiple cross-site scripting (XSS) 2017- calcul MISC(link vulnerabilities in Concrete5 5.7.3.1. 09-07 ated is external) Session fixation vulnerability in D- Link DIR-600L routers (rev. Ax) not with firmware before FW1.17.B01 yet CVE-2016- d-link -- dir-600l allows remote attackers to hijack web 2017- calcul 10405 sessions via unspecified vectors. 09-07 ated CONFIRM The checktitle function in not CVE-2017- controllers/member/api.php in dayrui yet 14192 dayrui -- finecms FineCms 5.0.11 has XSS related to 2017- calcul MISC(link the module field. 09-07 ated is external) The out function in controllers/member/Login.php in not CVE-2017- dayrui FineCms 5.0.11 has XSS yet 14194 dayrui -- finecms related to the Referer HTTP header 2017- calcul MISC(link with Internet Explorer. 09-07 ated is external) The oauth function in controllers/member/api.php in dayrui not CVE-2017- FineCms 5.0.11 has XSS related to yet 14193 dayrui -- finecms the Referer HTTP header with 2017- calcul MISC(link Internet Explorer. 09-07 ated is external) The call_msg function in controllers/Form.php in dayrui not CVE-2017- FineCms 5.0.11 might have XSS yet 14195 dayrui -- finecms related to the Referer HTTP header 2017- calcul MISC(link with Internet Explorer. 09-07 ated is external) devscripts -- devscripts Argument injection vulnerability in 2017- not CVE-2015- devscripts before 2.15.7 allows 09-06 yet 5705 Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info remote attackers to write to arbitrary calcul FEDORA files via a crafted symlink and ated FEDORA crafted filename. MLIST(lin k is external) CONFIRM CONFIRM CONFIRM (link is external) XXE in Diving Log 6.0 allows attackers to remotely view local files not CVE-2017- through a crafted dive.xml file that is yet 9095 diving_log -- diving_log mishandled during a Subsurface 2017- calcul MISC(link import. 09-08 ated is external) In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a CVE-2017- portion of the template for the 12794 technical 500 debug page. Given the BID(link is right circumstances, this allowed a external) cross-site scripting attack. This SECTRAC vulnerability shouldn't affect most K(link is production sites since you shouldn't not external) run with "DEBUG = True" (which yet CONFIRM django -- django makes this page accessible) in your 2017- calcul (link is production settings. 09-07 ated external) CVE-2015- The help window in Epicor CRS 2210 Retail Store before 3.2.03.01.008 MISC(link allows local users to execute not is external) arbitrary code by injecting Javascript yet BUGTRA epicor_crs -- retail_store into the window source to create a 2017- calcul Q(link is button that spawns a command shell. 09-06 ated external) CVE-2015- 4085 MLIST(lin k is not external) Directory traversal vulnerability in yet CONFIRM etherpad -- etherpad node/hooks/express/tests.js in 2017- calcul (link is Etherpad frontend tests before 1.6.1. 09-07 ated external) In libavformat/asfdec_f.c in FFmpeg 2017- not CVE-2017- ffmpeg -- ffmpeg 3.3.3, a DoS in 09-08 yet 14223 Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info asf_build_simple_index() due to lack calcul CONFIRM of an EOF (End of File) check might ated (link is cause huge CPU consumption. When external) a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer CVE-2017- dereference in not 14225 av_color_primaries_name calls yet MISC(link ffmpeg -- ffmpeg within the ffprobe command-line 2017- calcul is external) program.) 09-09 ated MISC In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing CVE-2017- data, is provided, the loop would not 14222 consume huge CPU and memory yet CONFIRM ffmpeg -- ffmpeg resources, since there is no EOF 2017- calcul (link is check inside the loop. 09-08 ated external) An issue was discovered on FiberHome User End Routers bearing model number AN1020-25 which could allow an attacker to not CVE-2017- fiberhome -- easily restore a router to its factory yet 14147 user_end_routers_an1020-25 settings by simply browsing to the 2017- calcul MISC(link link http://[Default-Router- 09-07 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password. The DNS stub resolver in the GNU C Library (glibc) before version 2.26, when EDNS support is enabled, will CVE-2017- solicit large UDP responses from not 12133 name servers, potentially simplifying yet FEDORA glibc -- glibc off-path DNS spoofing attackers due 2017- calcul CONFIRM to IP fragmentation. 09-07 ated CONFIRM CVE-2017- 13713 T&W WIFI Repeater BE126 allows MISC(link remote authenticated users to execute not is external) gongjin_electronics -- arbitrary code via shell yet EXPLOIT- t&w_wifi_repeater_be126 metacharacters in the user parameter 2017- calcul DB(link is to cgi-bin/webupg. 09-07 ated external) CVE-2017- A remote code execution 0758 vulnerability in the Android media BID(link is framework (libhevc). Product: not external) Android. Versions: 5.0.2, 5.1.1, 6.0, yet CONFIRM 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: 2017- calcul (link is google -- android A-36492741. 