Vulnerability Summary for the Week of July 17, 2017

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:  High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0  Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9  Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

High Vulnerabilities CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info CVE-2017- 7664 MLIST Uploaded XML documents were not correctly 2017-07- BID(link is

apache -- openmeetings validated in Apache OpenMeetings 3.1.0. 17 7.5 external)

An issue was discovered in certain Apple CVE-2017- products. iTunes before 12.6.2 on Windows is 7053 affected. The issue involves the "iTunes" BID(link is component. It allows attackers to execute external) arbitrary code in a privileged context via a crafted 2017-07- CONFIRM(lin

apple -- app. 20 9.3 k is external)

CVE-2017- 7050 An issue was discovered in certain Apple BID(link is products. macOS before 10.12.6 is affected. The external) issue involves the "Bluetooth" component. It SECTRACK(li allows attackers to execute arbitrary code in a nk is external) privileged context or cause a denial of service 2017-07- CONFIRM(lin

apple -- mac_os_x (memory corruption) via a crafted app. 20 7.9 k is external)

CVE-2017- 7051 An issue was discovered in certain Apple BID(link is products. macOS before 10.12.6 is affected. The external) issue involves the "Bluetooth" component. It SECTRACK(li allows attackers to execute arbitrary code in a nk is external) privileged context or cause a denial of service 2017-07- CONFIRM(lin

apple -- mac_os_x (memory corruption) via a crafted app. 20 7.9 k is external)

An issue was discovered in certain Apple CVE-2017- 2017-07- products. macOS before 10.12.6 is affected. The 7054 apple -- mac_os_x 20 7.9 issue involves the "Bluetooth" component. It BID(link is CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info allows attackers to execute arbitrary code in a external) privileged context or cause a denial of service SECTRACK(li (memory corruption) via a crafted app. nk is external) CONFIRM(lin k is external)

CVE-2017- 7040 BID(link is external) SECTRACK(li nk is external) An issue was discovered in certain Apple CONFIRM(lin products. iOS before 10.3.3 is affected. k is external) before 10.1.2 is affected. iCloud before 6.2.2 on CONFIRM(lin Windows is affected. iTunes before 12.6.2 on k is external) Windows is affected. tvOS before 10.2.2 is CONFIRM(lin affected. The issue involves the "WebKit" k is external) component. It allows remote attackers to execute CONFIRM(lin arbitrary code or cause a denial of service k is external) (memory corruption and application crash) via a 2017-07- CONFIRM(lin

apple -- safari crafted web site. 20 9.3 k is external)

CVE-2017- 7041 BID(link is external) SECTRACK(li nk is external) An issue was discovered in certain Apple CONFIRM(lin products. iOS before 10.3.3 is affected. Safari k is external) before 10.1.2 is affected. iCloud before 6.2.2 on CONFIRM(lin Windows is affected. iTunes before 12.6.2 on k is external) Windows is affected. tvOS before 10.2.2 is CONFIRM(lin affected. The issue involves the "WebKit" k is external) component. It allows remote attackers to execute CONFIRM(lin arbitrary code or cause a denial of service k is external) (memory corruption and application crash) via a 2017-07- CONFIRM(lin

apple -- safari crafted web site. 20 9.3 k is external)

An issue was discovered in certain Apple CVE-2017- products. iOS before 10.3.3 is affected. Safari 7042 2017-07- before 10.1.2 is affected. iCloud before 6.2.2 on BID(link is apple -- safari 20 9.3 Windows is affected. iTunes before 12.6.2 on external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info Windows is affected. tvOS before 10.2.2 is SECTRACK(li affected. The issue involves the "WebKit" nk is external) component. It allows remote attackers to execute CONFIRM(lin arbitrary code or cause a denial of service k is external) (memory corruption and application crash) via a CONFIRM(lin crafted web site. k is external) CONFIRM(lin k is external) CONFIRM(lin k is external) CONFIRM(lin k is external)

CVE-2017- 7043 BID(link is external) SECTRACK(li nk is external) An issue was discovered in certain Apple CONFIRM(lin products. iOS before 10.3.3 is affected. Safari k is external) before 10.1.2 is affected. iCloud before 6.2.2 on CONFIRM(lin Windows is affected. iTunes before 12.6.2 on k is external) Windows is affected. tvOS before 10.2.2 is CONFIRM(lin affected. The issue involves the "WebKit" k is external) component. It allows remote attackers to execute CONFIRM(lin arbitrary code or cause a denial of service k is external) (memory corruption and application crash) via a 2017-07- CONFIRM(lin

apple -- safari crafted web site. 20 9.3 k is external)

CVE-2017- 7049 BID(link is An issue was discovered in certain Apple external) products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on SECTRACK(li nk is external) Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is CONFIRM(lin k is external) affected. The issue involves the "WebKit" CONFIRM(lin component. It allows remote attackers to execute k is external) arbitrary code or cause a denial of service CONFIRM(lin (memory corruption and application crash) via a 2017-07- k is external) apple -- safari crafted web site. 20 7.5 CONFIRM(lin CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info k is external) CONFIRM(lin k is external)

CVE-2017- 7052 BID(link is external) SECTRACK(li nk is external) An issue was discovered in certain Apple CONFIRM(lin products. iOS before 10.3.3 is affected. Safari k is external) before 10.1.2 is affected. iCloud before 6.2.2 on CONFIRM(lin Windows is affected. iTunes before 12.6.2 on k is external) Windows is affected. tvOS before 10.2.2 is CONFIRM(lin affected. The issue involves the "WebKit" k is external) component. It allows remote attackers to execute CONFIRM(lin arbitrary code or cause a denial of service k is external) (memory corruption and application crash) via a 2017-07- CONFIRM(lin

apple -- safari crafted web site. 20 7.5 k is external)

CVE-2017- 7055 BID(link is external) SECTRACK(li nk is external) An issue was discovered in certain Apple CONFIRM(lin products. iOS before 10.3.3 is affected. Safari k is external) before 10.1.2 is affected. iCloud before 6.2.2 on CONFIRM(lin Windows is affected. iTunes before 12.6.2 on k is external) Windows is affected. tvOS before 10.2.2 is CONFIRM(lin affected. The issue involves the "WebKit" k is external) component. It allows remote attackers to execute CONFIRM(lin arbitrary code or cause a denial of service k is external) (memory corruption and application crash) via a 2017-07- CONFIRM(lin

apple -- safari crafted web site. 20 7.5 k is external)

An issue was discovered in certain Apple CVE-2017- products. iOS before 10.3.3 is affected. Safari 7056 before 10.1.2 is affected. iCloud before 6.2.2 on BID(link is Windows is affected. iTunes before 12.6.2 on external) 2017-07- Windows is affected. tvOS before 10.2.2 is SECTRACK(li apple -- safari 20 7.5 affected. The issue involves the "WebKit" nk is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info component. It allows remote attackers to execute CONFIRM(lin arbitrary code or cause a denial of service k is external) (memory corruption and application crash) via a CONFIRM(lin crafted web site. k is external) CONFIRM(lin k is external) CONFIRM(lin k is external) CONFIRM(lin k is external)

CVE-2017- 7061 BID(link is external) SECTRACK(li nk is external) An issue was discovered in certain Apple CONFIRM(lin products. iOS before 10.3.3 is affected. Safari k is external) before 10.1.2 is affected. iCloud before 6.2.2 on CONFIRM(lin Windows is affected. iTunes before 12.6.2 on k is external) Windows is affected. tvOS before 10.2.2 is CONFIRM(lin affected. The issue involves the "WebKit" k is external) component. It allows remote attackers to execute CONFIRM(lin arbitrary code or cause a denial of service k is external) (memory corruption and application crash) via a 2017-07- CONFIRM(lin

apple -- safari crafted web site. 20 7.5 k is external)

CVE-2017- 2246 Untrusted search path vulnerability in Installer of CONFIRM(lin Lhaz version 2.4.0 and earlier allows an attacker k is external) to gain privileges via a Trojan horse DLL in an 2017-07- JVN(link is

chitora -- lhaz unspecified directory. 17 9.3 external)

CVE-2017- Untrusted search path vulnerability in Self- 2247 extracting archive files created by Lhaz version CONFIRM(lin 2.4.0 and earlier allows an attacker to gain k is external) privileges via a Trojan horse DLL in an 2017-07- JVN(link is

chitora -- lhaz unspecified directory. 17 9.3 external)

2017-07- Untrusted search path vulnerability in Installer of CVE-2017- chitora -- lhaz+ 17 9.3 Lhaz+ version 3.4.0 and earlier allows an attacker 2248 CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info to gain privileges via a Trojan horse DLL in an CONFIRM(lin unspecified directory. k is external) JVN(link is external)

CVE-2017- Untrusted search path vulnerability in Self- 2249 extracting archive files created by Lhaz+ version CONFIRM(lin 3.4.0 and earlier allows an attacker to gain k is external) privileges via a Trojan horse DLL in an 2017-07- JVN(link is

chitora -- lhaz+ unspecified directory. 17 9.3 external)

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only CVE-2017- community string for the affected system. To 6736 exploit these vulnerabilities via SNMP Version 3, BID(link is the attacker must have user credentials for the external) affected system. All devices that have enabled SECTRACK(li SNMP and have not explicitly excluded the nk is external) affected MIBs or OIDs should be considered 2017-07- CONFIRM(lin

cisco -- ios vulnerable. Cisco Bug IDs: CSCve57697. 17 9.0 k is external)

The Simple Network Management Protocol CVE-2017- (SNMP) subsystem of Cisco IOS 12.0 through 6737 12.4 and 15.0 through 15.6 and IOS XE 2.2 BID(link is through 3.17 contains multiple vulnerabilities that external) 2017-07- could allow an authenticated, remote attacker to SECTRACK(li cisco -- ios 17 9.0 remotely execute code on an affected system or nk is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info cause an affected system to reload. An attacker CONFIRM(lin could exploit these vulnerabilities by sending a k is external) crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60402.

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: CVE-2017- Versions 1, 2c, and 3. To exploit these 6738 vulnerabilities via SNMP Version 2c or earlier, BID(link is the attacker must know the SNMP read-only external) community string for the affected system. To SECTRACK(li exploit these vulnerabilities via SNMP Version 3, nk is external) the attacker must have user credentials for the 2017-07- CONFIRM(lin affected system. All devices that have enabled cisco -- ios 17 9.0 k is external) SNMP and have not explicitly excluded the CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve89865, CSCsy56638.

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only CVE-2017- community string for the affected system. To 6739 exploit these vulnerabilities via SNMP Version 3, BID(link is the attacker must have user credentials for the external) affected system. All devices that have enabled SECTRACK(li SNMP and have not explicitly excluded the nk is external) affected MIBs or OIDs should be considered 2017-07- CONFIRM(lin

cisco -- ios vulnerable. Cisco Bug IDs: CSCve66540. 17 9.0 k is external)

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to CVE-2017- remotely execute code on an affected system or 6740 cause an affected system to reload. An attacker BID(link is could exploit these vulnerabilities by sending a external) crafted SNMP packet to an affected system via SECTRACK(li IPv4 or IPv6. Only traffic directed to an affected nk is external) system can be used to exploit these 2017-07- CONFIRM(lin vulnerabilities. The vulnerabilities are due to a cisco -- ios 17 9.0 k is external) buffer overflow condition in the SNMP CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601.

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To CVE-2017- exploit these vulnerabilities via SNMP Version 3, 6743 the attacker must have user credentials for the BID(link is affected system. All devices that have enabled external) SNMP and have not explicitly excluded the SECTRACK(li affected MIBs or OIDs should be considered nk is external) vulnerable. Cisco Bug IDs: CSCve60376, 2017-07- CONFIRM(lin

cisco -- ios CSCve78027. 17 9.0 k is external)

The Simple Network Management Protocol CVE-2017- 2017-07- (SNMP) subsystem of Cisco IOS 12.0 through 6744 cisco -- ios 17 9.0 12.4 and 15.0 through 15.6 and IOS XE 2.2 BID(link is CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info through 3.17 contains multiple vulnerabilities that external) could allow an authenticated, remote attacker to SECTRACK(li remotely execute code on an affected system or nk is external) cause an affected system to reload. An attacker CONFIRM(lin could exploit these vulnerabilities by sending a k is external) crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve78027, CSCve60276.

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these CVE-2017- vulnerabilities. The vulnerabilities are due to a 6741 buffer overflow condition in the SNMP BID(link is subsystem of the affected software. The external) vulnerabilities affect all versions of SNMP: SECTRACK(li Versions 1, 2c, and 3. To exploit these nk is external) vulnerabilities via SNMP Version 2c or earlier, 2017-07- CONFIRM(lin the attacker must know the SNMP read-only cisco -- ios_xe 17 9.0 k is external) community string for the affected system. To CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66658.

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only CVE-2017- community string for the affected system. To 6742 exploit these vulnerabilities via SNMP Version 3, BID(link is the attacker must have user credentials for the external) affected system. All devices that have enabled SECTRACK(li SNMP and have not explicitly excluded the nk is external) affected MIBs or OIDs should be considered 2017-07- CONFIRM(lin

cisco -- ios_xe vulnerable. Cisco Bug IDs: CSCve54313. 17 9.0 k is external)

Creolabs Gravity version 1.0 is vulnerable to a CVE-2017- Double Free in gravity_value resulting potentially 1000072 leading to modification of unexpected memory 2017-07- CONFIRM(lin

creolabs -- gravity locations 17 7.5 k is external)

CVE-2017- Creolabs Gravity version 1.0 is vulnerable to a 1000073 heap overflow in an undisclosed component that 2017-07- CONFIRM(lin

creolabs -- gravity can result in arbitrary code execution. 17 7.5 k is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info CVE-2017- 1000074 Creolabs Gravity version 1.0 is vulnerable to a 2017-07- CONFIRM(lin

creolabs -- gravity stack overflow in the string_repeat() function. 17 7.5 k is external)

CVE-2017- 1000075 Creolabs Gravity version 1.0 is vulnerable to a 2017-07- CONFIRM(lin

creolabs -- gravity stack overflow in the memcmp function 17 7.5 k is external)

CVE-2017- 1000060 eyesofnetwork -- EyesOfNetwork (EON) 5.1 Unauthenticated SQL 2017-07- MISC(link is

eyesofnetwork Injection in eonweb leading to remote root 17 10.0 external)

Fiyo CMS v2.0.7 has an SQL injection CVE-2017- vulnerability in 11354 dapur/apps/app_article/sys_article.php via the 2017-07- MISC(link is

fiyo -- fiyo_cms name parameter in editing or adding a tag name. 17 7.5 external)

CVE-2017- Fiyo CMS 2.0.7 has SQL injection in 11412 dapur/apps/app_comment/controller/comment_sta2017-07- MISC(link is

fiyo -- fiyo_cms tus.php via $_GET['id']. 18 7.5 external)

CVE-2017- Fiyo CMS 2.0.7 has SQL injection in 11413 dapur/apps/app_article/controller/comment_status 2017-07- MISC(link is

fiyo -- fiyo_cms .php via $_GET['id']. 18 7.5 external)

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], CVE-2017- $_POST['web'], $_POST['email'], 11414 $_POST['status'], $_POST['id'], and 2017-07- MISC(link is

fiyo -- fiyo_cms $_REQUEST['id']. 18 7.5 external)

Fiyo CMS 2.0.7 has SQL injection in CVE-2017- dapur/apps/app_article/sys_article.php via 11415 $_POST['parent_id'], $_POST['desc'], 2017-07- MISC(link is

fiyo -- fiyo_cms $_POST['keys'], and $_POST['level']. 18 7.5 external)

Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the 2017-07- CVE-2017- fiyo -- fiyo_cms name parameter. 18 7.5 11416 CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info MISC(link is external)

CVE-2017- Fiyo CMS 2.0.7 has SQL injection in 11417 dapur/apps/app_article/controller/article_status.ph2017-07- MISC(link is

fiyo -- fiyo_cms p via $_GET['id']. 18 7.5 external)

Fiyo CMS 2.0.7 has SQL injection in CVE-2017- dapur/apps/app_article/controller/article_list.php 11418 via $_GET['cat'], $_GET['user'], $_GET['level'], 2017-07- MISC(link is

fiyo -- fiyo_cms and $_GET['iSortCol_'.$i]. 18 7.5 external)

CVE-2017- Fiyo CMS 2.0.7 has SQL injection in 11419 /apps/app_article/controller/editor.php via 2017-07- MISC(link is

fiyo -- fiyo_cms $_POST['id'] and $_POST['art_title']. 18 7.5 external)

Framadate version 1.0 is vulnerable to Formula CVE-2017- Injection in the CSV Export resulting possible 2017-07- 1000039

framasoft -- framadate Information Disclosure and Code Execution 17 7.5 CONFIRM

CVE-2017- 10979 An FR-GV-202 issue in FreeRADIUS 2.x before CONFIRM 2.2.10 allows "Write overflow in rad_coalesce()" BID(link is - this allows remote attackers to cause a denial of external) service (daemon crash) or possibly execute 2017-07- SECTRACK(li

freeradius -- freeradius arbitrary code. 17 7.5 nk is external)

An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers CVE-2017- to cause a denial of service (daemon crash) or 2017-07- 10984

freeradius -- freeradius possibly execute arbitrary code. 17 7.5 CONFIRM

An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory CVE-2017- exhaustion with 'concat' attributes" and a denial 2017-07- 10985

freeradius -- freeradius of service. 17 7.8 CONFIRM

An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption CVE-2017- 2017-07- vulnerability has been identified (aka improper 9639 fujielectric -- v-server 17 7.5 restriction of operations within the bounds of a BID(link is CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info memory buffer), which may allow remote code external) execution. MISC

GLPI before 9.1.5.1 has SQL Injection in the CVE-2017- $crit variable in 11474 inc/computer_softwareversion.class.php, 2017-07- CONFIRM(lin

glpi-project -- glpi exploitable via ajax/common.tabs.php. 20 7.5 k is external)

CVE-2017- GLPI before 9.1.5.1 has SQL Injection in the 11475 condition rule field, exploitable via 2017-07- CONFIRM(lin

glpi-project -- glpi front/rulesengine.test.php. 20 7.5 k is external)

gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer CVE-2017- which may lead to memory corruption when 2017-07- 1000044

gnome -- gtk-vnc rendering 17 7.5 CONFIRM

Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using CVE-2016- authentication-gated cryptography are vulnerable 10398 to this attack, which was confirmed on the LG 2017-07- MISC(link is

google -- android Nexus 5X. 17 7.2 external)

