Vulnerability Summary for the Week of June 5, 2017
Please Note:
• The vulnerabilities are categorized by their level of severity which is either High, Medium or
Low.
• The CVE identity number is the publicly known ID given to that particular vulnerability.
Therefore, you can search the status of that particular vulnerability using that ID.
• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability.
High Vulnerabilities Primary CVSS Source & Patch Vendor -- Product Description Published Score Info In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with CVE-2017-7669 insufficient input validation. When the docker BID(link is feature is enabled, authenticated users can run 2017-06- external)
apache -- hadoop commands as root. 04 8.5 MLIST
CVE-2017-9364 Unrestricted File Upload exists in BigTree CONFIRM(link CMS through 4.2.18: if an attacker uploads an is external) bigtreecms -- 'xxx.pht' or 'xxx.phtml' file, they could bypass 2017-06- CONFIRM(link
bigtree_cms a safety check and execute any code. 02 7.5 is external)
CVE-2017-9435 Dolibarr ERP/CRM before 5.0.3 is vulnerable CONFIRM(link to a SQL injection in user/index.php is external) (search_supervisor and search_statut 2017-06- CONFIRM(link
dolibarr -- dolibarr parameters). 05 7.5 is external)
CVE-2014-9923 In NAS in all Android releases from CAF BID(link is using the Linux kernel, a Buffer Copy external) without Checking Size of Input vulnerability 2017-06- CONFIRM(link
google -- android could potentially exist. 06 9.3 is external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2014-9924 BID(link is In 1x in all Android releases from CAF using external) the Linux kernel, a Signed to Unsigned 2017-06- CONFIRM(link
google -- android Conversion Error could potentially occur. 06 9.3 is external)
CVE-2014-9925 In HDR in all Android releases from CAF BID(link is using the Linux kernel, a Buffer Copy external) without Checking Size of Input vulnerability 2017-06- CONFIRM(link
google -- android could potentially exist. 06 9.3 is external)
CVE-2014-9926 BID(link is In GNSS in all Android releases from CAF external) using the Linux kernel, a Use After Free 2017-06- CONFIRM(link
google -- android vulnerability could potentially exist. 06 9.3 is external)
In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy CVE-2014-9927 without Checking Size of Input vulnerability 2017-06- CONFIRM(link
google -- android could potentially exist. 06 9.3 is external)
CVE-2014-9928 In GERAN in all Android releases from CAF BID(link is using the Linux kernel, a Buffer Copy external) without Checking Size of Input vulnerability 2017-06- CONFIRM(link
google -- android could potentially exist. 06 9.3 is external)
CVE-2014-9929 In WCDMA in all Android releases from BID(link is CAF using the Linux kernel, a Use of Out-of- external) range Pointer Offset vulnerability could 2017-06- CONFIRM(link
google -- android potentially exist. 06 9.3 is external)
CVE-2014-9930 BID(link is In WCDMA in all Android releases from external) CAF using the Linux kernel, a Use After Free 2017-06- CONFIRM(link
google -- android vulnerability could potentially exist. 06 9.3 is external)
CVE-2014-9941 In the Embedded File System in all Android BID(link is releases from CAF using the Linux kernel, a external) Time-of-Check Time-of-Use Race Condition 2017-06- CONFIRM(link
google -- android vulnerability could potentially exist. 06 7.6 is external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2014-9942 BID(link is In Boot in all Android releases from CAF external) using the Linux kernel, a Use of Uninitialized 2017-06- CONFIRM(link
google -- android Variable vulnerability could potentially exist. 06 9.3 is external)