09-08 ated external) CVE-2017- 0753 A remote code execution BID(link is vulnerability in the Android libraries not external) (libgdx). Product: Android. Versions: yet CONFIRM 7.1.1, 7.1.2, 8.0. Android ID: A- 2017- calcul (link is google -- android 62218744. 09-08 ated external) CVE-2017- A denial of service vulnerability in 0773 the Android media framework BID(link is (libhevc). Product: Android. not external) Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, yet CONFIRM 7.1.1, 7.1.2, 8.0. Android ID: A- 2017- calcul (link is google -- android 37615911. 09-08 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2017- 0769 A elevation of privilege vulnerability BID(link is in the Android media framework not external) (libstagefright). Product: Android. yet CONFIRM Versions: 7.0, 7.1.1, 7.1.2, 8.0. 2017- calcul (link is google -- android Android ID: A-37662122. 09-08 ated external) CVE-2017- 0786 A elevation of privilege vulnerability BID(link is in the Broadcom wi-fi driver. not external) Product: Android. Versions: Android yet CONFIRM kernel. Android ID: A-37351060. 2017- calcul (link is google -- android References: B-V2017060101. 09-08 ated external) CVE-2017- 0771 A denial of service vulnerability in BID(link is the Android media framework not external) (libskia). Product: Android. yet CONFIRM Versions: 7.0, 7.1.1, 7.1.2. Android 2017- calcul (link is google -- android ID: A-37624243. 09-08 ated external) CVE-2017- A remote code execution 0757 vulnerability in the Android media BID(link is framework (libavc). Product: not external) Android. Versions: 6.0, 6.0.1, 7.0, yet CONFIRM 7.1.1, 7.1.2. Android ID: A- 2017- calcul (link is google -- android 36006815. 09-08 ated external) CVE-2017- A information disclosure 0779 vulnerability in the Android media BID(link is framework (audioflinger). Product: not external) Android. Versions: 4.4.4, 5.0.2, yet CONFIRM 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. 2017- calcul (link is google -- android Android ID: A-38340117. 09-08 ated external) CVE-2017- 0788 A elevation of privilege vulnerability BID(link is in the Broadcom wi-fi driver. not external) Product: Android. Versions: Android yet CONFIRM kernel. Android ID: A-37722328. 2017- calcul (link is google -- android References: B-V2017053103. 09-08 ated external) A information disclosure 2017- not CVE-2017- google -- android vulnerability in the Android media 09-08 yet 0777 Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info framework (n/a). Product: Android. calcul BID(link is Versions: 7.0, 7.1.1, 7.1.2. Android ated external) ID: A-38342499. CONFIRM (link is external) CVE-2017- A elevation of privilege vulnerability 0803 in the MediaTek accessory detector BID(link is driver. Product: Android. Versions: not external) Android kernel. Android ID: A- yet CONFIRM 36136137. References: M- 2017- calcul (link is google -- android ALPS03361477. 09-08 ated external) CVE-2017- A remote code execution 0761 vulnerability in the Android media BID(link is framework (libavc). Product: not external) Android. Versions: 6.0, 6.0.1, 7.0, yet CONFIRM 7.1.1, 7.1.2, 8.0. Android ID: A- 2017- calcul (link is google -- android 38448381. 09-08 ated external) CVE-2017- A information disclosure 0792 vulnerability in the Broadcom wi-fi BID(link is driver. Product: Android. Versions: not external) Android kernel. Android ID: A- yet CONFIRM 37305578. References: B- 2017- calcul (link is google -- android V2017052301. 09-08 ated external) CVE-2017- A remote code execution 0759 vulnerability in the Android media BID(link is framework (libstagefright). Product: not external) Android. Versions: 6.0, 6.0.1, 7.0, yet CONFIRM 7.1.1, 7.1.2. Android ID: A- 2017- calcul (link is google -- android 36715268. 09-08 ated external) CVE-2017- A elevation of privilege vulnerability 0795 in the MediaTek accessory detector BID(link is driver. Product: Android. Versions: not external) Android kernel. Android ID: A- yet CONFIRM google -- android 36198473. References: M- 2017- calcul (link is ALPS03361480. 09-08 ated external) A elevation of privilege vulnerability not CVE-2017- in the MediaTek accessory detector yet 0797 google -- android driver. Product: Android. Versions: 2017- calcul BID(link is Android kernel. Android ID: A- 09-08 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info 62459766. References: M- CONFIRM ALPS03353854. (link is external) CVE-2017- A denial of service vulnerability in 0774 the Android media framework BID(link is (libstagefright). Product: Android. not external) Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, yet CONFIRM google -- android 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: 2017- calcul (link is A-62673844. 09-08 ated external) CVE-2017- 0798 A elevation of privilege vulnerability BID(link is in the MediaTek kernel. Product: not external) Android. Versions: Android kernel. yet CONFIRM google -- android Android ID: A-36100671. 2017- calcul (link is References: M-ALPS03365532. 09-08 ated external) CVE-2017- A elevation of privilege vulnerability 0796 in the MediaTek auxadc driver. BID(link is Product: Android. Versions: Android not external) kernel. Android ID: A-62458865. yet CONFIRM google -- android References: M-ALPS03353884, M- 2017- calcul (link is ALPS03353886, M-ALPS03353887. 