Untrusted search path vulnerability in Self- extracting encrypted files created by AttacheCase CVE-2017- ver.2.8.3.0 and earlier allows an attacker to gain 2271 privileges via a Trojan horse DLL in an 2017-07- JVN(link is

hibara -- attachecase unspecified directory. 17 9.3 external)

Untrusted search path vulnerability in Self- extracting encrypted files created by AttacheCase CVE-2017- ver.3.2.2.6 and earlier allows an attacker to gain 2272 privileges via a Trojan horse DLL in an 2017-07- JVN(link is

hibara -- attachecase unspecified directory. 17 9.3 external) imagemagick -- 2017-07- The ReadPESImage function in coders\pes.c in CVE-2017- imagemagick 19 7.1 ImageMagick 7.0.6-1 has an infinite loop 11446 CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info vulnerability that can cause CPU exhaustion via a CONFIRM(lin crafted PES file. k is external)

CVE-2017- Subrion CMS before 4.1.5.10 has a SQL injection 11444 intelliants -- vulnerability in /front/search.php via the $_GET 2017-07- CONFIRM(lin

subrion_cms array. 19 7.5 k is external)

CVE-2017- Subrion CMS before 4.1.6 has a SQL injection 11445 intelliants -- vulnerability in /front/actions.php via the $_POST 2017-07- CONFIRM(lin

subrion_cms array. 19 7.5 k is external)

CVE-2017- LogicalDoc CommunityEdition 7.5.3 and prior is 1000021 vulnerable to XXE when indexing XML 2017-07- MISC(link is

logicaldoc -- logicaldoc documents. 17 7.5 external)

CVE-2017- LogicalDoc CommunityEdition 7.5.3 and prior 1000022 contain an Incorrect access control which could 2017-07- MISC(link is

logicaldoc -- logicaldoc leave to privilege escalation 17 7.5 external)

A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully CVE-2017- exploited the vulnerability could gain the same 0152 user rights as the current user, aka "Scripting 2017-07- CONFIRM(lin

microsoft -- edge Engine Memory Corruption Vulnerability." 17 9.3 k is external)

CVE-2017- Linux foundation ONOS 1.9.0 is vulnerable to a 2017-07- 1000079

onosproject -- onos DoS 17 7.8 MISC

CVE-2017- Linux foundation ONOS 1.9.0 allows 2017-07- 1000080

onosproject -- onos unauthenticated use of websockets 17 7.5 MISC

Linux foundation ONOS 1.9.0 is vulnerable to CVE-2017- unauthenticated upload of applications (.oar) 2017-07- 1000081

onosproject -- onos resulting in remote code execution 17 7.5 MISC CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within CVE-2017- International Components for Unicode (ICU) for 11362 C/C++ via a long first argument to the 2017-07- MISC(link is

php -- php msgfmt_parse_message function. 17 7.5 external)

CVE-2017- rbenv (all current versions) is vulnerable to 1000047 Directory Traversal in the specification of Ruby 2017-07- MISC(link is

rbenv -- rbenv version resulting in arbitrary code execution 17 7.5 external)

CVE-2017- 2265 Untrusted search path vulnerability in CONFIRM(lin resume-next -- FileCapsule Deluxe Portable Ver.1.0.4.1 and k is external) filecapsule_deluxe_port earlier allows an attacker to gain privileges via a 2017-07- JVN(link is

able Trojan horse DLL in an unspecified directory. 17 9.3 external)

CVE-2017- Untrusted search path vulnerability in Encrypted 2266 files in self-decryption format created by CONFIRM(lin resume-next -- FileCapsule Deluxe Portable Ver.1.0.4.1 and k is external) filecapsule_deluxe_port earlier allows an attacker to gain privileges via a 2017-07- JVN(link is

able Trojan horse DLL in an unspecified directory. 17 9.3 external)

CVE-2017- 2267 Untrusted search path vulnerability in CONFIRM(lin resume-next -- FileCapsule Deluxe Portable Ver.1.0.5.1 and k is external) filecapsule_deluxe_port earlier allows an attacker to gain privileges via a 2017-07- JVN(link is

able Trojan horse DLL in an unspecified directory. 17 9.3 external)

CVE-2017- Untrusted search path vulnerability in Encrypted 2268 files in self-decryption format created by CONFIRM(lin resume-next -- FileCapsule Deluxe Portable Ver.1.0.5.1 and k is external) filecapsule_deluxe_port earlier allows an attacker to gain privileges via a 2017-07- JVN(link is

able Trojan horse DLL in an unspecified directory. 17 9.3 external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info CVE-2017- 2269 Untrusted search path vulnerability in CONFIRM(lin resume-next -- FileCapsule Deluxe Portable Ver.2.0.9 and earlier k is external) filecapsule_deluxe_port allows an attacker to gain privileges via a Trojan 2017-07- JVN(link is

able horse DLL in an unspecified directory. 17 9.3 external)

CVE-2017- Untrusted search path vulnerability in Encrypted 2270 files in self-decryption format created by CONFIRM(lin resume-next -- FileCapsule Deluxe Portable Ver.2.0.9 and earlier k is external) filecapsule_deluxe_port allows an attacker to gain privileges via a Trojan 2017-07- JVN(link is

able horse DLL in an unspecified directory. 17 9.3 external)

Untrusted search path vulnerability in Self- extracting archive files created by File Compact Ver.5 version 5.09 and earlier, Ver.6 version 6.01 CVE-2017- and earlier, Ver.7 version 7.01 and earlier allows 2252 sourcenext -- an attacker to gain privileges via a Trojan horse 2017-07- JVN(link is

file_compact DLL in an unspecified directory. 17 9.3 external)

CVE-2017- 11406 BID(link is external) In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, SECTRACK(li the DOCSIS dissector could go into an infinite nk is external) loop. This was addressed in CONFIRM plugins/docsis/packet-docsis.c by rejecting 2017-07- CONFIRM

wireshark -- wireshark invalid Frame Control parameter values. 18 7.8 CONFIRM

CVE-2017- 11409 BID(link is external) SECTRACK(li In Wireshark 2.0.0 to 2.0.13, the GPRS LLC nk is external) dissector could go into a large loop. This was CONFIRM addressed in epan/dissectors/packet-gprs-llc.c by 2017-07- CONFIRM

wireshark -- wireshark using a different integer data type. 18 7.8 CONFIRM

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an 2017-07- CVE-2017- infinite loop, triggered by packet injection or a 11410 wireshark -- wireshark 18 7.8 malformed capture file. This was addressed in CONFIRM CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info epan/dissectors/packet-wbxml.c by adding CONFIRM validation of the relationships between indexes CONFIRM and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.

In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or CVE-2017- exhaust system memory. This was addressed in 11411 epan/dissectors/packet-opensafety.c by adding CONFIRM length validation. NOTE: this vulnerability exists 2017-07- CONFIRM

wireshark -- wireshark because of an incomplete fix for CVE-2017-9350. 18 7.8 CONFIRM

Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for ) v8.0.0.6 and earlier, with its timestamp prior to June 13, CVE-2017- 2017, 18:18:55 allows an attacker to gain 2253 privileges via a Trojan horse DLL in an 2017-07- JVN(link is

yahoo -- toolbar unspecified directory. 17 9.3 external)

Medium Vulnerabilities Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2017-3101 BID(link is external) Adobe Connect versions 9.6.1 and earlier have SECTRACK(link a clickjacking vulnerability. Successful is external) exploitation could lead to a clickjacking 2017-07- MISC(link is

adobe -- connect attack. 17 5.0 external)

CVE-2017-3102 BID(link is external) Adobe Connect versions 9.6.1 and earlier have SECTRACK(link a reflected cross-site scripting vulnerability. is external) Successful exploitation could lead to a 2017-07- MISC(link is

adobe -- connect reflected cross-site scripting attack. 17 4.3 external)

CVE-2017-3103 2017-07- Adobe Connect versions 9.6.1 and earlier have BID(link is adobe -- connect 17 4.3 a stored cross-site scripting vulnerability. external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info Successful exploitation could lead to a stored SECTRACK(link cross-site scripting attack. is external) MISC(link is external)

CVE-2017-9669 MLIST(link is A heap overflow in apk (Alpine Linux's external) package manager) allows a remote attacker to BID(link is cause a denial of service, or achieve code external) alpinelinux -- execution by crafting a malicious 2017-07- MISC(link is

alpine_linux APKINDEX.tar.gz file. 17 6.8 external)

CVE-2017-9671 A heap overflow in apk (Alpine Linux's MLIST(link is package manager) allows a remote attacker to external) cause a denial of service, or achieve code BID(link is execution, by crafting a malicious external) alpinelinux -- APKINDEX.tar.gz file with a bad pax header 2017-07- MISC(link is

alpine_linux block. 17 6.8 external)

CVE-2017-7663 MLIST apache -- Both global and Room chat are vulnerable to 2017-07- BID(link is

openmeetings XSS attack in Apache OpenMeetings 3.2.0. 17 4.3 external)

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, apache -- XSS attacks, click-jacking, and MIME based 2017-07- CVE-2017-7666

openmeetings attacks. 17 6.8 MLIST

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not CVE-2017-7673 used in registration and forget password MLIST apache -- dialogs and auth forms missing brute force 2017-07- BID(link is

openmeetings protection. 17 5.0 external)

Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows apache -- for flash content to be loaded from untrusted 2017-07- CVE-2017-7680

openmeetings domains. 17 5.0 MLIST

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query apache -- and leak the structure of other queries being 2017-07- CVE-2017-7681

openmeetings made by the application in the back-end. 17 6.5 MLIST Primary CVSS Source & Patch Vendor -- Product Description Published Score Info Apache OpenMeetings 3.2.0 is vulnerable to apache -- parameter manipulation attacks, as a result 2017-07- CVE-2017-7682

openmeetings attacker has access to restricted areas. 17 6.4 MLIST

Apache OpenMeetings 1.0.0 displays Tomcat apache -- version and detailed error stack trace, which is 2017-07- CVE-2017-7683

openmeetings not secure. 17 5.0 MLIST

Apache OpenMeetings 1.0.0 doesn't check CVE-2017-7684 contents of files being uploaded. An attacker MLIST apache -- can cause a denial of service by uploading 2017-07- BID(link is

openmeetings multiple large files to the server. 17 5.0 external)

CVE-2017-7685 Apache OpenMeetings 1.0.0 responds to the MLIST apache -- following insecure HTTP methods: PUT, 2017-07- BID(link is

openmeetings DELETE, HEAD, and PATCH. 17 5.0 external)

CVE-2017-7688 MLIST apache -- Apache OpenMeetings 1.0.0 updates user 2017-07- BID(link is

openmeetings password in insecure manner. 17 5.0 external)

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input CVE-2016-5394 patterns allows script tags to pass through BID(link is unencoded, leading to potential XSS 2017-07- external)

apache -- sling vulnerabilities. 19 4.3 MISC

CVE-2017-7028 BID(link is external) SECTRACK(link is external) An issue was discovered in certain Apple CONFIRM(link products. iOS before 10.3.3 is affected. is external) macOS before 10.12.6 is affected. tvOS CONFIRM(link before 10.2.2 is affected. watchOS before is external) 3.2.3 is affected. The issue involves the CONFIRM(link "Kernel" component. It allows attackers to is external) bypass intended memory-read restrictions via 2017-07- CONFIRM(link

apple -- apple_tv a crafted app. 20 4.3 is external)

2017-07- An issue was discovered in certain Apple CVE-2017-7029 apple -- apple_tv 20 4.3 products. iOS before 10.3.3 is affected. BID(link is Primary CVSS Source & Patch Vendor -- Product Description Published Score Info macOS before 10.12.6 is affected. tvOS external) before 10.2.2 is affected. watchOS before SECTRACK(link 3.2.3 is affected. The issue involves the is external) "Kernel" component. It allows attackers to CONFIRM(link bypass intended memory-read restrictions via is external) a crafted app. CONFIRM(link is external) CONFIRM(link is external) CONFIRM(link is external)

CVE-2017-7047 BID(link is external) SECTRACK(link An issue was discovered in certain Apple is external) products. iOS before 10.3.3 is affected. CONFIRM(link macOS before 10.12.6 is affected. tvOS is external) before 10.2.2 is affected. watchOS before CONFIRM(link 3.2.3 is affected. The issue involves the is external) "libxpc" component. It allows attackers to CONFIRM(link execute arbitrary code in a privileged context is external) or cause a denial of service (memory 2017-07- CONFIRM(link

apple -- apple_tv corruption) via a crafted app. 20 6.8 is external)

CVE-2017-7060 BID(link is An issue was discovered in certain Apple external) products. iOS before 10.3.3 is affected. Safari SECTRACK(link before 10.1.2 is affected. The issue involves is external) the "Safari Printing" component. It allows CONFIRM(link remote attackers to cause a denial of service is external) (excessive print dialogs) via a crafted web 2017-07- CONFIRM(link

apple -- apple_tv site. 20 4.3 is external)

CVE-2017-7039 BID(link is An issue was discovered in certain Apple external) products. iOS before 10.3.3 is affected. Safari SECTRACK(link before 10.1.2 is affected. iCloud before 6.2.2 is external) on Windows is affected. iTunes before 12.6.2 CONFIRM(link on Windows is affected. tvOS before 10.2.2 is is external) affected. The issue involves the "WebKit" CONFIRM(link 2017-07- component. It allows remote attackers to is external) apple -- safari 20 6.8 execute arbitrary code or cause a denial of CONFIRM(link Primary CVSS Source & Patch Vendor -- Product Description Published Score Info service (memory corruption and application is external) crash) via a crafted web site. CONFIRM(link is external) CONFIRM(link is external)

CVE-2017-7046 BID(link is external) SECTRACK(link is external) An issue was discovered in certain Apple CONFIRM(link products. iOS before 10.3.3 is affected. Safari is external) before 10.1.2 is affected. iCloud before 6.2.2 CONFIRM(link on Windows is affected. iTunes before 12.6.2 is external) on Windows is affected. tvOS before 10.2.2 is CONFIRM(link affected. The issue involves the "WebKit" is external) component. It allows remote attackers to CONFIRM(link execute arbitrary code or cause a denial of is external) service (memory corruption and application 2017-07- CONFIRM(link

apple -- safari crash) via a crafted web site. 20 6.8 is external)

CVE-2017-7048 BID(link is external) SECTRACK(link is external) An issue was discovered in certain Apple CONFIRM(link products. iOS before 10.3.3 is affected. Safari is external) before 10.1.2 is affected. iCloud before 6.2.2 CONFIRM(link on Windows is affected. iTunes before 12.6.2 is external) on Windows is affected. tvOS before 10.2.2 is CONFIRM(link affected. The issue involves the "WebKit" is external) component. It allows remote attackers to CONFIRM(link execute arbitrary code or cause a denial of is external) service (memory corruption and application 2017-07- CONFIRM(link

apple -- safari crash) via a crafted web site. 20 6.8 is external)

CVE-2017-7059 BID(link is external) A DOMParser XSS issue was discovered in SECTRACK(link certain Apple products. iOS before 10.3.3 is is external) affected. Safari before 10.1.2 is affected. tvOS CONFIRM(link before 10.2.2 is affected. The issue involves 2017-07- is external) apple -- safari the "WebKit" component. 20 4.3 CONFIRM(link Primary CVSS Source & Patch Vendor -- Product Description Published Score Info is external) CONFIRM(link is external)

CVE-2017- Audacity version 2.1.2 is vulnerable to Dll 1000010 HIjacking in the avformat-55.dll resulting 2017-07- MISC(link is

audacity -- audacity arbitrary code execution 17 6.8 external)

SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary CVE-2017- SQL commands via the 1000031 graph_template_input_id and 2017-07- MISC(link is

cacti -- cacti graph_template_id parameters. 17 6.5 external)

Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject CVE-2017- arbitrary web script or HTML via the 1000032 parent_id parameter to tree.php and 2017-07- MISC(link is

cacti -- cacti drp_action parameter to data_sources.php. 17 4.3 external)

A reflected cross-site scripting vulnerability in GetSimple CMS version 3.3.13 and earlier, CVE-2017- allow remote attackers to inject arbitrary 1000057 cagintranetworks -- JavaScript in the URL-field for the 2017-07- CONFIRM(link

getsimple_cms administrative login page (/admin/index.php). 17 4.3 is external)

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) 2017-07- CVE-2017-9814

cairographics -- cairo call. 17 5.0 MISC

CVE-2017- All versions of Candy Chat are vulnerable to 1000036 an XSS attack by message senders, permitting 2017-07- MISC(link is

candy_project -- candy remote code execution within the page 17 4.3 external)

Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory CVE-2017- traversal attack allowing attackers to 1000026 chef_project -- mixlib- overwrite arbitrary files by using ".." in tar 2017-07- CONFIRM(link

archive archive entries 17 5.0 is external)

Stored XSS in chevereto CMS before version 2017-07- CVE-2017- chevereto -- chevereto 3.8.11 17 4.3 1000058 Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CONFIRM(link is external)

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can CVE-2017-11404 cmsmadesimple -- upload a .php file via a FileManager action to 2017-07- MISC(link is

cms_made_simple admin/moduleinterface.php. 17 4.0 external)

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to CVE-2017-11405 cmsmadesimple -- admin/moduleinterface.php in which 2017-07- MISC(link is

cms_made_simple type=image is changed to type=file. 17 4.0 external)

There is a heap-based buffer over-read in the Image::printIFDStructure function in CVE-2017-11336 image.cpp in Exiv2 0.26. A Crafted input will 2017-07- MISC(link is

exiv2 -- exiv2 lead to a remote denial of service attack. 17 4.3 external)

There is an invalid free in the Action::TaskFactory::cleanup function of CVE-2017-11337 actions.cpp in Exiv2 0.26. A crafted input will 2017-07- MISC(link is

exiv2 -- exiv2 lead to a remote denial of service attack. 17 4.3 external)

There is an infinite loop in the Exiv2::Image::printIFDStructure function of CVE-2017-11338 image.cpp in Exiv2 0.26. A crafted input will 2017-07- MISC(link is

exiv2 -- exiv2 lead to a remote denial of service attack. 17 4.3 external)

There is a heap-based buffer overflow in the Image::printIFDStructure function of CVE-2017-11339 image.cpp in Exiv2 0.26. A Crafted input will 2017-07- MISC(link is

exiv2 -- exiv2 lead to a remote denial of service attack. 17 4.3 external)

There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 CVE-2017-11340 0.26, related to an exit call. A Crafted input 2017-07- MISC(link is

exiv2 -- exiv2 will lead to a remote denial of service attack. 17 4.3 external)