CVE-2014-9943 In Core Kernel in all Android releases from BID(link is CAF using the Linux kernel, a Null Pointer external) Dereference vulnerability could potentially 2017-06- CONFIRM(link
google -- android exist. 06 9.3 is external)
CVE-2014-9944 In the Secure File System in all Android BID(link is releases from CAF using the Linux kernel, an external) Integer Overflow to Buffer Overflow 2017-06- CONFIRM(link
google -- android vulnerability could potentially exist. 06 9.3 is external)
CVE-2014-9945 In TrustZone in all Android releases from BID(link is CAF using the Linux kernel, an Improper external) Authorization vulnerability could potentially 2017-06- CONFIRM(link
google -- android exist. 06 9.3 is external)
CVE-2014-9946 BID(link is In Core Kernel in all Android releases from external) CAF using the Linux kernel, a Use After Free 2017-06- CONFIRM(link
google -- android vulnerability could potentially exist. 06 9.3 is external)
CVE-2014-9948 In TrustZone in all Android releases from BID(link is CAF using the Linux kernel, an Improper external) Validation of Array Index vulnerability could 2017-06- CONFIRM(link
google -- android potentially exist. 06 9.3 is external)
CVE-2014-9949 In TrustZone in all Android releases from BID(link is CAF using the Linux kernel, an Untrusted external) Pointer Dereference vulnerability could 2017-06- CONFIRM(link
google -- android potentially exist. 06 9.3 is external)
In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper CVE-2014-9950 Authorization vulnerability could potentially 2017-06- BID(link is google -- android exist. 06 9.3 external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CONFIRM(link is external)
CVE-2014-9952 In the Secure File System in all Android BID(link is releases from CAF using the Linux kernel, a external) capture-replay vulnerability could potentially 2017-06- CONFIRM(link
google -- android exist. 06 9.3 is external)
CVE-2015-9005 In TrustZone in all Android releases from BID(link is CAF using the Linux kernel, an Integer external) Overflow to Buffer Overflow vulnerability 2017-06- CONFIRM(link
google -- android could potentially exist. 06 9.3 is external)
CVE-2015-9006 In Resource Power Manager (RPM) in all BID(link is Android releases from CAF using the Linux external) kernel, an Improper Access Control 2017-06- CONFIRM(link
google -- android vulnerability could potentially exist. 06 9.3 is external)
CVE-2015-9007 BID(link is In TrustZone in all Android releases from external) CAF using the Linux kernel, a Double Free 2017-06- CONFIRM(link
google -- android vulnerability could potentially exist. 06 9.3 is external)
CVE-2016- 10297 In TrustZone in all Android releases from BID(link is CAF using the Linux kernel, a Time-of- external) Check Time-of-Use Race Condition 2017-06- CONFIRM(link
google -- android vulnerability could potentially exist. 06 9.3 is external)
In Lenovo Service Bridge before version 4, a CVE-2016-8228 lenovo -- user with local privileges on a system could 2017-06- CONFIRM(link
lenovo_service_bridge execute code with administrative privileges. 04 7.2 is external)
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch CVE-2017-9462 the Python debugger, and consequently CONFIRM execute arbitrary code, by using --debugger as 2017-06- CONFIRM
mercurial -- mercurial a repository name. 06 9.0 CONFIRM
CVE-2017-9363 2017-06- CONFIRM(link Untrusted Java serialization in Soffid IAM soffid -- iam 02 7.5 is external) console before 1.7.5 allows remote attackers Primary CVSS Source & Patch Vendor -- Product Description Published Score Info to achieve arbitrary remote code execution via a crafted authentication request.