09-08 ated external) CVE-2017- 0793 A information disclosure BID(link is vulnerability in the N/A memory not external) subsystem. Product: Android. yet CONFIRM google -- android Versions: Android kernel. Android 2017- calcul (link is ID: A-35764946. 09-08 ated external) CVE-2017- 0799 A elevation of privilege vulnerability BID(link is in the MediaTek lastbus. Product: not external) Android. Versions: Android kernel. yet CONFIRM google -- android Android ID: A-36731602. 2017- calcul (link is References: M-ALPS03342072. 09-08 ated external) A denial of service vulnerability in CVE-2017- the Android media framework not 0772 (libavc). Product: Android. Versions: yet BID(link is google -- android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. 2017- calcul external) Android ID: A-38115076. 09-08 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info (link is external) CVE-2017- 0802 A elevation of privilege vulnerability BID(link is in the MediaTek kernel. Product: not external) Android. Versions: Android kernel. yet CONFIRM google -- android Android ID: A-36232120. 2017- calcul (link is References: M-ALPS03384818. 09-08 ated external) CVE-2017- A elevation of privilege vulnerability 0768 in the Android media framework BID(link is (libeffects). Product: Android. not external) Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, yet CONFIRM google -- android 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android 2017- calcul (link is ID: A-62019992. 09-08 ated external) CVE-2017- 0800 A elevation of privilege vulnerability BID(link is in the MediaTek teei. Product: not external) Android. Versions: Android kernel. yet CONFIRM google -- android Android ID: A-37683975. 2017- calcul (link is References: M-ALPS03302988. 09-08 ated external) CVE-2017- 0790 A elevation of privilege vulnerability BID(link is in the Broadcom wi-fi driver. not external) Product: Android. Versions: Android yet CONFIRM google -- android kernel. Android ID: A-37357704. 2017- calcul (link is References: B-V2017053101. 09-08 ated external) CVE-2017- 0778 A information disclosure BID(link is vulnerability in the Android media not external) framework (n/a). Product: Android. yet CONFIRM google -- android Versions: 7.0, 7.1.1, 7.1.2. Android 2017- calcul (link is ID: A-62133227. 09-08 ated external) CVE-2017- A elevation of privilege vulnerability 0770 in the Android media framework BID(link is (libmediaplayerservice). Product: not external) Android. Versions: 4.4.4, 5.0.2, yet CONFIRM google -- android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. 2017- calcul (link is Android ID: A-38234812. 09-08 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2017- 0794 BID(link is A elevation of privilege vulnerability not external) in the Upstream kernel scsi driver. yet CONFIRM google -- android Product: Android. Versions: Android 2017- calcul (link is kernel. Android ID: A-35644812. 09-08 ated external) CVE-2017- 0801 A elevation of privilege vulnerability BID(link is in the MediaTek libmtkomxvdec. not external) Product: Android. Versions: Android yet CONFIRM google -- android kernel. Android ID: A-38447970. 2017- calcul (link is References: M-ALPS03337980. 09-08 ated external) CVE-2017- 0776 A information disclosure BID(link is vulnerability in the Android media not external) framework (n/a). Product: Android. yet CONFIRM google -- android Versions: 7.0, 7.1.1, 7.1.2, 8.0. 2017- calcul (link is Android ID: A-38496660. 09-08 ated external) CVE-2017- 0789 A elevation of privilege vulnerability BID(link is in the Broadcom wi-fi driver. not external) Product: Android. Versions: Android yet CONFIRM google -- android kernel. Android ID: A-37685267. 2017- calcul (link is References: B-V2017053102. 09-08 ated external) CVE-2017- A denial of service vulnerability in 0775 the Android media framework BID(link is (libstagefright). Product: Android. not external) Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, yet CONFIRM google -- android 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android 2017- calcul (link is ID: A-62673179. 09-08 ated external) CVE-2017- A elevation of privilege vulnerability 0767 in the Android media framework BID(link is (libeffects). Product: Android. not external) Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, yet CONFIRM google -- android 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: 2017- calcul (link is A-37536407. 09-08 ated external) google -- android A remote code execution 2017- not CVE-2017- vulnerability in the Android media 09-08 yet 0764 Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info framework (libvorbis). Product: calcul BID(link is Android. Versions: 4.4.4, 5.0.2, ated external) 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. CONFIRM Android ID: A-62872015. (link is external) CVE-2017- A remote code execution 0762 vulnerability in the Android media BID(link is framework (libhevc). Product: not external) Android. Versions: 5.0.2, 5.1.1, 6.0, yet CONFIRM google -- android 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: 2017- calcul (link is A-62214264. 