CVE-2017-10978 CONFIRM An FR-GV-201 issue in FreeRADIUS 2.x BID(link is before 2.2.10 and 3.x before 3.0.15 allows external) "Read / write overflow in make_secret()" and 2017-07- SECTRACK(link

freeradius -- freeradius a denial of service. 17 5.0 is external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2017-10980 CONFIRM BID(link is An FR-GV-203 issue in FreeRADIUS 2.x external) before 2.2.10 allows "DHCP - Memory leak in 2017-07- SECTRACK(link

freeradius -- freeradius decode_tlv()" and a denial of service. 17 5.0 is external)

CVE-2017-10981 CONFIRM BID(link is An FR-GV-204 issue in FreeRADIUS 2.x external) before 2.2.10 allows "DHCP - Memory leak in 2017-07- SECTRACK(link

freeradius -- freeradius fr_dhcp_decode()" and a denial of service. 17 5.0 is external)

CVE-2017-10982 CONFIRM An FR-GV-205 issue in FreeRADIUS 2.x BID(link is before 2.2.10 allows "DHCP - Buffer over- external) read in fr_dhcp_decode_options()" and a 2017-07- SECTRACK(link

freeradius -- freeradius denial of service. 17 5.0 is external)

CVE-2017-10983 CONFIRM An FR-GV-206 issue in FreeRADIUS 2.x BID(link is before 2.2.10 and 3.x before 3.0.15 allows external) "DHCP - Read overflow when decoding 2017-07- SECTRACK(link

freeradius -- freeradius option 63" and a denial of service. 17 5.0 is external)

An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in 2017-07- CVE-2017-10986

freeradius -- freeradius dhcp_attr2vp()" and a denial of service. 17 5.0 CONFIRM

An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over- read in fr_dhcp_decode_suboptions()" and a 2017-07- CVE-2017-10987

freeradius -- freeradius denial of service. 17 5.0 CONFIRM

The ReadMNGImage function in coders/png.c CVE-2017-11403 in GraphicsMagick 1.3.26 has an out-of-order MISC(link is graphicsmagick -- CloseBlob call, resulting in a use-after-free 2017-07- external)

graphicsmagick via a crafted file. 17 6.8 MISC

CVE-2017-1182 IBM Tivoli Monitoring Portal v6 could allow CONFIRM(link ibm -- a local (network adjacent) attacker to execute 2017-07- is external) arbitrary commands on the system, when SECTRACK(link tivoli_monitoring 17 5.4 default client-server default communications, is external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info HTTP, are being used. IBM X-Force ID: MISC(link is 123493. external)

CVE-2017-1183 CONFIRM(link is external) BID(link is IBM Tivoli Monitoring Portal v6 could allow external) a local (network adjacent) attacker to modify SECTRACK(link SQL commands to the Portal Server, when is external) ibm -- default client-server communications, HTTP, 2017-07- MISC(link is

tivoli_monitoring are being used. IBM X-Force ID: 123494. 17 5.4 external)

CVE-2017-11352 In ImageMagick before 7.0.5-10, a crafted BID(link is RLE image can trigger a crash because of external) incorrect EOF handling in coders/rle.c. CONFIRM imagemagick -- NOTE: this vulnerability exists because of an 2017-07- CONFIRM(link

imagemagick incomplete fix for CVE-2017-9144. 17 4.3 is external)

The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop CVE-2017-11360 imagemagick -- vulnerability via a crafted rle file that triggers 2017-07- CONFIRM(link

imagemagick a huge number_pixels value. 17 4.3 is external)

CVE-2017-11447 CONFIRM The ReadSCREENSHOTImage function in CONFIRM(link coders/screenshot.c in ImageMagick before is external) imagemagick -- 7.0.6-1 has memory leaks, causing denial of 2017-07- CONFIRM(link

imagemagick service. 19 4.3 is external)

CVE-2017-11448 The ReadJPEGImage function in CONFIRM coders/jpeg.c in ImageMagick before 7.0.6-1 CONFIRM(link allows remote attackers to obtain sensitive is external) imagemagick -- information from uninitialized memory 2017-07- CONFIRM(link

imagemagick locations via a crafted file. 19 4.3 is external)

coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus CVE-2017-11449 cannot validate blob sizes, which allows CONFIRM remote attackers to cause a denial of service CONFIRM(link (application crash) or possibly have is external) imagemagick -- unspecified other impact via an image 2017-07- CONFIRM(link imagemagick received from stdin. 19 6.8 is external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CONFIRM(link is external)

CVE-2017-11450 CONFIRM coders/jpeg.c in ImageMagick before 7.0.6-1 CONFIRM(link allows remote attackers to cause a denial of is external) service (application crash) or possibly have CONFIRM(link imagemagick -- unspecified other impact via JPEG data that is 2017-07- is external)

imagemagick too short. 19 6.8 CONFIRM

CVE-2017- JasPer 2.0.12 is vulnerable to a NULL pointer 1000050 exception in the function jp2_encode which MLIST(link is failed to check to see if the image contained at external) least one component resulting in a denial-of- 2017-07- BID(link is

jasper_project -- jasper service. 17 5.0 external)

CVE-2017-9933 BID(link is external) Improper cache invalidation in Joomla! CMS SECTRACK(link 1.7.3 through 3.7.2 leads to disclosure of form 2017-07- is external)

joomla -- joomla! contents. 17 5.0 CONFIRM

CVE-2017-9934 BID(link is external) Missing CSRF token checks and improper SECTRACK(link input validation in Joomla! CMS 1.7.3 2017-07- is external)

joomla -- joomla! through 3.7.2 lead to an XSS vulnerability. 17 4.3 CONFIRM

The entry details view function in KeePass version 1.32 inadvertently decrypts certain CVE-2017- database entries into memory, which may 1000066 result in the disclosure of sensitive 2017-07- CONFIRM(link

keepass -- keepass information. 17 5.0 is external)

CVE-2017- kittoframework kitto 0.5.1 is vulnerable to 1000062 directory traversal in the router resulting in 2017-07- MISC(link is

kitto_project -- kitto remote code execution 17 5.0 external)

CVE-2017- kittoframework kitto version 0.5.1 is 1000063 vulnerable to an XSS in the 404 page resulting 2017-07- MISC(link is

kitto_project -- kitto in information disclosure 17 4.3 external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2017- kittoframework kitto version 0.5.1 is 1000064 vulnerable to memory exhaustion in the router 2017-07- MISC(link is

kitto_project -- kitto resulting in DoS 17 5.0 external)

Koozali Foundation SME Server versions 8.x, CVE-2017- 9.x, 10.x are vulnerable to an open URL 1000027 redirect vulnerability in the user web login MISC(link is function resulting in unauthorized account 2017-07- external)

koozali -- sme_server access. 17 5.8 MISC

There is a heap based buffer over-read in CVE-2017-11341 lexer.hpp of LibSass 3.4.5. A crafted input 2017-07- MISC(link is

libsass -- libsass will lead to a remote denial of service attack. 17 5.0 external)

There is an illegal address access in ast.cpp of CVE-2017-11342 LibSass 3.4.5. A crafted input will lead to a 2017-07- MISC(link is

libsass -- libsass remote denial of service attack. 17 5.0 external)

There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary 2017-07- CVE-2017-11335

libtiff -- libtiff code execution attack. 17 6.8 MISC

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the CVE-2017- HTTP Header handling resulting in the 1000059 livehelperchat -- execution of any user provided Javascript 2017-07- MISC(link is

live_helper_chat code in the session of other users. 17 4.3 external)

CVE-2017- LogicalDoc CommunityEdition 7.5.3 and 1000023 logicaldoc -- prior is vulnerable to an XSS when using 2017-07- MISC(link is

logicaldoc preview on HTML document 17 4.3 external)

CVE-2017- 1000042 Mapbox.js versions 1.x prior to 1.6.5 and 2.x MISC(link is prior to 2.1.7 are vulnerable to a cross-site- external) mapbox_project -- scripting attack in certain uncommon usage 2017-07- CONFIRM(link

mapbox scenarios via TileJSON Name. 17 4.3 is external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2017- Mapbox.js versions 1.x prior to 1.6.6 and 2.x 1000043 prior to 2.2.4 are vulnerable to a cross-site- MISC(link is scripting attack in certain uncommon usage external) mapbox_project -- scenarios via TileJSON name and map share 2017-07- CONFIRM(link

mapbox control 17 4.3 is external)

CVE-2017- 1000046 Mautic 2.6.1 and earlier fails to set flags on 2017-07- MISC(link is

mautic -- mautic session cookies 17 5.0 external)

An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka CVE-2017-0196 "Microsoft Browser Information Disclosure 2017-07- CONFIRM(link

microsoft -- edge Vulnerability." 17 4.3 is external)

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by CVE-2017- improper sanitization by the escape method 1000067 resulting in authenticated user accessing 2017-07- CONFIRM(link

modx -- revolution database and possibly escalating privileges. 17 6.5 is external)

CVE-2017-2642 BID(link is 3.x has user fullname disclosure on 2017-07- external)

moodle -- moodle the user preferences page. 17 4.0 CONFIRM

CVE-2017-7531 BID(link is In Moodle 3.3, the course overview block 2017-07- external)

moodle -- moodle reveals activities in hidden courses. 17 4.0 CONFIRM

CVE-2017-7532 BID(link is In Moodle 3.x, course creators are able to 2017-07- external)

moodle -- moodle change system default settings for courses. 17 4.0 CONFIRM

CVE-2017- MySQL Dumper version 1.24 is vulnerable to 1000012 mysqldumper -- stored XSS when displaying the data in the 2017-07- MISC(link is

mysql_dumper database to the user 17 4.3 external) mywebsql -- 2017-07- MyWebSQL version 3.6 is vulnerable to CVE-2017- mywebsql 17 4.3 stored XSS in the database manager 1000011 Primary CVSS Source & Patch Vendor -- Product Description Published Score Info component resulting in account takeover or MISC(link is stealing of information external)

CVE-2017- 1000069 oauth2_proxy_project CSRF in Bitly oauth2_proxy 2.1 during 2017-07- MISC(link is

-- oauth2_proxy authentication flow 17 6.8 external)

The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect CVE-2017- vulnerability during the start and termination 1000070 of the 2-legged OAuth flow. This issue was CONFIRM(link oauth2_proxy_project caused by improper input validation and a 2017-07- is external)

-- oauth2_proxy violation of RFC-6819 17 5.8 MISC

CVE-2017- Linux foundation ONOS 1.9 is vulnerable to 2017-07- 1000078

onosproject -- onos XSS in the device registration 17 4.3 MISC

Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows CVE-2017- attackers to inject arbitrary web scripts and 1000065 openmediavault -- execute malicious scripts within an 2017-07- CONFIRM(link

openmediavault authenticated client's browser. 17 4.3 is external)

Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and CVE-2017- unauthenticated Directory Traversal 1000028 oracle -- vulnerability, that can be exploited by issuing 2017-07- MISC(link is

glassfish_server a specially crafted HTTP GET request. 17 5.0 external)

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible CVE-2017- to include arbitrary files on the server, this 1000029 oracle -- vulnerability can be exploited without any 2017-07- MISC(link is

glassfish_server prior authentication. 17 5.0 external)

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an CVE-2017- unauthenticated attacker plain text password 1000030 oracle -- of administrative user and grant access to the 2017-07- MISC(link is

glassfish_server web-based administration interface. 17 5.0 external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of CVE-2017- databases, tables and columns resulting in 1000005 phpminiadmin_project potential account takeover and scraping of 2017-07- MISC(link is

-- phpminiadmin data (stealing data). 17 4.3 external)

CVE-2017- 1000013 phpmyadmin -- phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable 2017-07- CONFIRM(link

phpmyadmin to an open redirect weakness 17 5.8 is external)

CVE-2017- phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable 1000014 phpmyadmin -- to a DOS weakness in the table editing 2017-07- CONFIRM(link

phpmyadmin functionality 17 5.0 is external)

CVE-2017- phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable 1000015 phpmyadmin -- to a CSS injection attack through crafted 2017-07- CONFIRM(link

phpmyadmin cookie parameters 17 4.3 is external)

phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable CVE-2017- to a weakness where a user with appropriate 1000017 phpmyadmin -- permissions is able to connect to an arbitrary 2017-07- CONFIRM(link

phpmyadmin MySQL server 17 6.5 is external)

CVE-2017- phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable 1000018 phpmyadmin -- to a DOS attack in the replication status by 2017-07- CONFIRM(link

phpmyadmin using a specially crafted table name 17 5.0 is external)

WordPress plugin Relevanssi version 3.5.7.1 CVE-2017- is vulnerable to stored XSS resulting in 1000038 attacker being able to execute JavaScript on 2017-07- MISC(link is

relevanssi -- relevanssi the affected site 17 4.3 external)

CVE-2017- Rocket.Chat version 0.8.0 and newer is 1000054 rocketchat -- vulnerable to XSS in the markdown link 2017-07- MISC(link is

rocket.chat parsing code for messages. 17 4.3 external)

CVE-2017-11440 In Sitecore 8.2, there is absolute path traversal MISC(link is via the shell/Applications/Layouts/IDE.aspx fi external) parameter and the admin/LinqScratchPad.aspx 2017-07- MISC(link is

sitecore -- cms Reference parameter. 19 4.0 external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2017- Tiny Tiny RSS before 829d478f is vulnerable 2017-07- 1000035

tt-rss -- tiny_tiny_rss to XSS window.opener attack 17 4.3 CONFIRM

CVE-2017- Wordpress Plugin Vospari Forms version < 1000033 1.4 is vulnerable to a reflected cross site MISC(link is scripting in the form submission resulting in external) vospari_forms_project javascript code execution in the context on the 2017-07- MISC(link is

-- vospari_forms current user. 17 4.3 external)

CVE-2017-11407 BID(link is external) In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to SECTRACK(link 2.0.13, the MQ dissector could crash. This is external) was addressed in epan/dissectors/packet-mq.c CONFIRM by validating the fragment length before a 2017-07- CONFIRM

wireshark -- wireshark reassembly attempt. 18 5.0 CONFIRM

CVE-2017-11408 BID(link is external) SECTRACK(link In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to is external) 2.0.13, the AMQP dissector could crash. This CONFIRM was addressed in epan/dissectors/packet- CONFIRM amqp.c by checking for successful list 2017-07- CONFIRM

wireshark -- wireshark dissection. 18 5.0 CONFIRM

CVE-2017- 1000051 Cross-site scripting (XSS) vulnerability in pad CONFIRM(link export in XWiki labs CryptPad before 1.1.1 is external) allows remote attackers to inject arbitrary web 2017-07- CONFIRM(link

xwiki -- cryptpad script or HTML via the pad content 17 4.3 is external)

Low Vulnerabilities Primary Vendor -- CVSS Source & Patch Product Description Published Score Info CVE-2017-9609 MISC(link is Cross-site scripting (XSS) vulnerability in external) Blackcat CMS 1.2 allows remote authenticated CONFIRM(link users to inject arbitrary web script or HTML via is external) blackcat-cms -- the map_language parameter to 2017-07- MISC(link is

blackcat_cms backend/pages/lang_settings.php. 17 3.5 external)

Bolt CMS 3.2.14 allows stored XSS by uploading CVE-2017-11127 an SVG document with a "Content-Type: 2017-07- MISC(link is

bolt -- bolt_cms image/svg+xml" header. 17 3.5 external)

CVE-2017-11128 Bolt CMS 3.2.14 allows stored XSS via text input, 2017-07- MISC(link is

bolt -- bolt_cms as demonstrated by the Title field of a New Entry. 17 3.5 external)

CVE-2017-1181 CONFIRM(link is external) BID(link is IBM Tivoli Monitoring Portal V6 client could external) allow a local attacker to gain elevated privileges SECTRACK(link for IBM Tivoli Monitoring, caused by the default is external) ibm -- console connection not being encrypted. IBM X- 2017-07- MISC(link is

tivoli_monitoring Force ID: 123487. 17 1.9 external)

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to CVE-2017-2335 effectively execute commands with the BID(link is permissions of an administrator. This issue affects external) Juniper Networks ScreenOS 6.3.0 releases prior to SECTRACK(link 6.3.0r24 on SSG Series. No other Juniper is external) Networks products or platforms are affected by 2017-07- CONFIRM(link

juniper -- screenos this issue. 17 3.5 is external)

A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper CVE-2017-2336 NetScreen Firewall+VPN running ScreenOS BID(link is allows a network based attacker to inject 2017-07- external) HTML/JavaScript content into the management SECTRACK(link juniper -- screenos 17 3.5 session of other users including the administrator. is external) Primary Vendor -- CVSS Source & Patch Product Description Published Score Info This enables the attacker to effectively execute CONFIRM(link commands with the permissions of an is external) administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to CVE-2017-2337 effectively execute commands with the BID(link is permissions of an administrator. This issue affects external) Juniper Networks ScreenOS 6.3.0 releases prior to SECTRACK(link 6.3.0r24 on SSG Series. No other Juniper is external) Networks products or platforms are affected by 2017-07- CONFIRM(link

juniper -- screenos this issue. 17 3.5 is external)

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to CVE-2017-2338 effectively execute commands with the BID(link is permissions of an administrator. This issue affects external) Juniper Networks ScreenOS 6.3.0 releases prior to SECTRACK(link 6.3.0r24 on SSG Series. No other Juniper is external) Networks products or platforms are affected by 2017-07- CONFIRM(link

juniper -- screenos this issue. 17 3.5 is external)

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS CVE-2017-2339 allows a user with the 'security' role to inject BID(link is HTML/JavaScript content into the management external) session of other users including the administrator. SECTRACK(link This enables the lower-privileged user to is external) effectively execute commands with the 2017-07- CONFIRM(link permissions of an administrator. This issue affects juniper -- screenos 17 3.5 is external) Juniper Networks ScreenOS 6.3.0 releases prior to Primary Vendor -- CVSS Source & Patch Product Description Published Score Info 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.