Todd Miller's sudo version 1.8.20p1 and CVE-2017- earlier is vulnerable to an input validation 1000368 (embedded newlines) in the BID(link is get_process_ttyname() function resulting in external) information disclosure and command 2017-06- CONFIRM(link
todd_miller -- sudo execution. 05 7.2 is external)
CVE-2017-9360 websitebaker -- WebsiteBaker v2.10.0 has a SQL injection 2017-06- MISC(link is
websitebaker vulnerability in /account/details.php. 02 7.5 external)
CVE-2017-9345 BID(link is In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to external) 2.0.12, the DNS dissector could go into an MISC infinite loop. This was addressed in MISC epan/dissectors/packet-dns.c by trying to 2017-06- MISC
wireshark -- wireshark detect self-referencing pointers. 02 7.8 MISC
CVE-2017-9346 BID(link is In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to external) 2.0.12, the SoulSeek dissector could go into MISC an infinite loop. This was addressed in MISC epan/dissectors/packet-slsk.c by making loop 2017-06- MISC
wireshark -- wireshark bounds more explicit. 02 7.8 MISC
CVE-2017-9349 BID(link is In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to external) 2.0.12, the DICOM dissector has an infinite MISC loop. This was addressed in MISC epan/dissectors/packet-dcm.c by validating a 2017-06- MISC
wireshark -- wireshark length value. 02 7.8 MISC
CVE-2017-9350 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to BID(link is 2.0.12, the openSAFETY dissector could external) crash or exhaust system memory. This was MISC addressed in epan/dissectors/packet- MISC opensafety.c by checking for a negative 2017-06- MISC
wireshark -- wireshark length. 02 7.8 MISC Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2017-9352 In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to BID(link is 2.0.12, the Bazaar dissector could go into an external) infinite loop. This was addressed in MISC epan/dissectors/packet-bzr.c by ensuring that 2017-06- MISC
wireshark -- wireshark backwards parsing cannot occur. 02 7.8 MISC
Medium Vulnerabilities CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before CVE-2017- 14.4.1 and Certified Asterisk 13.13 before 13.13- 9358 cert4, which can be triggered by sending specially CONFIRM crafted SCCP packets causing a infinite loop and BID(link is asterisk -- leading to memory exhaustion (by message logging in 2017-06- external)
certified_asterisk that loop). 02 5.0 CONFIRM
CVE-2017- 9365 CSRF exists in BigTree CMS through 4.2.18 with the CONFIRM(lin force parameter to /admin/pages/revisions.php - for k is external) bigtreecms -- example: /admin/pages/revisions/1/?force=false. A 2017-06- CONFIRM(lin
bigtree_cms page with id=1 can be unlocked. 02 6.8 k is external)
BigTree CMS through 4.2.18 does not prevent a user CVE-2017- from deleting their own account. This could have 9378 security relevance because deletion was supposed to MISC(link is be an admin-only action, and the admin may have external) bigtreecms -- other tasks (such as data backups) to complete before 2017-06- MISC(link is
bigtree_cms a user is deleted. 02 4.0 external)
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals- CVE-2017- statistics\404\clear.php and the from or to parameter 9379 bigtreecms -- to core\admin\modules\dashboard\vitals- 2017-06- MISC(link is
bigtree_cms statistics\404\create-301.php. 02 6.8 external)
SQL injection vulnerability in BigTree CMS through bigtreecms -- 2017-06- 4.2.18 allows remote authenticated users to execute CVE-2017- bigtree_cms 04 6.5 arbitrary SQL commands via 9427 CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info core\admin\modules\developer\modules\designer\for MISC(link is m-create.php. The attacker creates a crafted table external) name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals- statistics/integrity/check/?external=true.