09-08 ated external) CVE-2017- A remote code execution 0766 vulnerability in the Android media BID(link is framework (libjhead). Product: not external) Android. Versions: 4.4.4, 5.0.2, yet CONFIRM google -- android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. 2017- calcul (link is Android ID: A-37776688. 09-08 ated external) CVE-2017- A remote code execution 0763 vulnerability in the Android media BID(link is framework (libhevc). Product: not external) Android. Versions: 5.0.2, 5.1.1, 6.0, yet CONFIRM google -- android 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android 2017- calcul (link is ID: A-62534693. 09-08 ated external) CVE-2017- A remote code execution 0765 vulnerability in the Android media BID(link is framework (libstagefright). Product: not external) Android. Versions: 6.0, 6.0.1, 7.0, yet CONFIRM google -- android 7.1.1, 7.1.2, 8.0. Android ID: A- 2017- calcul (link is 62872863. 09-08 ated external) CVE-2017- 0791 A elevation of privilege vulnerability BID(link is in the Broadcom wi-fi driver. not external) Product: Android. Versions: Android yet CONFIRM google -- android kernel. Android ID: A-37306719. 2017- calcul (link is References: B-V2017052302. 09-08 ated external) A remote code execution not CVE-2017- vulnerability in the Android media yet 0760 google -- android framework (libstagefright). Product: 2017- calcul BID(link is Android. Versions: 6.0, 6.0.1, 7.0, 09-08 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info 7.1.1, 7.1.2. Android ID: A- CONFIRM 37237396. (link is external) CVE-2017- 0784 A elevation of privilege vulnerability BID(link is in the Android system (nfc). Product: not external) Android. Versions: 5.0.2, 5.1.1, 6.0, yet CONFIRM google -- android 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: 2017- calcul (link is A-37287958. 09-08 ated external) CVE-2017- A elevation of privilege vulnerability 0752 in the Android framework BID(link is (windowmanager). Product: Android. not external) Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, yet CONFIRM google -- android 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: 2017- calcul (link is A-62196835. 09-08 ated external) CVE-2017- A remote code execution 0756 vulnerability in the Android media BID(link is framework (libstagefright). Product: not external) Android. Versions: 4.4.4, 5.0.2, yet CONFIRM google -- android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. 2017- calcul (link is Android ID: A-34621073. 09-08 ated external) CVE-2017- 0755 A elevation of privilege vulnerability BID(link is in the Android libraries (libminikin). not external) Product: Android. Versions: 5.0.2, yet CONFIRM google -- android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. 2017- calcul (link is Android ID: A-32178311. 09-08 ated external) CVE-2017- 0780 A denial of service vulnerability in BID(link is the Android runtime (android not external) messenger). Product: Android. yet CONFIRM google -- android Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 2017- calcul (link is 8.0. Android ID: A-37742976. 09-08 ated external) A elevation of privilege vulnerability CVE-2017- in the Broadcom wi-fi driver. not 0787 Product: Android. Versions: Android yet BID(link is google -- android kernel. Android ID: A-37722970. 2017- calcul external) References: B-V2017053104. 09-08 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info (link is external) The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a CVE-2017- header. This may lead to remote not 14165 graphicsmagick -- denial of service in the yet MISC(link graphicsmagick MagickMalloc function in 2017- calcul is external) magick/memory.c. 09-06 ated MISC CVE-2015- Huawei E5756S before 4629 V200R002B146D23SP00C00 allows BID(link is remote attackers to read device not external) configuration information, enable yet CONFIRM huawei -- e5756s PIN/PUK authentication, and 2017- calcul (link is perform other unspecified actions. 09-07 ated external) IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed CVE-2017- arbitrary JavaScript code in the Web 1502 UI thus altering the intended CONFIRM functionality potentially leading to not (link is ibm -- credentials disclosure within a yet external) content_navigator_&_cmis trusted session. IBM X-Force ID: 2017- calcul MISC(link 129577. 09-07 ated is external) IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed CVE-2017- arbitrary JavaScript code in the Web 1098 UI thus altering the intended CONFIRM ibm -- functionality potentially leading to not (link is emptoris_supplier_lifecycle_ma credentials disclosure within a yet external) nagement trusted session. IBM X-Force ID: 2017- calcul MISC(link 120658. 09-07 ated is external) Cross-site request forgery (CSRF) CVE-2014- vulnerability in IBM Flex System not 9565 EN6131 40Gb Ethernet and IB6131 yet BID(link is ibm -- flex_system 40Gb Infiniband Switch firmware 2017- calcul external) 3.4.0000 and earlier. 