Race condition in Network Manager before 1.0.12 as packaged in Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat CVE-2016-0764 Enterprise Linux Workstation 7 allows local users REDHAT(link is to obtain sensitive connection information by external) redhat -- reading temporary files during ifcfg and keyfile 2017-07- CONFIRM(link

network_manager changes. 17 2.1 is external)

CVE-2017-11439 MISC(link is external) In Sitecore 8.2, there is reflected XSS in the 2017-07- MISC(link is

sitecore -- cms shell/Applications/Tools/Run Program parameter. 19 3.5 external)

Back to top

Severity Not Yet Assigned Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- Kubernetes version 1.5.0-1.5.4 is vulnerable to 2017- a privilege escalation in the PodSecurityPolicy not 1000056 admission plugin resulting in the ability to yet CONFIR make use of any existing PodSecurityPolicy 2017- calcul M(link is Kubernetes -- Kubernetes object. 07-17 ated external) CVE- 2017-3099 BID(link is external) SECTRAC Player versions 26.0.0.131 and K(link is earlier have an exploitable memory corruption not external) vulnerability in the Action Script 3 raster data yet MISC(link adobe -- flash_player model. Successful exploitation could lead to 2017- calcul is external) arbitrary code execution. 07-17 ated GENTOO Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017-3100 BID(link is external) SECTRAC Adobe Flash Player versions 26.0.0.131 and K(link is earlier have an exploitable memory corruption not external) vulnerability in the Action Script 2 yet MISC(link adobe -- flash_player BitmapData class. Successful exploitation 2017- calcul is external) could lead to memory address disclosure. 07-17 ated GENTOO

CVE- 2017-3080 BID(link is external) SECTRAC Adobe Flash Player versions 26.0.0.131 and K(link is earlier have a security bypass vulnerability not external) related to the Flash API used by Internet yet MISC(link adobe -- flash_player Explorer. Successful exploitation could lead to 2017- calcul is external) information disclosure. 07-17 ated GENTOO

CVE- 2017- 1000009 CONFIR M(link is external) CONFIR M(link is not external) Akeneo PIM CE and EE <1.6.6, <1.5.15, yet CONFIR akeneo -- pim <1.4.28 are vulnerable to shell injection in the 2017- calcul M(link is mass edition, resulting in remote execution. 07-17 ated external) CVE- 2017- Akka versions <=2.4.16 and 2.5-M1 are not 1000034 vulnerable to a java deserialization attack in its yet CONFIR akka -- akka Remoting component resulting in remote code 2017- calcul M(link is execution in the context of the ActorSystem. 07-17 ated external)

not Hard-coded credentials in AmosConnect 8 yet amosconnect -- amosconnect allow remote attackers to gain full 2017- calcul CVE- administrative privileges, including the ability 2017-3222 07-22 ated to execute commands on the Microsoft BID(link Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info Windows host platform with SYSTEM is external) privileges by abusing AmosConnect Task CERT-VN Manager.

CVE- Blind SQL injection in the AmosConnect 8 not 2017-3221 login form allows remote attackers to access yet BID(link amosconnect -- amosconnect user credentials, including user names and 2017- calcul is external) passwords. 07-22 ated CERT-VN

Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw not CVE- due to the interaction of call back plugins and yet 2017-7473 ansible -- ansible the no_log directive where the information 2017- calcul MISC(link may not be sanitized properly. 07-21 ated is external)

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during CVE- entity expansion, which allows remote 2016-6312 authenticated users with access to the webdav BID(link repository to cause a denial of service not is external) (memory consumption and httpd crash). yet CONFIR apache -- apr-util_and_httpd NOTE: Exists as a regression to CVE-2009- 2017- calcul M(link is 1955. 07-17 ated external)

CVE- 2015-0249 MISC(link is external) The weblog page template in Apache Roller MLIST(lin 5.1 through 5.1.1 allows remote authenticated not k is users with admin privileges for a weblog to yet external) apache -- roller execute arbitrary Java code via crafted 2017- calcul CONFIR Velocity Text Language (aka VTL). 07-17 ated M

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX CVE- parser to validate the input string, which not 2016-6798 allows for XXE attacks in all scripts which use yet BID(link apache -- sling this method to validate user input, potentially 2017- calcul is external) allowing an attacker to read sensitive data on 07-19 ated MISC the filesystem, perform same-site-request- Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info forgery (SSRF), port-scanning behind the firewall or DoS the application.

CVE- 2016-6793 MLIST(lin k is external) BUGTRA Q(link is external) BID(link The DiskFileItem class in Apache Wicket 6.x is external) before 6.25.0 and 1.5.x before 1.5.7 allows SECTRAC remote attackers to cause a denial of service K(link is (infinite loop) and write to, move, and delete external) files with the permissions of DiskFileItem, and not CONFIR if running on a Java VM before 1.3.1, execute yet M arbitrary code via a crafted serialized Java 2017- calcul MISC(link apache -- wicket object. 07-17 ated is external)

CVE- 2017-7034 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR M(link is An issue was discovered in certain Apple external) products. iOS before 10.3.3 is affected. Safari CONFIR before 10.1.2 is affected. iCloud before 6.2.2 M(link is on Windows is affected. iTunes before 12.6.2 external) on Windows is affected. tvOS before 10.2.2 is CONFIR affected. The issue involves the "WebKit" M(link is component. It allows remote attackers to not external) execute arbitrary code or cause a denial of yet CONFIR service (memory corruption and application 2017- calcul M(link is apple -- ios crash) via a crafted web site. 07-20 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017-7022 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR An issue was discovered in certain Apple M(link is products. iOS before 10.3.3 is affected. macOS external) before 10.12.6 is affected. tvOS before 10.2.2 CONFIR is affected. watchOS before 3.2.3 is affected. M(link is The issue involves the "Kernel" component. It not external) allows attackers to execute arbitrary code in a yet CONFIR apple -- ios privileged context or cause a denial of service 2017- calcul M(link is (memory corruption) via a crafted app. 07-20 ated external)

CVE- 2017-7026 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR An issue was discovered in certain Apple M(link is products. iOS before 10.3.3 is affected. macOS external) before 10.12.6 is affected. tvOS before 10.2.2 CONFIR is affected. watchOS before 3.2.3 is affected. M(link is The issue involves the "Kernel" component. It not external) allows attackers to execute arbitrary code in a yet CONFIR apple -- ios privileged context or cause a denial of service 2017- calcul M(link is (memory corruption) via a crafted app. 07-20 ated external)

An issue was discovered in certain Apple CVE- not products. iOS before 10.3.3 is affected. Safari 2017-7012 yet before 10.1.2 is affected. iCloud before 6.2.2 BID(link apple -- ios 2017- calcul on Windows is affected. iTunes before 12.6.2 07-20 ated is external) on Windows is affected. The issue involves the SECTRAC Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info "WebKit Web Inspector" component. It allows K(link is remote attackers to execute arbitrary code or external) cause a denial of service (memory corruption CONFIR and application crash) via a crafted web site. M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external)

CVE- 2017-7069 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR An issue was discovered in certain Apple M(link is products. iOS before 10.3.3 is affected. macOS external) before 10.12.6 is affected. tvOS before 10.2.2 CONFIR is affected. watchOS before 3.2.3 is affected. M(link is The issue involves the "Kernel" component. It not external) allows attackers to execute arbitrary code in a yet CONFIR apple -- ios privileged context or cause a denial of service 2017- calcul M(link is (memory corruption) via a crafted app. 07-20 ated external)

An issue was discovered in certain Apple CVE- products. iOS before 10.3.3 is affected. Safari 2017-7018 before 10.1.2 is affected. iCloud before 6.2.2 BID(link on Windows is affected. iTunes before 12.6.2 is external) on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" SECTRAC K(link is component. It allows remote attackers to not external) execute arbitrary code or cause a denial of yet CONFIR apple -- ios service (memory corruption and application 2017- calcul M(link is crash) via a crafted web site. 07-20 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external)

CVE- 2017-7058 BID(link is external) An issue was discovered in certain Apple SECTRAC products. iOS before 10.3.3 is affected. The K(link is issue involves the "Notifications" component. not external) It allows physically proximate attackers to yet CONFIR apple -- ios read unintended notifications on the lock 2017- calcul M(link is screen. 07-20 ated external)

CVE- 2017-7038 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR A DOMParser XSS issue was discovered in M(link is certain Apple products. iOS before 10.3.3 is not external) affected. Safari before 10.1.2 is affected. tvOS yet CONFIR apple -- ios before 10.2.2 is affected. The issue involves 2017- calcul M(link is the "WebKit" component. 07-20 ated external)

An issue was discovered in certain Apple CVE- not products. iOS before 10.3.3 is affected. Safari 2017-7064 yet before 10.1.2 is affected. iCloud before 6.2.2 BID(link apple -- ios 2017- calcul on Windows is affected. iTunes before 12.6.2 07-20 ated is external) on Windows is affected. The issue involves the SECTRAC Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info "WebKit" component. It allows attackers to K(link is bypass intended memory-read restrictions via a external) crafted app. CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external)

CVE- 2017-7068 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) An issue was discovered in certain Apple CONFIR products. iOS before 10.3.3 is affected. macOS M(link is before 10.12.6 is affected. tvOS before 10.2.2 external) is affected. watchOS before 3.2.3 is affected. CONFIR The issue involves the "libarchive" M(link is component. It allows remote attackers to not external) execute arbitrary code or cause a denial of yet CONFIR apple -- ios service (buffer overflow and application crash) 2017- calcul M(link is via a crafted archive file. 07-20 ated external)

CVE- 2017-7063 BID(link An issue was discovered in certain Apple is external) SECTRAC products. iOS before 10.3.3 is affected. K(link is watchOS before 3.2.3 is affected. The issue not external) involves the "Messages" component. It allows yet CONFIR apple -- ios remote attackers to cause a denial of service 2017- calcul (memory consumption and application crash). 07-20 ated M(link is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CONFIR M(link is external)

CVE- 2017-7062 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR An issue was discovered in certain Apple M(link is products. iOS before 10.3.3 is affected. macOS external) before 10.12.6 is affected. tvOS before 10.2.2 CONFIR is affected. watchOS before 3.2.3 is affected. M(link is The issue involves the "Contacts" component. not external) A buffer overflow allows remote attackers to yet CONFIR apple -- ios execute arbitrary code or cause a denial of 2017- calcul M(link is service (application crash). 07-20 ated external)

CVE- 2017-7020 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) An issue was discovered in certain Apple CONFIR products. iOS before 10.3.3 is affected. Safari M(link is before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 external) CONFIR on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" M(link is external) component. It allows remote attackers to not CONFIR execute arbitrary code or cause a denial of yet M(link is apple -- ios service (memory corruption and application 2017- calcul external) crash) via a crafted web site. 07-20 ated CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external)

CVE- 2017-7037 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR M(link is An issue was discovered in certain Apple external) products. iOS before 10.3.3 is affected. Safari CONFIR before 10.1.2 is affected. iCloud before 6.2.2 M(link is on Windows is affected. iTunes before 12.6.2 external) on Windows is affected. tvOS before 10.2.2 is CONFIR affected. The issue involves the "WebKit" M(link is component. It allows remote attackers to not external) execute arbitrary code or cause a denial of yet CONFIR apple -- ios service (memory corruption and application 2017- calcul M(link is crash) via a crafted web site. 07-20 ated external)

CVE- 2017-7013 BID(link is external) SECTRAC K(link is external) CONFIR An issue was discovered in certain Apple M(link is products. iOS before 10.3.3 is affected. macOS external) before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 CONFIR M(link is on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The external) CONFIR issue involves the "libxml2" component. It M(link is allows remote attackers to obtain sensitive not external) information or cause a denial of service (out- yet CONFIR apple -- ios of-bounds read and application crash) via a 2017- calcul crafted XML file. 07-20 ated M(link is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CONFIR M(link is external) CONFIR M(link is external)

CVE- 2017-7023 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR An issue was discovered in certain Apple M(link is products. iOS before 10.3.3 is affected. macOS external) before 10.12.6 is affected. tvOS before 10.2.2 CONFIR is affected. watchOS before 3.2.3 is affected. M(link is The issue involves the "Kernel" component. It not external) allows attackers to execute arbitrary code in a yet CONFIR apple -- ios privileged context or cause a denial of service 2017- calcul M(link is (memory corruption) via a crafted app. 07-20 ated external)

CVE- 2017-7025 BID(link is external) SECTRAC K(link is external) CONFIR M(link is An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS external) CONFIR before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. M(link is external) The issue involves the "Kernel" component. It not CONFIR allows attackers to execute arbitrary code in a yet M(link is apple -- ios privileged context or cause a denial of service 2017- calcul external) (memory corruption) via a crafted app. 07-20 ated CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external)

CVE- 2017-7030 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR M(link is An issue was discovered in certain Apple external) products. iOS before 10.3.3 is affected. Safari CONFIR before 10.1.2 is affected. iCloud before 6.2.2 M(link is on Windows is affected. iTunes before 12.6.2 external) on Windows is affected. tvOS before 10.2.2 is CONFIR affected. The issue involves the "WebKit" M(link is component. It allows remote attackers to not external) execute arbitrary code or cause a denial of yet CONFIR apple -- ios service (memory corruption and application 2017- calcul M(link is crash) via a crafted web site. 07-20 ated external)

CVE- 2017-7024 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR An issue was discovered in certain Apple M(link is products. iOS before 10.3.3 is affected. macOS external) before 10.12.6 is affected. tvOS before 10.2.2 CONFIR is affected. watchOS before 3.2.3 is affected. M(link is The issue involves the "Kernel" component. It not external) allows attackers to execute arbitrary code in a yet CONFIR apple -- ios privileged context or cause a denial of service 2017- calcul M(link is (memory corruption) via a crafted app. 07-20 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017-7011 BID(link is external) SECTRAC K(link is external) An issue was discovered in certain Apple CONFIR products. iOS before 10.3.3 is affected. Safari M(link is before 10.1.2 is affected. The issue involves not external) the "WebKit" component. It allows remote yet CONFIR apple -- ios attackers to spoof the address bar via a crafted 2017- calcul M(link is web site that uses FRAME elements. 07-20 ated external)

CVE- 2017-7019 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR M(link is An issue was discovered in certain Apple external) products. iOS before 10.3.3 is affected. Safari CONFIR before 10.1.2 is affected. iCloud before 6.2.2 M(link is on Windows is affected. iTunes before 12.6.2 external) on Windows is affected. tvOS before 10.2.2 is CONFIR affected. The issue involves the "WebKit Page M(link is Loading" component. It allows remote not external) attackers to execute arbitrary code or cause a yet CONFIR apple -- ios denial of service (memory corruption and 2017- calcul M(link is application crash) via a crafted web site. 07-20 ated external)

An issue was discovered in certain Apple CVE- products. iOS before 10.3.3 is affected. macOS 2017-7027 before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. BID(link is external) The issue involves the "Kernel" component. It not SECTRAC allows attackers to execute arbitrary code in a yet K(link is apple -- ios privileged context or cause a denial of service 2017- calcul external) (memory corruption) via a crafted app. 07-20 ated CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external)

CVE- 2017-7006 BID(link is external) SECTRAC K(link is external) An issue was discovered in certain Apple CONFIR products. iOS before 10.3.3 is affected. Safari M(link is before 10.1.2 is affected. tvOS before 10.2.2 is external) affected. The issue involves the "WebKit" CONFIR component. It allows remote attackers to M(link is conduct a timing side-channel attack to bypass not external) the Same Origin Policy and obtain sensitive yet CONFIR apple -- ios information via a crafted web site that uses 2017- calcul M(link is SVG filters. 07-20 ated external)

CVE- 2017-7008 BID(link is external) SECTRAC K(link is external) CONFIR An issue was discovered in certain Apple M(link is products. iOS before 10.3.3 is affected. macOS external) before 10.12.6 is affected. tvOS before 10.2.2 CONFIR is affected. The issue involves the M(link is "CoreAudio" component. It allows remote not external) attackers to execute arbitrary code or cause a yet CONFIR apple -- ios denial of service (memory corruption and 2017- calcul M(link is application crash) via a crafted movie file. 07-20 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017-7010 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) CONFIR M(link is An issue was discovered in certain Apple external) products. iOS before 10.3.3 is affected. macOS CONFIR before 10.12.6 is affected. iCloud before 6.2.2 M(link is on Windows is affected. iTunes before 12.6.2 external) on Windows is affected. tvOS before 10.2.2 is CONFIR affected. The issue involves the "libxml2" M(link is component. It allows remote attackers to not external) obtain sensitive information or cause a denial yet CONFIR apple -- ios of service (out-of-bounds read and application 2017- calcul M(link is crash) via a crafted XML file. 07-20 ated external)

CVE- 2017-2517 BID(link is external) SECTRAC An issue was discovered in certain Apple K(link is products. iOS before 10.3.3 is affected. The not external) issue involves the "Safari" component. It yet CONFIR apple -- ios allows remote attackers to spoof the address 2017- calcul M(link is bar via a crafted web site. 07-20 ated external)

CVE- 2017-7007 BID(link is external) An issue was discovered in certain Apple SECTRAC products. iOS before 10.3.3 is affected. The K(link is issue involves the "EventKitUI" component. It not external) allows remote attackers to cause a denial of yet CONFIR apple -- ios service (resource consumption and application 2017- calcul M(link is crash). 07-20 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017-7009 BID(link is external) SECTRAC K(link is external) CONFIR M(link is external) An issue was discovered in certain Apple CONFIR products. iOS before 10.3.3 is affected. macOS M(link is before 10.12.6 is affected. tvOS before 10.2.2 external) is affected. watchOS before 3.2.3 is affected. CONFIR The issue involves the "IOUSBFamily" M(link is component. It allows attackers to execute not external) arbitrary code in a privileged context or cause yet CONFIR apple -- ios a denial of service (memory corruption) via a 2017- calcul M(link is crafted app. 07-20 ated external)

CVE- 2017-7033 BID(link An issue was discovered in certain Apple is external) products. macOS before 10.12.6 is affected. SECTRAC The issue involves the "afclip" component. It K(link is allows remote attackers to execute arbitrary not external) code or cause a denial of service (memory yet CONFIR apple -- corruption and application crash) via a crafted 2017- calcul M(link is audio file. 07-20 ated external)

CVE- 2017-7067 BID(link is external) SECTRAC An issue was discovered in certain Apple K(link is products. macOS before 10.12.6 is affected. not external) The issue involves the "Kernel" component. It yet CONFIR apple -- macos allows attackers to bypass intended memory- 2017- calcul M(link is read restrictions via a crafted app. 07-20 ated external)

An issue was discovered in certain Apple CVE- products. macOS before 10.12.6 is affected. 2017-7036 apple -- macos 2017- The issue involves the "Intel Graphics Driver" 07-20 not BID(link component. It allows attackers to bypass yet is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info intended memory-read restrictions via a calcul SECTRAC crafted app. ated K(link is external) CONFIR M(link is external)

CVE- 2017-7035 BID(link An issue was discovered in certain Apple is external) products. macOS before 10.12.6 is affected. SECTRAC The issue involves the "Intel Graphics Driver" K(link is component. It allows attackers to execute not external) arbitrary code in a privileged context or cause yet CONFIR apple -- macos a denial of service (memory corruption) via a 2017- calcul M(link is crafted app. 07-20 ated external)

CVE- 2017-7017 BID(link An issue was discovered in certain Apple is external) products. macOS before 10.12.6 is affected. SECTRAC The issue involves the "Intel Graphics Driver" K(link is component. It allows attackers to execute not external) arbitrary code in a privileged context or cause yet CONFIR apple -- macos a denial of service (memory corruption) via a 2017- calcul M(link is crafted app. 07-20 ated external)

CVE- 2017-7032 BID(link is external) An issue was discovered in certain Apple SECTRAC products. macOS before 10.12.6 is affected. K(link is The issue involves the "kext tools" component. not external) It allows attackers to execute arbitrary code in yet CONFIR apple -- macos a privileged context or cause a denial of 2017- calcul M(link is service (memory corruption) via a crafted app. 07-20 ated external)

CVE- An issue was discovered in certain Apple 2017-7031 not products. macOS before 10.12.6 is affected. BID(link yet apple -- macos The issue involves the "Foundation" 2017- calcul is external) component. It allows remote attackers to SECTRAC 07-20 ated execute arbitrary code or cause a denial of K(link is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info service (memory corruption and application external) crash) via a crafted file. CONFIR M(link is external)

CVE- 2017-7015 BID(link An issue was discovered in certain Apple is external) products. macOS before 10.12.6 is affected. SECTRAC The issue involves the "Audio" component. It K(link is allows remote attackers to obtain sensitive not external) information from process memory or cause a yet CONFIR apple -- macos denial of service (memory corruption) via a 2017- calcul M(link is crafted audio file. 07-20 ated external)

CVE- 2017-7021 An issue was discovered in certain Apple BID(link products. macOS before 10.12.6 is affected. is external) The issue involves the SECTRAC "AppleGraphicsPowerManagement" K(link is component. It allows attackers to execute not external) arbitrary code in a privileged context or cause yet CONFIR apple -- macos a denial of service (memory corruption) via a 2017- calcul M(link is crafted app. 07-20 ated external)

CVE- 2017-7044 BID(link An issue was discovered in certain Apple is external) products. macOS before 10.12.6 is affected. SECTRAC The issue involves the "Intel Graphics Driver" K(link is component. It allows attackers to execute not external) arbitrary code in a privileged context or cause yet CONFIR apple -- macos a denial of service (memory corruption) via a 2017- calcul M(link is crafted app. 07-20 ated external)

CVE- An issue was discovered in certain Apple 2017-7014 products. macOS before 10.12.6 is affected. BID(link The issue involves the "Intel Graphics Driver" is external) component. It allows attackers to execute not SECTRAC arbitrary code in a privileged context or cause yet apple -- macos a denial of service (memory corruption) via a 2017- calcul K(link is external) crafted app. 07-20 ated CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external)

CVE- 2017-7016 BID(link An issue was discovered in certain Apple is external) products. macOS before 10.12.6 is affected. SECTRAC The issue involves the "afclip" component. It K(link is allows remote attackers to execute arbitrary not external) code or cause a denial of service (memory yet CONFIR apple -- macos corruption and application crash) via a crafted 2017- calcul M(link is audio file. 07-20 ated external)

CVE- 2017-7045 BID(link is external) An issue was discovered in certain Apple SECTRAC products. macOS before 10.12.6 is affected. K(link is The issue involves the "Intel Graphics Driver" not external) component. It allows attackers to bypass yet CONFIR apple -- macos intended memory-read restrictions via a 2017- calcul M(link is crafted app. 07-20 ated external)

CVE- 2017- An issue was discovered in Apport through 10708 2.20.x. In apport/report.py, Apport sets the CONFIR ExecutablePath field and it then uses the path M(link is to run package specific hooks without not external) protecting against path traversal. This allows yet CONFIR apport -- apport remote attackers to execute arbitrary code via a 2017- calcul M(link is crafted .crash file. 07-18 ated external)

Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT- AC88U, RT-AC66U, RT-AC66U_B1, RT- AC58U, RT-AC56U, RT-AC55U, RT- CVE- AC52U, RT-AC51U, RT-N18U, RT-N66U, not 2017- RT-N56U, RT-AC3200, RT-AC3100, yet 11344 RT_AC1200GU, RT_AC1200G, RT-AC1200, 2017- calcul MISC(link asuswrt-merlin -- asuswrt- RT-AC53, RT-N12HP, RT-N12HP_B1, RT- 07-17 ated is external) merlin N12D1, RT-N12+, RT_N12+_PRO, RT-N16, Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response.

Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT- AC88U, RT-AC66U, RT-AC66U_B1, RT- AC58U, RT-AC56U, RT-AC55U, RT- AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT- N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by CVE- hosting a crafted device description XML not 2017- document (that includes a serviceType yet 11345 asuswrt-merlin -- asuswrt-merlin element) at a URL specified within a Location 2017- calcul MISC(link header in an SSDP response. 07-17 ated is external)

Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT- AC88U, RT-AC66U, RT-AC66U_B1, RT- AC58U, RT-AC56U, RT-AC55U, RT- AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT- N12D1, RT-N12+, RT_N12+_PRO, RT-N16, CVE- and RT-N300 devices allows remote attackers not 2017- to execute arbitrary code via long device yet 11420 asuswrt-merlin -- asuswrt-merlin information that is mishandled during a strcat 2017- calcul MISC(link to a device list. 07-18 ated is external)

Directory Traversal exists in ATutor before CVE- 2.2.2 via the icon parameter to 2016- atutor -- atutor 2017- /mods/_core/courses/users/create_course.php. 07-22 not 10400 The attacker can read an arbitrary file by yet MISC(link Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info visiting get_course_icon.php?id= after the calcul is external) traversal attack. ated MISC(link is external)

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, CVE- Glossary, Social Group Member Search, 2017- Social Friend Search, Social Group Search, 1000004 File Comment, Gradebook Test Title, User CONFIR Group Membership, Inbox/Sent Items, Sent M(link is Messages, Links, Photo Album, Poll, Social external) Application, Social Profile, Test, Content CONFIR Menu, Auto-Login, and Gradebook not M(link is components resulting in information yet external) atutor -- atutor disclosure, database modification, or potential 2017- calcul BID(link code execution. 07-17 ated is external)

ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check CVE- vulnerability in the Social Application 2017- component resulting in privilege escalation. 1000003 ATutor versions 2.2.1 and earlier are CONFIR vulnerable to a incorrect access control check M(link is vulnerability in the Module component external) resulting in privilege escalation. ATutor CONFIR versions 2.2.1 and earlier are vulnerable to a not M(link is incorrect access control check vulnerability in yet external) atutor -- atutor the Alternative Content component resulting in 2017- calcul BID(link privilege escalation. 07-17 ated is external)

CVE- 2017- 1000002 ATutor versions 2.2.1 and earlier are CONFIR vulnerable to a directory traversal and file M(link is extension check bypass in the Course external) component resulting in code execution. CONFIR ATutor versions 2.2.1 and earlier are not M(link is vulnerable to a directory traversal vulnerability yet external) atutor -- atutor in the Course Icon component resulting in 2017- calcul BID(link information disclosure. 07-17 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info authd sets weak permissions for /etc/ident.key, CVE- which allows local users to obtain the key by not 2016-4982 leveraging a race condition between the yet CONFIR authd -- authd creation of the key, and the chmod to protect 2017- calcul M(link is it. 07-17 ated external)

A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in CVE- 6.1.0.003 (2017-01-17)) in which an 2017-6320 authenticated user can execute arbitrary shell MISC(link commands and gain root privileges. The not is external) vulnerability stems from unsanitized data yet EXPLOIT- barrauda -- load_balancer being processed in a system call when the 2017- calcul DB(link is delete_assessment command is issued. 07-18 ated external)

Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML not CVE- scripting tags. The resulting script will yet 2017-5247 biscom -- secure_file_transfer evaluated by any other authenticated user who 2017- calcul MISC(link views the attacker-supplied file name. 07-18 ated is external)

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces not CVE- ({{ }}). This expression will be evaluated by yet 2017-5246 biscom -- secure_file_transfer any other authenticated user who views the 2017- calcul MISC(link attacker's display name. 07-18 ated is external)

CVE- 2017-2126 WAPM-1166D firmware Ver.1.2.7 and earlier, CONFIR WAPM-APG600H firmware Ver.1.16.1 and not M(link is buffalo -- wapm- earlier allows remote attackers to bypass yet external) 1166d_and_wapm-apg600h authentication and access the configuration 2017- calcul JVN(link interface via unspecified vectors. 07-21 ated is external)

CVE- buffalo -- wmr-433_and_wmr- 433w Cross-site scripting vulnerability in WMR-433 2017- 2017-2274 firmware Ver.1.02 and earlier, WMR-433W not CONFIR 07-21 firmware Ver.1.40 and earlier allows remote yet M(link is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info attackers to inject arbitrary web script or calcul external) HTML via unspecified vectors. ated JVN(link is external)

CVE- Cross-site request forgery (CSRF) 2017-2273 vulnerability in WMR-433 firmware Ver.1.02 CONFIR and earlier, WMR-433W firmware Ver.1.40 not M(link is buffalo -- wmr-433_and_wmr- and earlier allows remote attackers to hijack yet external) 433w the authentication of administrators via 2017- calcul JVN(link unspecified vectors. 07-21 ated is external)

The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in 15.04, before 1.1.1+bzr980- 0ubuntu1.1 as packaged in Ubuntu 14.10, CVE- before 1.1.1-1ubuntu5.2 as packaged in 2015-1323 Ubuntu 14.04 LTS, before 0.43+bzr805- BID(link 0ubuntu10 as packaged in Ubuntu 12.04 LTS not is external) allows local users to obtain sensitive yet UBUNTU( canonical -- ubuntu information, or access files with root 2017- calcul link is permissions. 07-21 ated external)

Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an CVE- algorithmic complexity attack. An attacker can not 2017- chicken_scheme -- provide crafted input which, when inserted yet 11343 chicken_scheme into the symbol table, will result in O(n) 2017- calcul CONFIR lookup time. 07-17 ated M

CVE- Chyrp Lite version 2016.04 is vulnerable to a 2017- CSRF in the user settings function allowing not 1000008 attackers to hijack the authentication of logged yet CONFIR chyrp_lite -- chyrp_lite in users to modify account information, 2017- calcul M(link is including their password. 07-17 ated external)

CVE- Citrix NetScaler SD-WAN devices through 2017-6316 v9.1.2.26.561201 allow remote attackers to EXPLOIT- execute arbitrary shell commands as root via a DB(link is CGISESSID cookie. On CloudBridge (the not external) former name of NetScaler SD-WAN) devices, yet EXPLOIT- citrix -- netscaler_sd-wan the cookie name was CAKEPHP rather than 2017- calcul DB(link is CGISESSID. 07-20 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain not CVE- cloud_foundry -- multi-zone UAA configurations, zone yet 2017-8034 cloud_controller_and_router administrators are able to escalate their 2017- calcul CONFIR privileges. 07-17 ated M

Cobian Backup 11 client allows man-in-the- middle attackers to add and execute new CVE- backup tasks when the master server is not 2017- spoofed. In addition, the attacker can execute yet 11318 cobian_backup -- cobian_backup system commands remotely by abusing pre- 2017- calcul MISC(link backup events. 07-17 ated is external)

CVE- Contao before 3.5.28 and 4.x before 4.4.1 not 2017- allows remote attackers to include and execute yet 10993 contao -- contao arbitrary local PHP files via a crafted 2017- calcul CONFIR parameter in a URL, aka Directory Traversal. 07-21 ated M

CVE- The WHM Upload Locale interface in cPanel 2017- before 56.0.51, 58.x before 58.0.52, 60.x not 11441 before 60.0.45, 62.x before 62.0.27, 64.x yet CONFIR cpanel -- cpanel before 64.0.33, and 66.x before 66.0.2 has 2017- calcul M(link is XSS via a locale filename, aka SEC-297. 07-19 ated external)

Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the not CVE- process or potential hijack of the process yet 2017-7523 cygwin -- cygwin running with administrative privileges 2017- calcul MISC(link triggered by specially crafted input string. 07-21 ated is external)

CVE- 2017- On D-Link DIR-600M devices before not 10676 C1_v3.05ENB01_beta_20170306, XSS was yet MISC d-link -- dir-600m found in the form2userconfig.cgi username 2017- calcul MISC(link parameter. 07-19 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- D-Link DIR-615 before v20.12PTb04 has a 2017- second admin account with a 0x1 not 11436 BACKDOOR value, which might allow yet MISC d-link -- dir-615 remote attackers to obtain access via a 2017- calcul MISC(link TELNET connection. 07-19 ated is external)

CVE- 2017- dataTaker DT8x dEX 1.72.007 allows remote 11349 attackers to compose programs or schedules, not MISC(link datataker_dt8x_dex -- for purposes such as sending e-mail messages yet is external) datataker_dt8x_dex or making outbound connections to FTP 2017- calcul MISC(link servers for uploading data. 07-17 ated is external)

CVE- 2017- 11468 Docker Registry before 2.6.2 in Docker CONFIR Distribution does not properly restrict the M(link is amount of content accepted from a user, which not external) allows remote attackers to cause a denial of yet CONFIR docker -- docker_registry service (memory consumption) via the 2017- calcul M(link is manifest endpoint. 07-20 ated external)

Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadSer CVE- vlet.class in dotCMS 4.1.1 allows remote 2017- authenticated administrators to upload .jsp 11466 files to arbitrary locations via directory MISC traversal sequences in the fieldName not MISC(link parameter to servlets/ajax_file_upload. This yet is external) dotcms -- dotcms results in arbitrary code execution by 2017- calcul MISC(link requesting the .jsp file at a /assets URI. 07-19 ated is external)

CVE- DNN (aka DotNetNuke) before 9.1.1 has not 2017-9822 Remote Code Execution via a cookie, aka yet CONFIR dotnetnuke -- dotnetnuke "2017-08 (Critical) Possible remote code 2017- calcul M(link is execution on DNN sites." 07-20 ated external)

SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in not CVE- web Authentication Bypass. "eCos Embedded yet 2017- ecos -- ecos Web Servers used by Multiple Routers and 2017- calcul 1000020 Home devices, while sending SYN Flood or 07-17 ated MISC FIN Flood packets fails to validate and handle Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others."

CVE- 2017- Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and not 1000053 v1.3.2 is vulnerable to arbitrary code execution yet CONFIR elixir_plug -- elixir_plug in the deserialization functions of 2017- calcul M(link is Plug.Session. 07-17 ated external)

CVE- 2017- Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and not 1000052 v1.3.2 is vulnerable to null byte injection in yet CONFIR elixir_plug -- elixir_plug the Plug.Static component, which may allow 2017- calcul M(link is users to bypass filetype restrictions. 07-17 ated external)

The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass CVE- intended configuration restrictions and execute not 2017-7977 arbitrary commands with root privileges by yet CONFIR inserting commands in a local configuration 2017- calcul M(link is elux -- elux_rp dialog in the control panel. 07-19 ated external)

EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS CVE- Solution Packs all versions) contain 2017-8011 undocumented accounts with default CONFIR passwords for Webservice Gateway and RMI M JMX components. A remote attacker with the BID(link knowledge of the default password may not is external) potentially use these accounts to run arbitrary yet SECTRAC emc -- multile_products web service and remote procedure calls on the 2017- calcul K(link is affected system. 07-17 ated external) emc -- multile_products The EMC RSA Identity Governance and 2017- CVE- Lifecycle, RSA Via Lifecycle and Governance not 2017-8004 07-17 and RSA IMG products (RSA Identity yet CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info Governance and Lifecycle versions 7.0.1, calcul M 7.0.2, all patch levels; RSA Via Lifecycle and ated BID(link Governance version 7.0, all patch levels; RSA is external) Identity Management and Governance (RSA SECTRAC IMG) versions 6.9.1, all patch levels) allow an K(link is application administrator to upload arbitrary external) files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under.