09-07 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info (link is external) IBM WebSphere Portal and Web CVE-2017- Content Manager 6.1, 7.0, and 8.0 is 1189 vulnerable to cross-site scripting. CONFIRM This vulnerability allows users to (link is embed arbitrary JavaScript code in external) the Web UI thus altering the intended SECTRAC ibm -- functionality potentially leading to not K(link is websphere_portal_web_content credentials disclosure within a yet external) _manager trusted session. IBM X-Force ID: 2017- calcul MISC(link 123558. 09-07 ated is external) CVE-2015- 7294 MLIST(lin k is external) MLIST(lin k is external) CONFIRM (link is Idapauth-fork before 2.3.3 allows not external) remote attackers to perform LDAP yet CONFIRM idapauth-fork -- idapauth-fork injection attacks via a crafted 2017- calcul (link is username. 09-06 ated external) A heap-based buffer overflow in WritePCXImage in coders/pcx.c in CVE-2017- ImageMagick 7.0.6-8 Q16 allows not 14224 remote attackers to cause a denial of yet CONFIRM imagemagick -- imagemagick service or code execution via a 2017- calcul (link is crafted file. 09-08 ated external) Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 can be upgraded to CVE-2017- firmware version 11.6.x.1xxx which not 5698 intel -- is vulnerable to CVE-2017-5689 and yet CONFIRM firmware_for_multiple_products can be performed by a local user with 2017- calcul (link is administrative privileges. 09-05 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, CVE-2017- related to 14219 userRpm/popupSiteSurveyRpm.htm MISC(link and userRpm/WlanSecurityRpm.htm. not is external) intelbras -- The attack vector is a crafted ESSID, yet EXPLOIT- wireless_n_router_firmware as demonstrated by an "airbase-ng - 2017- calcul DB(link is e" command. 09-07 ated external) There is an infinite loop in the jpc_dec_tileinit function in not CVE-2017- jpc/jpc_dec.c of JasPer 2.0.13. It will yet 14229 jasper -- jasper lead to a remote denial of service 2017- calcul MISC(link attack. 09-09 ated is external) CVE-2013- 7428 FULLDIS C CONFIRM (link is external) MLIST(lin The Googlemaps plugin before 3.1 k is for Joomla! allows remote attackers not external) to cause a denial of service via the yet MLIST(lin joomla! -- joomla! url parameter to 2017- calcul k is plugin_googlemap2_proxy.php. 09-07 ated external) Vulnerability in Easy Joomla Backup not CVE-2017- v3.2.4. The software creates a copy yet 2550 joomla! -- joomla! of the backup in the web root with an 2017- calcul MISC(link easily guessable filename. 09-08 ated is external) CVE-2015- 1590 MLIST(lin k is external) CONFIRM CONFIRM not (link is The kamcmd administrative utility yet external) kamailio -- kamailio and default configuration in kamailio 2017- calcul CONFIRM before 4.3.0 use /tmp/kamailio_ctl. 09-07 ated (link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info external) CONFIRM (link is external) Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via CVE-2017- requests to (1) cgi- 13771 bin/direct/printer/prtappauth/apps/snf not MISC(link DestServlet or (2) cgi- yet is external) lexmark -- scan_to_network bin/direct/printer/prtappauth/apps/Im 2017- calcul FULLDIS portExportServlet. 09-07 ated C CVE-2017- 6362 DEBIAN CONFIRM Double free vulnerability in the (link is gdImagePngPtr function in libgd2 external) before 2.2.5 allows remote attackers not CONFIRM to cause a denial of service via yet (link is libgd2 -- libgd2 vectors related to a palette with no 2017- calcul external) colors. 09-07 ated FEDORA WP1StylesListener.cpp, CVE-2017- WP5StylesListener.cpp, and 14226 WP42StylesListener.cpp in libwpd MISC 0.10.1 mishandle iterators, which MISC(link allows remote attackers to cause a is external) denial of service (heap-based buffer MISC over-read in the WPXTableList class MISC(link in WPXTable.cpp). This is external) vulnerability can be triggered in not MISC(link LibreOffice before 5.3.7. It may lead yet is external) libwpd -- libwpd to suffering a remote attack against a 2017- calcul MISC(link LibreOffice application. 09-09 ated is external) CVE-2015- Array index error in LightDM (aka 8316 Light Display Manager) 1.14.3, MLIST(lin 1.16.x before 1.16.6 when the not k is XDMCP server is enabled allows yet external) lightdm -- lightdm remote attackers to cause a denial of 2017- calcul CONFIRM service (process crash) via an 09-06 ated (link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info XDMCP request packet with no external) address. CONFIRM (link is external) CVE-2017- 12146 CONFIRM CONFIRM CONFIRM (link is external) CONFIRM (link is The driver_override implementation external) in drivers/base/platform.c in the CONFIRM Linux kernel before 4.12.1 allows (link is local users to gain privileges by not external) leveraging a race condition between yet CONFIRM linux -- linux_kernel a read operation and a store operation 2017- calcul (link is that involve different overrides. 09-08 ated external) CVE-2016- The mkdumprd script called "dracut" 5759 in the current working directory "." not SUSE allows local users to trick the yet MLIST(lin linux -- linux_kernel administrator into executing code as 2017- calcul k is root. 09-08 ated external) CVE-2015- 5186 MLIST(lin k is external) BID(link is external) CONFIRM (link is not external) Audit before 2.4.4 in Linux does not yet CONFIRM linux -- linux_kernel sanitize escape characters in 2017- calcul (link is filenames. 