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions CVE- 7.0.1, 7.0.2, all patch levels; RSA Via 2017-8005 Lifecycle and Governance version 7.0, all CONFIR patch levels; RSA Identity Management and M Governance (RSA IMG) versions 6.9.1, all BID(link patch levels) are affected by multiple stored not is external) cross-site scripting vulnerabilities. Remote yet SECTRAC emc -- multile_products authenticated malicious users could potentially 2017- calcul K(link is inject arbitrary HTML code to the application. 07-17 ated external)

In EMC RSA Authentication Manager 8.2 SP1 CVE- Patch 1 and earlier, a malicious user logged 2017-8006 into the Self-Service Console of RSA CONFIR Authentication Manager as a target user can M use a brute force attack to attempt to identify BID(link that user's PIN. The malicious user could not is external) emc -- potentially reset the compromised PIN to yet SECTRAC rsa_authentication_manager affect victim's ability to obtain access to 2017- calcul K(link is protected resources. 07-17 ated external)

In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console CVE- Administrator could craft a token profile and 2017-8000 store the profile name in the RSA CONFIR Authentication Manager database. The profile M name could include a crafted script (with an BID(link XSS payload) that could be executed when not is external) emc -- viewing or editing the assigned token profile in yet SECTRAC rsa_authentication_manager the token by another administrator's browser 2017- calcul K(link is session. 07-17 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- There is an illegal address access in the not 2017- extend_alias_table function in localealias.c of yet 11553 exiv2_0.26 -- exiv2_0.26 Exiv2 0.26. A crafted input will lead to remote 2017- calcul MISC(link denial of service. 07-22 ated is external)

CVE- 2017- FedMsg 0.18.1 and older is vulnerable to a not 1000001 message validation flaw resulting in message yet CONFIR fedmsg -- fedmsg validation not being enabled if configured to 2017- calcul M(link is be on. 07-17 ated external)

Integer overflow in the ape_decode_frame CVE- function in libavcodec/apedec.c in FFmpeg 2017- through 3.3.2 allows remote attackers to cause not 11399 a denial of service (out-of-array access and yet CONFIR ffmpeg -- ffmpeg application crash) or possibly have unspecified 2017- calcul M(link is other impact via a crafted APE file. 07-17 ated external)

discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, CVE- which allows local users with access to the not 2016-4996 system journal to obtain the root password by yet CONFIR foreman -- foreman reading the system journal, or by clicking Logs 2017- calcul M(link is on the console. 07-17 ated external)

CVE- 2015-5152 Foreman after 1.1 and before 1.9.0-RC1 does CONFIR not redirect HTTP requests to HTTPS when not M the require_ssl setting is set to true, which yet CONFIR foreman -- foreman allows remote attackers to obtain user 2017- calcul M(link is credentials via a man-in-the-middle attack. 07-17 ated external)

rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special not CVE- Ruby syntax. This can lead to deletion of yet 2017-7540 foreman -- foreman objects for which the user does not have delete 2017- calcul MISC(link permissions or possibly to privilege escalation. 07-21 ated is external)

CVE- fortinet -- fortiwlm 2017- A hard-coded account named 'upgrade' in not 2017-7336 07-22 Fortinet FortiWLM 8.3.0 and lower versions yet BID(link Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info allows a remote attacker to log-in and execute calcul is external) commands with 'upgrade' account privileges. ated CONFIR M(link is external)

CVE- Geneko GWR routers allow directory traversal not 2017- sequences starting with a /../ substring, as yet 11456 demonstrated by unauthenticated read access 2017- calcul MISC(link geneko -- gwr-routers to the configuration file. 07-19 ated is external) CVE- 2017-9765 MISC(link is external) MISC(link is external) Integer overflow in the soap_get function in BID(link Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, is external) as used on Axis cameras and other devices, MISC(link allows remote attackers to execute arbitrary is external) code or cause a denial of service (stack-based MISC(link buffer overflow and application crash) via a is external) large XML document, aka Devil's Ivy. NOTE: not MISC(link the large document would be blocked by many yet is external) common web-server configurations on 2017- calcul MISC(link genivia -- gsoap general-purpose computers. 07-19 ated is external) CVE- Stack-based buffer overflow in 2017- GCoreServer.exe in the server in Geutebrueck not 11517 geutebrueck-gcore -- Gcore 1.3.8.42 and 1.4.2.37 allows remote yet EXPLOIT- geutebrueck_gcore attackers to execute arbitrary code via a long 2017- calcul DB(link is URI in a GET request. 07-21 ated external)

Cross-Site Request Forgery (CSRF) CVE- vulnerability in GLPI 0.90.4 allows remote not 2016-7507 authenticated attackers to submit a request that yet CONFIR glpi -- glpi could lead to the creation of an admin account 2017- calcul M(link is in the application. 07-19 ated external)

CVE- GLPI before 9.1.5 allows SQL injection via an not 2017- 11329 ajax/getDropdownValue.php request with an yet glpi -- glpi entity_restrict parameter that is not a list of 2017- calcul CONFIR M(link is integers. 07-17 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CONFIR M(link is external)

Cross-site scripting (XSS) vulnerability in CVE- GLPI 0.90.4 allows remote authenticated not 2016-7509 attackers to inject arbitrary web script or yet CONFIR glpi -- glpi HTML by attaching a crafted HTML file to a 2017- calcul M(link is ticket. 07-19 ated external)

CVE- gnome-exe-thumbnailer before 0.9.5 is prone 2017- to a VBScript Injection when generating 11421 thumbnails for MSI files, aka the "Bad Taste" MISC(link issue. There is a local attack if the victim uses not is external) gnome-exe-thumbnailer -- the GNOME Files file manager, and navigates yet MISC gnome-exe-thumbnailer to a directory containing a .msi file with 2017- calcul MISC(link VBScript code in its filename. 07-18 ated is external)

GNOME Web (Epiphany) 3.23 before 3.23.5, CVE- 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 2017- before 3.18.11, and prior versions, is not 1000025 vulnerable to a password manager sweep yet CONFIR gnome_web -- gnome_web attack resulting in the remote exfiltration of 2017- calcul M stored passwords for a selected set of websites. 07-17 ated MISC

CVE- 2017- 11464 CONFIR M A SIGFPE is raised in the function CONFIR box_blur_line of rsvg-filter.c in GNOME not M gnome_ librsvg -- librsvg 2.40.17 during an attempted parse of a yet CONFIR gnome_ librsvg crafted SVG file, because of incorrect 2017- calcul M(link is protection against division by zero. 07-19 ated external)

CVE- 2017-9245 The Google News and Weather application not BID(link before 3.3.1 for Android allows remote yet is external) google -- android attackers to read OAuth tokens by sniffing the 2017- calcul MISC(link network and leveraging the lack of SSL. 07-18 ated is external)

In Green Packet DX-350 Firmware version green_packet -- dx-350 2017- v2.8.9.5-g1.4.8-atheeb, the "PING" (aka not CVE- 07-21 tag_ipPing) feature within the web interface yet 2017-9980 Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info allows performing command injection, via the calcul MISC(link "pip" parameter. ated is external)

not CVE- Green Packet DX-350 Firmware version yet 2017-9932 green_packet -- dx-350 v2.8.9.5-g1.4.8-atheeb has a default password 2017- calcul MISC(link of admin for the admin account. 07-21 ated is external)

Cross-Site Scripting (XSS) exists in Green not CVE- Packet DX-350 Firmware version v2.8.9.5- yet 2017-9931 green_packet -- dx-350 g1.4.8-atheeb, as demonstrated by the action 2017- calcul MISC(link parameter to ajax.cgi. 07-21 ated is external)

Cross-Site Request Forgery (CSRF) exists in not CVE- Green Packet DX-350 Firmware version yet 2017-9930 green_packet -- dx-350 v2.8.9.5-g1.4.8-atheeb, as demonstrated by a 2017- calcul MISC(link request to ajax.cgi that enables UPnP. 07-21 ated is external)

CVE- 2017-2241 SQL injection vulnerability in the AssetView MISC(link for MacOS Ver.9.2.0 and earlier versions not is external) hammock -- allows remote attackers to execute arbitrary yet CONFIR assetview_for_macos SQL commands via "File Transfer Web 2017- calcul M(link is Service". 07-17 ated external)

CVE- 2017-2240 MISC(link Directory traversal vulnerability in AssetView not is external) hammock -- for MacOS Ver.9.2.0 and earlier versions yet CONFIR assetview_for_macos allows remote attackers to read arbitrary files 2017- calcul M(link is via "File Transfer Web Service". 07-17 ated external)

The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in CVE- url '/api'. An attacker can use this vulnerability not 2017- to retrieve sensitive information such as yet 11435 humax -- wi-fi_router private/public IP addresses, SSID names, and 2017- calcul MISC(link passwords. 07-19 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017-1309 CONFIR M(link is external) IBM InfoSphere Master Data Management not BID(link ibm -- Server 11.0 - 11.6 stores user credentials in yet is external) infosphere_master_data_mana plain in clear text which can be read by a local 2017- calcul MISC(link gement_server user. IBM X-Force ID: 125463. 07-19 ated is external) CVE- 2017-1318 CONFIR M(link is IBM MQ Appliance 8.0 and 9.0 could allow external) an authenticated messaging administrator to not BID(link execute arbitrary commands on the system, yet is external) caused by command execution. IBM X-Force 2017- calcul MISC(link ibm -- mq_appliance ID: 125730. 07-18 ated is external) CVE- 2017-1267 CONFIR M(link is IBM Security Guardium 10.0 and 10.1 external) processes patches, image backups and other not BID(link updates without sufficiently verifying the yet is external) ibm -- security_guardium origin and integrity of the code. IBM X-Force 2017- calcul MISC(link ID: 124742. 07-21 ated is external)

CVE- 2017-1203 CONFIR IBM Tivoli Endpoint Manager (for M(link is Lifecycle/Power/Patch) Platform and external) Applications is vulnerable to cross-site CONFIR scripting. This vulnerability allows users to M(link is embed arbitrary JavaScript code in the Web UI external) thus altering the intended functionality not BID(link potentially leading to credentials disclosure yet is external) ibm -- within a trusted session. IBM X-Force ID: 2017- calcul MISC(link tivoli_endpoint_manager 123678. 07-19 ated is external) ibm -- tivoli_endpoint_manager IBM Tivoli Endpoint Manager is vulnerable to 2017- CVE- cross-site request forgery which could allow not 2017-1218 07-19 an attacker to execute malicious and yet CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info unauthorized actions transmitted from a user calcul M(link is that the website trusts. IBM X-Force ID: ated external) 123858. BID(link is external) MISC(link is external)

IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a CVE- victim to visit a specially-crafted Web site, a 2017-1223 remote attacker could exploit this vulnerability CONFIR to spoof the URL displayed to redirect a user M(link is to a malicious Web site that would appear to external) be trusted. This could allow the attacker to not BID(link obtain highly sensitive information or conduct yet is external) ibm -- tivoli_endpoint_manager further attacks against the victim. IBM X- 2017- calcul MISC(link Force ID: 123902. 07-19 ated is external)

CVE- IBM Tivoli Endpoint Manager is vulnerable to 2017-1219 a XML External Entity Injection (XXE) attack CONFIR when processing XML data. A remote attacker not M(link is could exploit this vulnerability to expose yet external) ibm -- tivoli_endpoint_manager sensitive information or consume memory 2017- calcul MISC(link resources. IBM X-Force ID: 123859. 07-19 ated is external)

CVE- 2017-1224 CONFIR M(link is IBM Tivoli Endpoint Manager uses weaker external) than expected cryptographic algorithms that not BID(link could allow an attacker to decrypt highly yet is external) ibm -- tivoli_endpoint_manager sensitive information. IBM X-Force ID: 2017- calcul MISC(link 123903. 07-19 ated is external)

CVE- Builder tools running in the IBM TRIRIGA 2017-1371 Application Platform 3.3, 3.4, and 3.5 contains CONFIR a vulnerability that could allow an not M(link is ibm -- authenticated user to execute Builder tool yet external) tririga_application_platform actions they do not have access to. IBM X- 2017- calcul MISC(link Force ID: 126864. 07-21 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info IBM TRIRIGA Application Platform 3.3, 3.4, CVE- and 3.5 is vulnerable to cross-site scripting. 2017-1372 This vulnerability allows users to embed CONFIR arbitrary JavaScript code in the Web UI thus not M(link is ibm -- altering the intended functionality potentially yet external) tririga_application_platform leading to credentials disclosure within a 2017- calcul MISC(link trusted session. IBM X-Force ID: 126865. 07-21 ated is external)

CVE- 2017-1374 Sensitive data can be exposed in the IBM CONFIR TRIRIGA Application Platform 3.3, 3.4, and not M(link is ibm -- 3.5 that can lead to an attacker gaining yet external) tririga_application_platform unauthorized access to the system. IBM X- 2017- calcul MISC(link Force ID: 126867. 07-21 ated is external)

CVE- 2017-1373 CONFIR M(link is Reports executed in the IBM TRIRIGA external) Application Platform 3.3, 3.4, and 3.5 contains not BID(link ibm -- a vulnerability that could allow an yet is external) tririga_application_platform authenticated user to execute a report they do 2017- calcul MISC(link not have access to. IBM X-Force ID: 126866. 07-21 ated is external)

CVE- IBM WebSphere Application Server Proxy 2017-1381 ibm -- Server or On-demand-router (ODR) 7.0, 8.0, CONFIR websphere_application_server_p 8.5, 9.0 and could allow a local attacker to not M(link is roxy_server_or_on-demand- obtain sensitive information, caused by stale yet external) router data being cached and then served. IBM X- 2017- calcul MISC(link Force ID: 127152. 07-21 ated is external)

CVE- 2016-6018 CONFIR M(link is IBM Emptoris Contract Management 10.0 and external) 10.1 reveals detailed error messages in certain not BID(link ibm -- features that could cause an attacker to gain yet is external) emptoris_contract_management additional information to conduct further 2017- calcul MISC(link attacks. IBM X-Force ID: 116738. 07-19 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- IDERA Uptime Monitor 7.8 has SQL injection not 2017- idera_uptime_monitor -- in yet 11471 idera_uptime_monitor /gadgets/definitions/uptime.CapacityWhatIfGa 2017- calcul MISC(link dget/getmetrics.php via the element parameter. 07-20 ated is external)

CVE- not 2017- idera_uptime_monitor -- get2post.php in IDERA Uptime Monitor 7.8 yet 11469 idera_uptime_monitor has directory traversal in the file_name 2017- calcul MISC(link parameter. 07-20 ated is external)

IDERA Uptime Monitor 7.8 has SQL injection CVE- in not 2017- idera_uptime_monitor -- /gadgets/definitions/uptime.CapacityWhatifGa yet 11470 idera_uptime_monitor dget/getxenmetrics.php via the element 2017- calcul MISC(link parameter. 07-20 ated is external)

CVE- 2017- When ImageMagick 7.0.6-1 processes a not 11533 crafted file in convert, it can lead to a heap- yet CONFIR based buffer over-read in the WriteUILImage() 2017- calcul M(link is imagemagick -- imagemagick function in coders/uil.c. 07-22 ated external)

CVE- 2017- When ImageMagick 7.0.6-1 processes a not 11539 crafted file in convert, it can lead to a Memory yet CONFIR imagemagick -- imagemagick Leak in the ReadOnePNGImage() function in 2017- calcul M(link is coders/png.c. 07-22 ated external)

CVE- 2017- When ImageMagick 7.0.6-1 processes a not 11532 crafted file in convert, it can lead to a Memory yet CONFIR imagemagick -- imagemagick Leak in the WriteMPCImage() function in 2017- calcul M(link is coders/mpc.c. 07-22 ated external)

CVE- When ImageMagick 7.0.6-1 processes a 2017- crafted file in convert, it can lead to a heap- not 11540 based buffer over-read in the GetPixelIndex() yet CONFIR imagemagick -- imagemagick function, called from the WritePICONImage 2017- calcul M(link is function in coders/xpm.c. 07-22 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017- The ReadOneJNGImage function in 11505 coders/png.c in ImageMagick through 6.9.9-0 CONFIR and 7.x through 7.0.6-1 allows remote not M attackers to cause a denial of service (large yet CONFIR imagemagick -- imagemagick loop and CPU consumption) via a malformed 2017- calcul M(link is JNG file. 07-21 ated external)

CVE- 2017- When ImageMagick 7.0.6-1 processes a not 11534 crafted file in convert, it can lead to a Memory yet CONFIR imagemagick -- imagemagick Leak in the lite_font_map() function in 2017- calcul M(link is coders/wmf.c. 07-22 ated external)

CVE- 2017- 11524 The WriteBlob function in MagickCore/blob.c CONFIR in ImageMagick before 6.9.8-10 and 7.x not M before 7.6.0-0 allows remote attackers to cause yet CONFIR imagemagick -- imagemagick a denial of service (assertion failure and 2017- calcul M(link is application exit) via a crafted file. 07-22 ated external)

CVE- 2017- When ImageMagick 7.0.6-1 processes a not 11536 crafted file in convert, it can lead to a Memory yet CONFIR imagemagick -- imagemagick Leak in the WriteJP2Image() function in 2017- calcul M(link is coders/jp2.c. 07-22 ated external)

CVE- 2017- When ImageMagick 7.0.6-1 processes a not 11535 crafted file in convert, it can lead to a heap- yet CONFIR imagemagick -- imagemagick based buffer over-read in the WritePSImage() 2017- calcul M(link is function in coders/ps.c. 07-22 ated external)

When ImageMagick 7.0.6-1 processes a CVE- crafted file in convert, it can lead to a Floating 2017- Point Exception (FPE) in the not 11537 WritePALMImage() function in coders/palm.c, yet CONFIR imagemagick -- imagemagick related to an incorrect bits-per-pixel 2017- calcul M(link is calculation. 07-22 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017- When ImageMagick 7.0.6-1 processes a not 11538 crafted file in convert, it can lead to a Memory yet CONFIR imagemagick -- imagemagick Leak in the WriteOnePNGImage() function in 2017- calcul M(link is coders/png.c. 07-22 ated external)

CVE- 2017- 11525 The ReadCINImage function in coders/cin.c in CONFIR ImageMagick before 6.9.9-0 and 7.x before not M 7.0.6-1 allows remote attackers to cause a yet CONFIR imagemagick -- imagemagick denial of service (memory consumption) via a 2017- calcul M(link is crafted file. 07-22 ated external)

CVE- 2017- 11529 The ReadMATImage function in coders/mat.c CONFIR in ImageMagick before 6.9.9-0 and 7.x before not M 7.0.6-1 allows remote attackers to cause a yet CONFIR imagemagick -- imagemagick denial of service (memory leak) via a crafted 2017- calcul M(link is file. 07-22 ated external)

CVE- 2017- 11528 The ReadDIBImage function in coders/dib.c in CONFIR ImageMagick before 6.9.9-0 and 7.x before not M 7.0.6-1 allows remote attackers to cause a yet CONFIR imagemagick -- imagemagick denial of service (memory leak) via a crafted 2017- calcul M(link is file. 07-22 ated external)

CVE- 2017- 11526 The ReadOneMNGImage function in CONFIR coders/png.c in ImageMagick before 6.9.9-0 not M and 7.x before 7.0.6-1 allows remote attackers yet CONFIR imagemagick -- imagemagick to cause a denial of service (large loop and 2017- calcul M(link is CPU consumption) via a crafted file. 07-22 ated external)

The ReadTXTImage function in coders/txt.c in CVE- imagemagick -- imagemagick ImageMagick through 6.9.9-0 and 7.x through 2017- 2017- 7.0.6-1 allows remote attackers to cause a not 11523 07-22 denial of service (infinite loop) via a crafted yet CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info file, because the end-of-file condition is not calcul M considered. ated CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external)

CVE- 2017- 11530 The ReadEPTImage function in coders/ept.c in CONFIR ImageMagick before 6.9.9-0 and 7.x before not M 7.0.6-1 allows remote attackers to cause a yet CONFIR imagemagick -- imagemagick denial of service (memory consumption) via a 2017- calcul M(link is crafted file. 07-22 ated external)

CVE- 2017- 11522 CONFIR M CONFIR The WriteOnePNGImage function in M(link is coders/png.c in ImageMagick through 6.9.9-0 not external) and 7.x through 7.0.6-1 allows remote yet CONFIR imagemagick -- imagemagick attackers to cause a denial of service (NULL 2017- calcul M(link is pointer dereference) via a crafted file. 07-22 ated external)

CVE- 2017- When ImageMagick 7.0.6-1 processes a not 11531 crafted file in convert, it can lead to a Memory yet CONFIR imagemagick -- imagemagick Leak in the WriteHISTOGRAMImage() 2017- calcul M(link is function in coders/histogram.c. 07-22 ated external)

The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 CVE- 2017- and 7.x through 7.0.6-1 allows remote not 11478 attackers to cause a denial of service (infinite yet CONFIR imagemagick -- imagemagick loop and CPU consumption) via a malformed 2017- calcul DJVU image. 07-20 ated M CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external)

CVE- 2017- 11527 The ReadDPXImage function in coders/dpx.c CONFIR in ImageMagick before 6.9.9-0 and 7.x before not M 7.0.6-1 allows remote attackers to cause a yet CONFIR imagemagick -- imagemagick denial of service (memory consumption) via a 2017- calcul M(link is crafted file. 07-22 ated external)

Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add CVE- root SSH keys via JSON commands to ubus. not 2017- (Exploitation is sometimes easy because the yet 11361 inteno -- inteno "user" password might be "user" or might 2017- calcul MISC(link match the Wi-Fi key.) 07-17 ated is external)

CVE- 2017- 1000071 BID(link is external) CONFIR M(link is Jasig phpCAS version 1.3.4 is vulnerable to an not external) authentication bypass in the validateCAS20 yet CONFIR jasig_phpcas -- jasig_phpcas function when configured to authenticate 2017- calcul M(link is against an old CAS server. 07-17 ated external)

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup CVE- directory, if present. Upgrading from before 2017- 1.498 will no longer create a backup directory. not 1000362 Administrators relying on file access yet CONFIR permissions in their manually created backups jenkins -- jenkins 2017- calcul M(link is are advised to check them for the directory 07-17 ated external) $JENKINS_HOME/jenkins.security.RekeySec Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info retAdminMonitor/backups, and delete it if present.

Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior CVE- to 14.1R8-S3, 14.1R9; 14.1X53 prior to 2017-2314 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; SECTRAC 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; K(link is 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, not external) 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to yet CONFIR juniper_networks -- junos_os 15.1X49-D100; 15.1X53 prior to 15.1X53- 2017- calcul M(link is D33, 15.1X53-D50. 07-17 ated external)

An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D40 on QFX5110, QFX5200, QFX10002, QFX10008, QFX10016, EX4600 CVE- and NFX250; 15.1 prior to 15.1R5 on 2017-2341 EX4600; 15.1X49 prior to 15.1X49-D70 on SECTRAC vSRX, SRX1500, SRX4100, SRX4200; 16.1 K(link is prior to 16.1R2 on EX4600, ACX5000 series. not external) This issue does not affect vMX. No other yet CONFIR juniper_networks -- junos_os Juniper Networks products or platforms are 2017- calcul M(link is affected by this issue. 07-17 ated external)

An XML injection vulnerability in Junos OS CVE- CLI can allow a locally authenticated user to 2017- not elevate privileges and run arbitrary commands 10603 yet as the root user. This issue was found during SECTRAC juniper_networks -- junos_os 2017- calcul internal product security testing. Affected 07-17 ated K(link is releases are Juniper Networks Junos OS external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info 15.1X53 prior to 15.1X53-D47, 15.1 prior to CONFIR 15.1R3. Junos versions prior to 15.1 are not M(link is affected. No other Juniper Networks products external) or platforms are affected by this issue.

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47- D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX- Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of "Status: Connected" will indicate that the service is CVE- active on the device. To evaluate if user 2017-2343 authentication is occurring through the device: SECTRAC root@SRX-Firewall# run show services user- K(link is identification active-directory-access active- not external) directory-authentication-table all Next review yet CONFIR the results to see if valid users and groups are juniper_networks -- junos_os 2017- calcul M(link is returned. e.g. Domain: juniperlab.com Total 07-17 ated external) entries: 3 Source IP Username groups state Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue.

A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell CVE- commands and elevate privileges. Affected 2017-2349 releases are Juniper Networks Junos OS SECTRAC 12.1X44 prior to 12.1X44-D60; 12.1X46 prior K(link is to 12.1X46-D50; 12.1X47 prior to 12.1X47- not external) D30, 12.1X47-D35; 12.3X48 prior to yet CONFIR juniper_networks -- junos_os 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 2017- calcul M(link is 15.1X49-D20, 15.1X49-D30. 07-17 ated external)

A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs CVE- from running on Junos OS. There are no 2017-2344 known exploit vectors utilizing signed binaries BID(link shipped with Junos OS itself. Affected releases is external) are Juniper Networks Junos OS 12.1X46 prior SECTRAC to 12.1X46-D67; 12.3X48 prior to 12.3X48- K(link is D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; not external) 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; yet CONFIR 14.1X50 prior to 14.1X50-D185; 14.1X53 juniper_networks -- junos_os 2017- calcul M(link is prior to 14.1X53-D122, 14.1X53-D45, 07-17 ated external) 14.1X53-D50; 14.2 prior to 14.2R4-S9, Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D231, 15.1X53- D47, 15.1X53-D48, 15.1X53-D57, 15.1X53- D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. No other Juniper Networks products or platforms are affected by this issue.

MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and CVE- fabric ports of SRX340 and SRX345 devices. 2017-2342 SRX300 and and SRX320 did not have any SECTRAC MACsec capable ports. Configuring MACsec K(link is on ports that were not MACsec capable would not external) have resulted in this issue. Affected releases yet CONFIR juniper_networks -- junos_os are Juniper Networks Junos OS 15.1X49 prior 2017- calcul M(link is to 15.1X49-D100 on SRX300 series. 07-17 ated external)

On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd CVE- daemon to crash and restart by sending a 2017-2345 crafted SNMP packet. Repeated crashes of the BID(link snmpd daemon can result in a partial denial of is external) service condition. Additionally, it may be SECTRAC possible to craft a malicious SNMP packet in a K(link is way that can result in remote code execution. not external) SNMP is disabled in Junos OS by default. yet CONFIR Junos OS devices with SNMP disabled are not juniper_networks -- junos_os 2017- calcul M(link is affected by this issue. No other Juniper 07-17 ated external) Networks products or platforms are affected Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info by this issue. NOTE: This is a different issue than Cisco CVE-2017-6736, CVE-2017-6737, and CVE-2017-6738. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100, 15.1X49-D110; 15.1X53 prior to 15.1X53- D231, 15.1X53-D47, 15.1X53-D48, 15.1X53- D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2, 16.2R3; 17.1 prior to 17.1R1-S3, 17.1R2, 17.1R3; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. Junos releases prior to 10.2 are not affected.

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with synch or failover while the root account is locked out. Administrators can confirm if the root account is locked out via the following command CVE- root@device> show system login lockout user 2017- root User Lockout start Lockout end root 10604 1995-01-01 01:00:01 PDT 1995-11-01 SECTRAC 01:31:01 PDT Affected releases are Juniper K(link is Networks Junos OS 12.1X46 prior to not external) 12.1X46-D65 on SRX series; 12.3X48 prior to yet CONFIR juniper_networks -- junos_os 12.3X48-D45 on SRX series; 15.1X49 prior to 2017- calcul M(link is 15.1X49-D75 on SRX series. 07-17 ated external) juniper_networks -- junos_os 2017- A denial of service vulnerability in rpd not CVE- 07-17 daemon of Juniper Networks Junos OS allows yet 2017-2347 Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info a malformed MPLS ping packet to crash the calcul SECTRAC rpd daemon if MPLS OAM is configured. ated K(link is Repeated crashes of the rpd daemon can result external) in an extended denial of service condition for CONFIR the device. The affected releases are Junos OS M(link is 12.3X48 prior to 12.3X48-D50, 12.3X48-D55; external) 13.3 prior to 13.3R10; 14.1 prior to 14.1R4- S13, 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D42, 14.1X53-D50; 14.2 prior to 14.2R4-S8, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F5-S7, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5-S1, 15.1R6; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53- D105, 15.1X53-D47, 15.1X53-D62, 15.1X53- D70; 16.1 prior to 16.1R3-S3, 16.1R4. No other Juniper Networks products or platforms are affected by this issue.

On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended denial of service condition for the device(s). If the device is configured in high- availability, the RG1+ (data-plane) will fail- over to the secondary node. If the device is configured in stand-alone, there will be temporary traffic interruption until the flowd process is restored automatically. Sustained crafted packets may cause the secondary failover node to fail back, or fail completely, potentially halting flowd on both nodes of the cluster or causing flip-flop failovers to occur. CVE- No other Juniper Networks products or 2017- platforms are affected by this issue. Affected 10605 releases are Juniper Networks Junos OS SECTRAC 12.1X46 prior to 12.1X46-D67 on vSRX or K(link is SRX Series; 12.3X48 prior to 12.3X48-D50 on not external) vSRX or SRX Series; 15.1X49 prior to yet CONFIR juniper_networks -- junos_os 15.1X49-D91, 15.1X49-D100 on vSRX or 2017- calcul M(link is SRX Series. 07-17 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected CVE- releases are Juniper Networks Junos OS 2017- 14.1X53; 14.2 prior to 14.2R6; 15.1 prior to 10602 15.1F5, 15.1F6, 15.1R3; 15.1X49 prior to SECTRAC 15.1X49-D40; 15.1X53 prior to 15.1X53-D47, K(link is 15.1X53-D70. This issue does not affect Junos not external) 14.1 or prior releases. No other Juniper yet CONFIR juniper_networks -- junos_os Networks products or platforms are affected 2017- calcul M(link is by this issue. 07-17 ated external)

An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). Repeated crashes of the Service PC can result in an extended denial of service condition. The issue can be seen only if NAT or stateful-firewall rules are configured with ALGs enabled. This issue was caused by the code change for PR 1182910 in Junos OS 14.1X55-D30, 14.1X55-D35, 14.2R7, 15.1R5, and 16.1R2. No other versions of Junos OS and no other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS on CVE- MX platforms running: 14.1X55 from 2017-2346 14.1X55-D30 to releases prior to 14.1X55- SECTRAC D35; 14.2R from 14.2R7 to releases prior to K(link is 14.2R7-S4, 14.2R8; 15.1R from 15.1R5 to not external) releases prior to 15.1R5-S2, 15.1R6; 16.1R yet CONFIR juniper_networks -- junos_os from 16.1R2 to releases prior to 16.1R3-S2, 2017- calcul M(link is 16.1R4. 07-17 ated external)

The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and CVE- restart upon receipt of an invalid IPv6 UDP 2017-2348 packet. Both high CPU utilization and repeated SECTRAC crashes of the jdhcpd daemon can result in a K(link is denial of service as DHCP service is not external) interrupted. No other Juniper Networks yet CONFIR products or platforms are affected by this juniper_networks -- junos_os 2017- calcul M(link is issue. Affected releases are Juniper Networks 07-17 ated external) Junos OS 14.1X53 prior to 14.1X53-D12, Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info 14.1X53-D38, 14.1X53-D40 on QFX, EX, QFabric System; 15.1 prior to 15.1F2-S18, 15.1R4 on all products and platforms; 15.1X49 prior to 15.1X49-D80 on SRX; 15.1X53 prior to 15.1X53-D51, 15.1X53-D60 on NFX, QFX, EX.

A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms CVE- are affected by this issue. Affected releases are 2017- Juniper Networks Junos OS 12.3 prior to 10601 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48- SECTRAC D20; 13.2 prior to 13.2R8; 13.3 prior to K(link is 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, not external) 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 yet CONFIR juniper_networks -- junos_os prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 2017- calcul M(link is 15.1R2. 07-17 ated external)

CVE- 2017-9810 MISC(link is external) There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus FULLDIS C for Linux File Server before Maintenance Pack BID(link 2 Critical Fix 4 (version 8.0.4.312). This not is external) would allow an attacker to submit yet SECTRAC kaspersky -- anti- authenticated requests when an authenticated 2017- calcul user browses an attacker-controlled domain. 07-17 ated K(link is virus_for_linux_file_server external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info MISC(link is external)

CVE- 2017-9812 MISC(link is external) FULLDIS C BID(link The reportId parameter of the getReportStatus is external) action method can be abused in the web SECTRAC interface in Kaspersky Anti-Virus for Linux not K(link is kaspersky -- anti- File Server before Maintenance Pack 2 Critical yet external) virus_for_linux_file_server Fix 4 (version 8.0.4.312) to read arbitrary files 2017- calcul MISC(link with kluser privileges. 07-17 ated is external)

CVE- 2017-9813 MISC(link is external) FULLDIS C BID(link is external) In Kaspersky Anti-Virus for Linux File Server SECTRAC before Maintenance Pack 2 Critical Fix 4 not K(link is kaspersky -- anti- (version 8.0.4.312), the scriptName parameter yet external) virus_for_linux_file_server of the licenseKeyInfo action method is 2017- calcul MISC(link vulnerable to cross-site scripting (XSS). 07-17 ated is external)

CVE- 2017-9811 MISC(link is external) FULLDIS C BID(link The kluser is able to interact with the kav4fs- is external) control binary in Kaspersky Anti-Virus for SECTRAC Linux File Server before Maintenance Pack 2 not K(link is kaspersky -- anti- Critical Fix 4 (version 8.0.4.312). By abusing yet external) virus_for_linux_file_server the quarantine read and write operations, it is 2017- calcul MISC(link possible to elevate the privileges to root. 07-17 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info Multiple cross-site request forgery (CSRF) vulnerabilities in Koha Libraries 3.20.x before 3.20.1, 3.14.x before 3.14.16, 3.16.x before 3.16.12 allow remote attackers to (1) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via the addshelf parameter to opac-shelves.pl, (2) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via an unspecified list name parameter to opac- addbybiblionumber.pl, (3) hijack the authentication of library administrator users for requests that execute arbitrary web script or HTML via virtualshelves/shelves.pl when a shelf name contains web script or HTML, or (4) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests not CVE- that execute arbitrary web script or HTML by yet 2015-4639 adding a biblio to a list whose name contains 2017- calcul CONFIR koha -- koha web script or HTML. 07-21 ated M

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable CVE- location. An attacker with read access to the not 2017-3742 user's contents could connect to the Connect2 yet CONFIR lenovo -- connect2 hotspot and see the contents of files while they 2017- calcul M(link is are being transferred between the two systems. 07-17 ated external)

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an CVE- attacker with physical or administrative access not 2017-3754 to a system to be able to flash the BIOS with yet CONFIR lenovo --notebook an arbitrary image and potentially run 2017- calcul M(link is malicious BIOS code. 07-17 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2015-3886 MLIST CONFIR M CONFIR M(link is external) CONFIR M(link is libinfinity before 0.6.6-1 does not validate not external) expired SSL certificates, which allows remote yet CONFIR libinfinity -- libinfinity attackers to have unspecified impact via 2017- calcul M(link is unknown vectors. 07-21 ated external)

CVE- The cabd_read_string function in 2017- mspack/cabd.c in libmspack 0.5alpha, as used 11423 in ClamAV 0.99.2 and other products, allows not MISC(link remote attackers to cause a denial of service yet is external) libmspack -- libmspack (stack-based buffer over-read and application 2017- calcul MISC(link crash) via a crafted CAB file. 07-18 ated is external)

CVE- There is an illegal address access in the not 2017- Eval::operator function in eval.cpp in LibSass yet 11555 libsass -- libsass 3.4.5. A crafted input will lead to a remote 2017- calcul MISC(link denial of service. 07-22 ated is external)

CVE- There is a stack consumption vulnerability in not 2017- the Parser::advanceToNextToken function in yet 11556 libsass -- libsass parser.cpp in LibSass 3.4.5. A crafted input 2017- calcul MISC(link may lead to remote denial of service. 07-22 ated is external)

CVE- 2017- 11554 There is a stack consumption vulnerability in not MISC(link the lex function in parser.hpp (as used in sassc) yet is external) libsass -- libsass in LibSass 3.4.5. A crafted input will lead to a 2017- calcul MISC(link remote denial of service. 07-22 ated is external)

selinux-policy when sysctl linux -- linux_kernel fs.protected_hardlinks are set to 0 allows local 2017- CVE- users to cause a denial of service (SSH login not 2015-3170 07-21 prevention) by creating a hardlink to yet CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info /etc/passwd from a directory named .config, calcul M(link is and updating selinux-policy. ated external)

CVE- 2015-5300 CONFIR M(link is external) FEDORA FEDORA FEDORA SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE REDHAT( link is external) MLIST CONFIR M CONFIR M DEBIAN CONFIR M(link is external) BID(link is external) SECTRAC K(link is The panic_gate check in NTP before 4.2.8p5 is external) only re-enabled after the first change to the UBUNTU( system clock that was greater than 128 milliseconds by default, which allows remote link is external) attackers to set NTP to an arbitrary time when CONFIR started with the -g option, or to alter the time M(link is by up to 900 seconds otherwise by responding not external) to an unspecified number of requests from yet CONFIR linux -- linux_kernel trusted sources, and leveraging a resulting 2017- calcul M(link is denial of service (abort and restart). 07-21 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info MISC CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) MISC(link is external) FREEBSD CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external)

not The acpi_ns_terminate() function in CVE- yet linux -- linux_kernel drivers/acpi/acpica/nsutils.c in the Linux 2017- calcul 2017- kernel before 4.12 does not flush the operand 11472 07-20 ated cache and causes a kernel stack dump, which CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info allows local users to obtain sensitive M information from kernel memory and bypass CONFIR the KASLR protection mechanism (in the M(link is kernel through 4.9) via a crafted ACPI table. external) CONFIR M(link is external)

CVE- 2015-5219 CONFIR M(link is external) CONFIR M FEDORA FEDORA FEDORA SUSE SUSE REDHAT( link is external) REDHAT( link is external) DEBIAN MLIST(lin k is external) BID(link is external) UBUNTU( link is external) CONFIR M(link is external) CONFIR The ULOGTOD function in ntp.d in SNTP M(link is before 4.2.7p366 does not properly perform external) type conversions from a precision value to a not CONFIR double, which allows remote attackers to cause yet M(link is linux -- linux_kernel a denial of service (infinite loop) via a crafted 2017- calcul external) NTP packet. 07-21 ated CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external)

CVE- 2015-5194 CONFIR M FEDORA FEDORA SUSE SUSE SUSE REDHAT( link is external) REDHAT( link is external) DEBIAN MLIST(lin k is external) BID(link is external) UBUNTU( link is external) CONFIR The log_config_command function in M(link is ntp_parser.y in ntpd in NTP before 4.2.7p42 not external) allows remote attackers to cause a denial of yet CONFIR linux -- linux_kernel service (ntpd crash) via crafted logconfig 2017- calcul M(link is commands. 07-21 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external)

CVE- 2015-5195 FEDORA FEDORA FEDORA REDHAT( link is external) REDHAT( link is external) DEBIAN MLIST(lin k is external) BID(link is external) UBUNTU( link is external) CONFIR M(link is external) ntp_openssl.m4 in ntpd in NTP before CONFIR 4.2.7p112 allows remote attackers to cause a M(link is denial of service (segmentation fault) via a not external) crafted statistics or filegen configuration yet CONFIR linux -- linux_kernel command that is not enabled during 2017- calcul M(link is compilation. 07-21 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external)