09-06 ated external) A elevation of privilege vulnerability CVE-2017- in the MediaTek mmc driver. not 0804 Product: Android. Versions: Android yet BID(link is kernel. Android ID: A-36274676. 2017- calcul external) mediatek -- mediatek References: M-ALPS03361487. 09-08 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info (link is external) In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a CVE-2017- bson_utf8_validate length argument, 14227 which allows remote attackers to MISC(link cause a denial of service (heap-based is external) buffer over-read in the not MISC(link bson_utf8_validate function in bson- yet is external) mongodb -- libbson utf8.c), as demonstrated by bson-to- 2017- calcul MISC(link json.c. 09-09 ated is external) Cross-site request forgery (CSRF) vulnerability in Mongoose Web CVE-2017- Server before 6.9 allows remote 11567 attackers to hijack the authentication MISC of users for requests that modify FULLDIS Mongoose.conf via a request to not C mongoose_web_server -- __mg_admin?save. NOTE: this issue yet EXPLOIT- mongoose_web_server can be leveraged to execute arbitrary 2017- calcul DB(link is code remotely. 09-07 ated external) The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability not CVE-2017- which results in a read access yet 12912 mp3gain -- mp3gain violation when opening a crafted 2017- calcul MISC(link MP3 file. 09-07 ated is external) The "apetag.c" file in MP3Gain not CVE-2017- 1.5.2.r2 has a vulnerability which yet 12911 mp3gain -- mp3gain results in a stack memory corruption 2017- calcul MISC(link when opening a crafted MP3 file. 09-07 ated is external) DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, CVE-2017- and application crash) or possibly not 14181 have unspecified other impact via a yet MISC mp4tools -- aacplusenc crafted .wav file, aka a NULL 2017- calcul MISC(link pointer dereference. 09-07 ated is external) In Netwide Assembler (NASM) not CVE-2017- 2.14rc0, there is an illegal address yet 14228 access in the function paste_tokens() 2017- calcul MISC(link nasm -- nasm in preproc.c, aka a NULL pointer 09-09 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info dereference. It will lead to remote denial of service. An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of CVE-2017- LabVIEW 2017, LabVIEW 2016, 2779 LabVIEW 2015, and LabVIEW CONFIRM 2014. A specially crafted Virtual (link is Instrument (VI) file can cause an external) attacker controlled looping condition BID(link is resulting in an arbitrary null write. external) An attacker controlled VI file can be not MISC(link used to trigger this vulnerability and yet is external) national_instruments -- labview can potentially result in code 2017- calcul MISC(link execution. 09-05 ated is external) Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to not CVE-2017- mybonus.php or (2) add yet 12838 nexsusphp -- nexsusphp administrators via unspecified 2017- calcul MISC(link vectors. 09-07 ated is external) Multiple cross-site scripting (XSS) CVE-2017- vulnerabilities in NexusPHP allow 12906 remote attackers to inject arbitrary not MISC(link web script or HTML via the yet is external) nexsusphp -- nexsusphp PATH_INFO to (1) cheaters.php or 2017- calcul MISC(link (2) confirm_resend.php. 09-07 ated is external) CVE-2017- 9779 CONFIRM OCaml compiler allows attackers to (link is have unspecified impact via not external) unknown vectors, a similar issue to yet MLIST(lin ocaml -- ocaml CVE-2017-9772 "but with much less 2017- calcul k is impact." 09-07 ated external) enigma2- plugins/blob/master/webadmin/src/W ebChilds/Script.py in the webadmin not CVE-2017- plugin for opendreambox 2.0.0 yet 14135 opendreambox -- opendreambox allows remote attackers to execute 2017- calcul MISC(link arbitrary OS commands via shell 09-04 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info metacharacters in the command parameter to the /script URI. A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of- bounds write, which may lead to remote denial of service (heap-based CVE-2017- buffer overflow affecting 14164 opj_write_bytes_LE in MISC lib/openjp2/cio.c) or possibly remote not MISC(link code execution. NOTE: this yet is external) openjpeg -- openjpeg vulnerability exists because of an 2017- calcul MISC(link incomplete fix for CVE-2017-14152. 09-06 ated is external) slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification not before a root script executes a "kill yet CVE-2017- openldap -- openldap `cat /pathname`" command, as 2017- calcul 14159 demonstrated by openldap-initscript. 09-05 ated MISC A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, CVE-2017- opw_fuel_management_systems V175-V189, V191-V195, and not 12733 -- sitesentinel_integra_consoles V16Q3.1. An attacker may create an yet BID(link is application user account to gain 2017- calcul external) administrative privileges. 