Buffer overflow in the CVE- mp_override_legacy_irq() function in not 2017- arch/x86/kernel/acpi/boot.c in the Linux kernel yet 11473 linux -- linux_kernel through 4.12.2 allows local users to gain 2017- calcul CONFIR privileges via a crafted ACPI table. 07-20 ated M

CVE- The ip6_find_1stfragopt function in 2017-7542 net/ipv6/output_core.c in the Linux kernel CONFIR through 4.12.3 allows local users to cause a not M denial of service (integer overflow and infinite yet CONFIR linux -- linux_kernel loop) by leveraging the ability to open a raw 2017- calcul M(link is socket. 07-21 ated external)

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE- CVE-2016-10277, where due to a vulnerability 2017- the adversary has partial control over the 1000363 command line) can overflow the parport_nr not BID(link array in the following code, by appending yet is external) linux -- linux many (>LP_NO) 'lp=none' arguments to the 2017- calcul MISC(link command line. 07-17 ated is external)

CVE- the web framework using ljharb's qs module 2017- older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is not 1000048 vulnerable to a DoS. A malicious user can yet CONFIR ljharb -- ljharb send a evil request to cause the web 2017- calcul M(link is framework crash. 07-17 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- not 2017- Mautic SSO/OAuth2 plugins are vulnerable to yet 1000045 mautic -- mautic CSRF of the state parameter resulting in 2017- calcul MISC(link authentication bypass through clickjacking 07-17 ated is external)

The try_read_command function in memcached.c in memcached before 1.4.39 CVE- allows remote attackers to cause a denial of 2017-9951 service (segmentation fault) via a request to MISC(link add/set a key, which makes a comparison is external) between signed and unsigned int and triggers a not MISC(link heap-based buffer over-read. NOTE: this yet is external) memcached -- memcached vulnerability exists because of an incomplete 2017- calcul MISC(link fix for CVE-2016-8705. 07-17 ated is external)

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated CVE- attacker to generate a PHP script with the not 2017- content of a malicious image, related to yet 11347 metinfo -- metinfo admin/include/common.inc.php and 2017- calcul MISC(link admin/app/physical/physical.php. 07-17 ated is external)

Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to not CVE- inject arbitrary web script or HTML via the yet 2017-9764 metinfo -- metinfo Client-IP or X-Forwarded-For HTTP header to 2017- calcul MISC(link /include/stat/stat.php in a para action. 07-19 ated is external)

A directory traversal vulnerability exists in CVE- MetInfo 5.3.17. A remote attacker can use ..\ not 2017- to delete any .zip file via the filenames yet 11500 metinfo -- metinfo parameter to 2017- calcul MISC(link /admin/system/database/filedown.php. 07-20 ated is external)

CVE- 2015-3931 MISC(link is external) MISC BID(link Microsec e-Szigno before 3.2.7.12 allows is external) remote attackers to perform XML signature not wrapping attacks via an e-akta signed yet MISC(link is external) microsec -- e-szigno document with a ds:Object node with a crafted 2017- calcul payload prepended to a valid ds:Object. 07-21 ated MISC(link is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info MISC(link is external)

A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who CVE- successfully exploited the vulnerability could not 2017-0028 gain the same user rights as the current user, yet CONFIR microsoft -- scripting_engine aka "Scripting Engine Memory Corruption 2017- calcul M(link is Vulnerability." 07-17 ated external)

CVE- Csrf.cs in NancyFX Nancy before 1.4.4 and not 2017-9785 2.x before 2.0-dangermouse has Remote Code yet CONFIR nancyfx_nancy -- nancyfx_nancy Execution via Deserialization of JSON data in 2017- calcul M(link is a CSRF Cookie. 07-20 ated external)

NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 CVE- allow attackers to obtain sensitive password not 2017-7947 information by leveraging logging of yet CONFIR netapp -- passwords entered non-interactively on the 2017- calcul M(link is clustered_data_ontap command line. 07-17 ated external) CVE- 2015-3932 MISC(link is external) MISC BID(link Netlock Mokka before 2.7.8.1204 allows is external) remote attackers to perform XML signature not MISC(link wrapping attacks via an e-akta signed yet is external) netlock -- mokka document with a ds:Object node with a crafted 2017- calcul MISC(link payload prepended to a valid ds:Object. 07-21 ated is external)

CVE- 2017- NixOS 17.03 and earlier has an unintended 11501 default absence of SSL Certificate Validation not CONFIR for LDAP. The users.ldap NixOS module M(link is yet nixos -- nixos implements user authentication against LDAP 2017- calcul external) servers via a PAM module. It was found that if CONFIR 07-20 ated TLS is enabled to connect to the LDAP server M(link is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info with users.ldap.useTLS, peer verification will external) be unconditionally disabled in /etc/ldap.conf. CONFIR M(link is external)

In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush CVE- permission to upload packages could upload a 2017- maliciously crafted NuGet package, potentially not 11348 overwriting other packages or modifying yet CONFIR octopus_deploy -- system files. This is a directory traversal in the 2017- calcul M(link is octopus_deploy PackageId value. 07-17 ated external) /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for CVE- the TLS certificate, which allows local users to not 2016-4984 obtain the TLS certificate by leveraging a race yet CONFIR openldap -- openldap condition between the creation of the 2017- calcul M(link is certificate, and the chmod to protect it. 07-17 ated external)

CVE- 2017- 11311 CONFIR M soundlib/Load_psm.cpp in OpenMPT through CONFIR 1.26.12.00 and libopenmpt before 0.2.8461- M beta26 has a heap buffer overflow with the not CONFIR potential for arbitrary code execution via a yet M openmpt -- openmpt crafted PSM File that triggers use of the same 2017- calcul CONFIR sample slot for two samples. 07-17 ated M

CVE- OrientDB through 2.2.22 does not enforce 2017- privilege requirements during "where" or not 11467 "fetchplan" or "order by" use, which allows yet MISC orientdb -- orientdb remote attackers to execute arbitrary OS 2017- calcul MISC(link commands via a crafted request. 07-19 ated is external)

Inadequate escaping lead to XSS vulnerability CVE- in the search module in ownCloud Server 2017-9338 before 8.2.12, 9.0.x before 9.0.10, 9.1.x before not BID(link 9.1.6, and 10.0.x before 10.0.2. To be yet is external) owncloud -- owncloud_server exploitable a user has to write or paste 2017- calcul CONFIR malicious content into the search dialogue. 07-17 ated M Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens not CVE- for public calendars. Thus granting an attacker yet 2017-9339 owncloud -- owncloud_server potentially access to publicly shared calendars 2017- calcul CONFIR without knowing the share token. 07-17 ated M

CVE- 2017-9340 not MISC(link An attacker is logged in as a normal user and yet is external) owncloud -- owncloud_server can somehow make admin to delete shared 2017- calcul CONFIR folders in ownCloud Server before 10.0.2. 07-17 ated M

CVE- 2017-8896 BID(link is external) ownCloud Server before 8.2.12, 9.0.x before not MISC(link 9.0.10, 9.1.x before 9.1.6, and 10.0.x before yet is external) owncloud -- owncloud_server 10.0.2 are vulnerable to XSS on error pages by 2017- calcul CONFIR injecting code in url parameters. 07-17 ated M

CVE- 2017-0378 CONFIR M(link is external) CONFIR M CONFIR not M XSS exists in the login_form function in yet CONFIR phamm -- phamm views/helpers.php in Phamm before 0.6.7, 2017- calcul M(link is exploitable via the PATH_INFO to main.php. 07-20 ated external)

PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code CVE- execution via a request to an unspecified ASP not 2017- script; alternatively, the attacker can leverage yet 11495 phicomm_k2 -- phicomm_k2 unauthenticated access to this script to trigger 2017- calcul MISC(link a reboot via an ifType=reboot action. 07-20 ated is external)

not CVE- 2017- PHPMailer 5.2.23 has XSS in the "From Email yet phpmailer -- phpmailer Address" and "To Email Address" fields of 2017- calcul 11503 BID(link code_generator.php. 07-20 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info MISC(link is external) MISC(link is external)

CVE- 2017- A weakness was discovered where an attacker not 1000016 can inject arbitrary values in to the browser yet CONFIR phpmyadmin -- phpmyadmin cookies. This is a re-issue of an incomplete fix 2017- calcul M(link is from PMASA-2016-18. 07-17 ated external)

phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request CVE- parameters, which allows remote authenticated 2015-3640 users with knowledge of a web-accessible and MLIST(lin web-writeable directory on the target system to k is inject and execute arbitrary PHP scripts by not external) phpmybackuppro -- injecting scripts via the path, filename, and yet SECTRAC phpmybackuppro dirs parameters to scheduled.php, and making 2017- calcul K(link is requests to injected scripts. 07-21 ated external)

CVE- 2015-3638 MLIST(lin phpMyBackupPro before 2.5 does not validate k is integer input, which allows remote external) authenticated users to execute arbitrary PHP MLIST(lin code by injecting scripts via the path, filename, k is and period parameters to scheduled.php, and not external) phpmybackuppro -- making requests to injected scripts, or by yet SECTRAC phpmybackuppro injecting PHP into a PHP configuration 2017- calcul K(link is variable via a PHP variable variable. 07-21 ated external)

CVE- 2015-3639 MLIST(lin k is external) MLIST(lin phpMyBackupPro 2.5 and earlier does not k is properly sanitize input strings, which allows not external) phpmybackuppro -- remote authenticated users to execute arbitrary yet SECTRAC phpmybackuppro PHP code by storing a crafted string in a user 2017- calcul K(link is configuration file. 07-21 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017- 10801 not MISC(link phpSocial (formerly phpDolphin) before 3.0.1 yet is external) phpsocial -- phpsocial has XSS in the PATH_INFO to the search/tag/ 2017- calcul MISC(link URI. 07-19 ated is external)

CVE- 2017- not 1000006 yet CONFIR plotly -- plotly Plotly, Inc. plotly.js versions prior to 1.16.0 2017- calcul M(link is are vulnerable to an XSS issue. 07-17 ated external)

CVE- not 2017- tcpdump 4.9.0 has a heap-based buffer over- yet 11541 print-lldp.c -- print-lldp.c read in the lldp_print function in print-lldp.c, 2017- calcul MISC(link related to util-print.c. 07-22 ated is external)

CVE- not 2017- tcpdump 4.9.0 has a heap-based buffer over- yet 11542 print-pim.c -- print-pim.c read in the pimv1_print function in print- 2017- calcul MISC(link pim.c. 07-22 ated is external)

CVE- not 2017- yet 11543 print-sl.c -- print-sl.c tcpdump 4.9.0 has a buffer overflow in the 2017- calcul MISC(link sliplink_print function in print-sl.c. 07-22 ated is external)

CVE- not 2017- print-sl.c:229:3 -- print- tcpdump 4.9.0 has a Segmentation Violation in yet 11544 sl.c:229:3 the compressed_sl_print function in print- 2017- calcul MISC(link sl.c:229:3. 07-22 ated is external)

CVE- not 2017- print-sl.c:253:34 -- print- tcpdump 4.9.0 has a Segmentation Violation in yet 11545 sl.c:253:34 the compressed_sl_print function in print- 2017- calcul MISC(link sl.c:253:34. 07-22 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017- not 10961 REDCap before 7.5.1 has CSRF in the deletion yet MISC redcap -- redcap feature of the File Repository and File Upload 2017- calcul MISC(link components. 07-18 ated is external)

CVE- 2017- not 10962 yet MISC redcap -- redcap REDCap before 7.5.1 has XSS via the query 2017- calcul MISC(link string. 07-18 ated is external)

CVE- 2015-3198 CONFIR M(link is external) The Undertow module of WildFly 9.x before MISC 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 not CONFIR allows remote attackers to obtain the source yet M redhat -- wildfly code of a JSP page via a "/" at the end of a 2017- calcul MISC(link URL. 07-21 ated is external)

The SdpContents::Session::Medium::parse CVE- function in resip/stack/SdpContents.cxx in 2017- reSIProcate 1.10.2 allows remote attackers to not 11521 cause a denial of service (memory yet CONFIR resiprocate -- resiprocate consumption) by triggering many media 2017- calcul M(link is connections. 07-22 ated external)

rkhunter versions before 1.4.4 are vulnerable not to file download over insecure channel when yet CVE- doing mirror update resulting into potential 2017- calcul 2017-7480 rkhunter -- rkhunter remote code execution. 07-21 ated MLIST The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a CVE- crafted Ruby script, related to the not 2017- parser_tokadd_utf8 function in parse.y. yet 11465 ruby -- ruby NOTE: this might have security relevance as a 2017- calcul MISC bypass of a $SAFE protection mechanism. 07-19 ated MISC Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified CVE- by files in $PWD resulting in code execution not 2017- RVM automatically does "bundle install" on a yet 1000037 rvm -- rvm Gemfile specified by .versions.conf in $PWD 2017- calcul MISC(link resulting in code execution 07-17 ated is external)

The shoco_decompress function in the API in CVE- shoco through 2017-07-17 allows remote not 2017- attackers to cause a denial of service (buffer yet 11367 shoco -- shoco over-read and application crash) via 2017- calcul MISC(link malformed compressed data. 07-17 ated is external)

Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to a information not CVE- disclosure in the web publishing plugins yet 2017- shotwell -- shotwell resulting in potential password and oauth 2017- calcul 1000024 token plaintext transmission 07-17 ated MLIST

CVE- 2017-2276 not MISC(link Buffer overflow in WG-C10 v3.0.79 and yet is external) sony -- wg-c10 earlier allows an attacker to execute arbitrary 2017- calcul JVN(link commands via unspecified vectors. 07-21 ated is external)

CVE- 2017-2275 not MISC(link WG-C10 v3.0.79 and earlier allows an attacker yet is external) sony -- wg-c10 to execute arbitrary OS commands via 2017- calcul JVN(link unspecified vectors. 07-21 ated is external)

CVE- WG-C10 v3.0.79 and earlier allows an attacker 2017-2277 to bypass access restrictions to obtain or alter not MISC(link information stored in the external storage yet is external) sony -- wg-c10 connected to the product via unspecified 2017- calcul JVN(link vectors. 07-21 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017-7506 MLIST(lin k is external) spice versions though 0.13 are vulnerable to BID(link out-of-bounds memory access when not is external) processing specially crafted messages from yet CONFIR spice -- spice authenticated attacker to the spice server 2017- calcul M(link is resulting into crash and/or server memory leak. 07-18 ated external)

Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote CVE- attackers with knowledge of the target not 2017-9415 username to hijack the authentication of users yet EXPLOIT- subsonic -- subsonic for requests that change passwords via a 2017- calcul DB(link is crafted request to userSettings.view. 07-21 ated external)

CVE- Technicolor DPC3928AD DOCSIS devices not 2017- allow remote attackers to read arbitrary files yet 11502 technicolor -- dpc3928ad_docsis via a request starting with "GET /../" on TCP 2017- calcul MISC(link port 4321. 07-20 ated is external)

CVE- 2017-6530 Televes COAXDATA GATEWAY 1Gbps not MISC(link devices doc-wifi-hgw_v1.02.0014 4.20 do not yet is external) check password.shtml authorization, leading to 2017- calcul MISC(link televes -- coaxdata_gateway Arbitrary password change. 07-20 ated is external) CVE- 2017-6531 On Televes COAXDATA GATEWAY 1Gbps not MISC(link devices doc-wifi-hgw_v1.02.0014 4.20, the yet is external) backup/restore feature lacks access control, 2017- calcul MISC(link televes -- coaxdata_gateway related to ReadFile.cgi and LoadCfgFile. 07-20 ated is external)

CVE- 2017-6532 not MISC(link Televes COAXDATA GATEWAY 1Gbps yet is external) televes -- coaxdata_gateway devices doc-wifi-hgw_v1.02.0014 4.20 have 2017- calcul MISC(link cleartext credentials in /mib.db. 07-20 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info TestTrack Server versions 1.0 and earlier are CVE- vulnerable to an authentication flaw in the split not 2017- testtrack_server -- disablement feature resulting in the ability to yet 1000068 testtrack_server disable arbitrary running splits and cause 2017- calcul MISC(link denial of service to clients in the field. 07-17 ated is external)

CVE- 2017- passwd_recovery.lua on the TP-Link Archer 11519 C9(UN)_V2_160517 allows an attacker to not MISC(link reset the admin password by leveraging a yet is external) tp-link_archer -- tp-link_archer predictable random number generator seed. 2017- calcul MISC(link This is fixed in C9(UN)_V2_170511. 07-21 ated is external)

CVE- 2017- txAWS (all current versions) fail to perform not 1000007 complete certificate verification resulting in yet CONFIR txaws -- txaws vulnerability to MitM attacks and information 2017- calcul M(link is disclosure. 07-17 ated external)

The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the CVE- "eshopcart" HTTP cookie, which allows 2015-3421 remote attackers to perform cross-site scripting not BID(link (XSS) attacks, or a path disclosure attack via yet is external) wordpress -- wordpress crafted variables named after target PHP 2017- calcul MISC(link variables. 07-21 ated is external)

CVE- 2017- xmlsec 1.2.23 and before is vulnerable to not 1000061 XML External Entity Expansion when parsing yet CONFIR crafted input documents, resulting in possible 2017- calcul M(link is xmlsec -- xmlsec information disclosure or denial of service 07-17 ated external) CVE- 2017- 11353 yadm (yet another dotfile manager) 1.10.0 has CONFIR a race condition (related to the behavior of git not M commands in setting permissions for new files yet CONFIR and directories), which potentially allows 2017- calcul M(link is yadm -- yadm access to SSH and PGP keys. 07-17 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017- Heap buffer overflow in the not 11328 yr_object_array_set_item() function in object.c yet CONFIR yara -- yara in YARA 3.x allows a denial-of-service attack 2017- calcul M(link is by scanning a crafted .NET file. 07-17 ated external)

CVE- 2017- 11516 CONFIR An XSS vulnerability exists in M(link is framework/views/errorHandler/exception.php not external) in Yii Framework 2.0.12 affecting the yet CONFIR yii-framework -- yii-framework exception screen when debug mode is enabled, 2017- calcul M(link is because $exception->errorInfo is mishandled. 07-21 ated external)

CVE- 2017- zoho_manageengine_desktop Zoho ManageEngine Desktop Central before not 11346 _central -- build 100092 allows remote attackers to yet CONFIR zoho_manageengine_desktop execute arbitrary code via vectors involving 2017- calcul M(link is _central the upload of help desk videos. 07-17 ated external)