09-08 ated MISC A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles CVE-2017- with the following software versions: not 12731 opw_fuel_management_systems older than V175, V175-V189, V191- yet BID(link is -- sitesentinel_integra_consoles V195, and V16Q3.1. The application 2017- calcul external) is vulnerable to injection of 09-08 ated MISC Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info malicious SQL queries via the input from the client. CVE-2015- 3222 MISC(link is external) MLIST(lin k is external) BID(link is syscheck/seechanges.c in OSSEC 2.7 not external) through 2.8.1 on NIX systems allows yet CONFIRM ossec -- ossec local users to execute arbitrary code 2017- calcul (link is as root. 09-07 ated external) Cross-site scripting (XSS) vulnerability in the GlobalProtect CVE-2017- internal and external gateway 12416 interface in Palo Alto Networks CONFIRM PAN-OS before 6.1.18, 7.0.x before (link is 7.0.17, 7.1.x before 7.1.12, and 8.0.x external) before 8.0.3 allows remote attackers BID(link is to inject arbitrary web script or not external) HTML via vectors related to yet SECTRAC improper request parameter 2017- calcul K(link is palo_alto -- pan-os validation. 09-07 ated external) XML external entity (XXE) vulnerability in the GlobalProtect CVE-2017- internal and external gateway 9458 interface in Palo Alto Networks CONFIRM PAN-OS before 6.1.18, 7.0.x before (link is 7.0.17, 7.1.x before 7.1.12, and 8.0.x external) before 8.0.3 allows remote attackers BID(link is to obtain sensitive information, cause not external) a denial of service, or conduct server- yet SECTRAC palo_alto -- pan_os side request forgery (SSRF) attacks 2017- calcul K(link is via unspecified vectors. 09-07 ated external) The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when CVE-2016- configured with multiple identity not 0732 zones; and Elastic Runtime 1.6.0 yet CONFIRM pivotal -- cloud_foundry through 1.6.13 allows remote 2017- calcul (link is authenticated users with privileges in 09-07 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info one zone to gain privileges and perform operations on a different zone via unspecified vectors. In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External CVE-2017- Entity) attack was discovered in the 8040 Single Sign-On service dashboard. BID(link is Privileged users can in some cases not external) upload malformed XML leading to yet CONFIRM pivotal -- cloud_foundry exposure of data on the Single Sign- 2017- calcul (link is On service broker file system. 09-08 ated external) In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior CVE-2017- to 1.3.4 and 1.4.x versions prior to 8041 1.4.3, a user can execute a XSS BID(link is attack on certain Single Sign-On not external) service UI pages by inputting code in yet CONFIRM pivotal -- cloud_foundry the text field for an organization 2017- calcul (link is name. 09-08 ated external) not CVE-2015- yet 4627 pragyan -- pragyan SQL injection vulnerability in 2017- calcul MISC(link Pragyan CMS 3.0. 09-07 ated is external) Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka CVE-2017- Quick Emulator) allows local guest 14167 OS users to execute arbitrary code on not MLIST(lin the host via crafted multiboot header yet k is qemu -- qemu address values, which trigger an out- 2017- calcul external) of-bounds write. 09-08 ated MLIST CVE-2015- 8079 MLIST(lin k is external) not CONFIRM qt5-qtwebkit before 5.4 records yet (link is qtwebkit -- qt5 private browsing URLs to its favicon 2017- calcul external) database, WebpageIcons.db. 09-07 ated CONFIRM ruby -- ruby The 2017- not CVE-2014- URI.decode_www_form_component 09-06 yet 6438 Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info method in Ruby before 1.9.2-p330 calcul MLIST(lin allows remote attackers to cause a ated k is denial of service (catastrophic external) regular expression backtracking, SECTRAC resource consumption, or application K(link is crash) via a crafted string. external) CONFIRM CONFIRM not yet CVE-2015- safrengo -- safrengo SQL injection vulnerability in 2017- calcul 5052 Sefrengo before 1.6.5 beta2. 09-07 ated CONFIRM CVE-2015- 6250 MLIST(lin k is external) simple-php-captcha before commit CONFIRM 9d65a945029c7be7bb6bc893759e74 (link is c5636be694 allows remote attackers not external) simple-php-captcha -- simple- to automatically generate the captcha yet CONFIRM php-captcha response by running the same code 2017- calcul (link is on the client-side. 09-06 ated external) CVE-2015- 3442 MISC(link is external) FULLDIS C BUGTRA Q(link is external) Soreco Xpert.Line 3.0 allows local not BID(link is users to spoof users and consequently yet external) soreco -- xpert_line gain privileges by intercepting a 2017- calcul MISC(link Windows API call. 09-07 ated is external) CVE-2015- 4619 MLIST(lin Cross-site request forgery (CSRF) not k is vulnerability in Spina before commit yet external) spina -- spina bfe44f289e336f80b6593032679300c 2017- calcul BID(link is 493735e75. 09-07 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info MISC(link is external) CVE-2015- 3991 FEDORA FEDORA BID(link is external) strongSwan 5.2.2 and 5.3.0 allows not CONFIRM remote attackers to cause a denial of yet (link is strongswan -- strongswan service (daemon crash) or execute 2017- calcul external) arbitrary code. 09-07 ated CONFIRM CVE-2015- 0853 MISC MLIST(lin k is external) svn-workbench 1.6.2 and earlier on a MISC system with xeyes installed allows MISC(link local users to execute arbitrary not is external) svn-workbench -- svn- commands by using the "Command yet CONFIRM workbench Shell" menu item while in the 2017- calcul (link is directory trunk/$(xeyes). 09-06 ated external) Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious CVE-2017- local Windows user can, under 13674 certain circumstances, exploit this BID(link is vulnerability to escalate their not external) privileges on the system and execute yet CONFIRM symantec -- proxyclient arbitrary code with LocalSystem 2017- calcul (link is privileges. 09-01 ated external) Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4- CVE-2017- 3433 and 6.3-2968 allows remote not 12071 authenticated users to download yet CONFIRM arbitrary local files via the url 2017- calcul (link is synology -- photo_station parameter. 09-08 ated external) Directory traversal vulnerability in not synphotoio in Synology Photo yet CVE-2017- synology -- photo_station Station before 6.7.4-3433 and 6.3- 2017- calcul 11162 2968 allows remote authenticated 09-08 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info users to read arbitrary files via (link is unspecified vectors. external) Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3- 2968 allow remote attackers to CVE-2017- execute arbitrary SQL commands via not 11161 the (1) article_id parameter to yet CONFIRM synology -- photo_station label.php; or (2) type parameter to 2017- calcul (link is synotheme.php. 09-08 ated external) CVE-2015- 7225 MLIST(lin Tinfoil Devise-two-factor before k is 2.0.0 does not strictly follow section external) 5.2 of RFC 6238 and does not "burn" MLIST(lin a successfully validated one-time k is password (aka OTP), which allows external) remote or physically proximate BID(link is attackers with a target user's login external) credentials to log in as said user by MISC obtaining the OTP through CONFIRM performing a man-in-the-middle (link is attack between the provider and not external) verifier, or shoulder surfing, and yet CONFIRM tinfoil -- devise-two-factor replaying the OTP in the current 2017- calcul (link is time-step. 09-06 ated external) CVE-2017- 13754 FULLDIS C Cross-site scripting (XSS) BUGTRA vulnerability in the "advanced Q(link is settings - time server" module in external) Wibu-Systems CodeMeter before EXPLOIT- 6.50b allows remote attackers to not DB(link is inject arbitrary web script or HTML yet external) wibu_systems -- codemeter via the "server name" field in 2017- calcul MISC(link actions/ChangeConfiguration.html. 09-07 ated is external) Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The not CVE-2017- vulnerability exists due to yet 11611 wolf_cms -- wolf_cms insufficient sanitization of the file 2017- calcul MISC(link name in a "create-file-popup" action, 09-08 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info and the directory name in a "create- directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI). SQL injection vulnerability in the CVE-2017- WatuPRO plugin before 5.5.3.7 for 9834 WordPress allows remote attackers MISC(link to execute arbitrary SQL commands not is external) via the watupro_questions parameter yet EXPLOIT- wordpress -- wordpress in a watupro_submit action to wp- 2017- calcul DB(link is admin/admin-ajax.php. 09-07 ated external) CVE-2015- 4697 MLIST MLIST(lin k is external) Cross-site request forgery (CSRF) not BID(link is vulnerability in Google Analyticator yet external) wordpress -- wordpress Wordpress Plugin before 6.4.9.3 rev 2017- calcul MISC @1183563. 09-07 ated MISC CVE-2015- 3314 MISC(link is external) MLIST(lin k is external) MLIST(lin k is external) BID(link is external) not CONFIRM SQL injection vulnerability in yet EXPLOIT- wordpress -- wordpress WordPress Tune Library plugin 2017- calcul DB(link is before 1.5.5. 09-07 ated external) not CVE-2015- SQL injection vulnerability in yet 3313 wordpress -- wordpress WordPress Community Events 2017- calcul MISC(link plugin before 1.4. 09-07 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info MLIST(lin k is external) MLIST(lin k is external) BID(link is external) CONFIRM EXPLOIT- DB(link is external) CVE-2011- 3177 The YaST2 network created files CONFIRM with world readable permissions (link is which could have allowed local users not external) to read sensitive material out of yet CONFIRM yast -- yast network configuration files, like 2017- calcul (link is passwords for wireless networks. 09-08 ated external) Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can CVE-2017- upload files with any extensions. By 14123 zoho -- uploading a PHP file to the server, an not MISC(link manageengine_firewall_analyze attacker can cause it to execute in the yet is external) r server context, as demonstrated by 2017- calcul MISC(link /itplus/FileStorage/302/shell.jsp. 09-04 ated is external) Back to top