A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file- CVE-2017- browser.php in BigTree CMS through 4.2.18 on 9428 bigtreecms -- Windows, allowing attackers to read arbitrary files via 2017-06- MISC(link is
bigtree_cms ..\ sequences in the directory parameter. 04 5.0 external)
** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unp ack.php and core\admin\modules\developer\packages\install\unpac CVE-2017- k.php. NOTE: the vendor states "You must implicitly 9442 bigtreecms -- trust any package or extension you install as they all 2017-06- MISC(link is
bigtree_cms have the ability to write PHP files." 05 6.5 external)
** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\proc ess.php and core\admin\modules\developer\packages\install\proce CVE-2017- ss.php. NOTE: the vendor states "You must implicitly 9443 bigtreecms -- trust any package or extension you install as they all 2017-06- MISC(link is
bigtree_cms have the ability to write PHP files." 05 6.5 external)
CVE-2017- 9434 CONFIRM(lin Crypto++ (aka cryptopp) through 5.6.5 contains an k is external) cryptopp -- out-of-bounds read vulnerability in zinflate.cpp in the 2017-06- CONFIRM(lin crypto++ Inflator filter. 05 5.0 k is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info CONFIRM(lin k is external)
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which CVE-2017- freedesktop -- allows attackers to cause a denial of service via a 2017-06- 9406
poppler crafted file. 02 4.3 CONFIRM
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, CVE-2017- freedesktop -- which allows attackers to cause a denial of service via 2017-06- 9408
poppler a crafted file. 02 4.3 CONFIRM
CVE-2014- 9947 BID(link is In TrustZone in all Android releases from CAF using external) the Linux kernel, an Information Exposure 2017-06- CONFIRM(lin
google -- android vulnerability could potentially exist. 06 4.3 k is external)
CVE-2014- 9951 In TrustZone in all Android releases from CAF using BID(link is the Linux kernel, an Information Exposure Through external) Timing Discrepancy vulnerability could potentially 2017-06- CONFIRM(lin
google -- android exist. 06 4.3 k is external)
CVE-2015- The stock Android browser address bar in all Android 3830 operating systems suffers from Address Bar Spoofing, MISC(link is which allows remote attackers to trick a victim by external) displaying a malicious page for legitimate domain 2017-06- MISC(link is
google -- android names. 06 4.3 external)
CVE-2017- In ImageMagick 7.0.5-5, the ReadICONImage 9405 imagemagick -- function in icon.c:452 allows attackers to cause a 2017-06- CONFIRM(lin
imagemagick denial of service (memory leak) via a crafted file. 02 4.3 k is external)
CVE-2017- In ImageMagick 7.0.5-5, the ReadPALMImage 9407 imagemagick -- function in palm.c allows attackers to cause a denial 2017-06- CONFIRM(lin
imagemagick of service (memory leak) via a crafted file. 02 4.3 k is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info CVE-2017- In ImageMagick 7.0.5-5, the ReadMPCImage 9409 imagemagick -- function in mpc.c allows attackers to cause a denial of 2017-06- CONFIRM(lin
imagemagick service (memory leak) via a crafted file. 02 4.3 k is external)
CVE-2017- 9439 In ImageMagick 7.0.5-5, a memory leak was found in BID(link is the function ReadPDBImage in coders/pdb.c, which external) imagemagick -- allows attackers to cause a denial of service via a 2017-06- CONFIRM(lin
imagemagick crafted file. 05 4.3 k is external)
CVE-2017- 9440 In ImageMagick 7.0.5-5, a memory leak was found in BID(link is the function ReadPSDChannel in coders/psd.c, which external) imagemagick -- allows attackers to cause a denial of service via a 2017-06- CONFIRM(lin
imagemagick crafted file. 05 4.3 k is external)
CVE-2012- 6705 MISC(link is external) jamroom -- Cross Site Scripting (XSS) exists in Jamroom before 2017-06- BID(link is
jamroom 4.2.7 via the Status Update field. 04 4.3 external)
A cross-site request forgery vulnerability in Lenovo CVE-2016- lenovo -- Service Bridge before version 4 could be exploited by 8229 lenovo_service_bri an attacker with access to the DHCP server used by 2017-06- CONFIRM(lin
dge the system where LSB is installed. 04 6.8 k is external)
In Lenovo Service Bridge before version 4, an CVE-2016- lenovo -- insecure HTTP connection is used by LSB to send 8230 lenovo_service_bri system serial number, machine type and model and 2017-06- CONFIRM(lin
dge product name to Lenovo's servers. 04 5.0 k is external)
In Lenovo Service Bridge before version 4, a bug CVE-2016- lenovo -- found in the signature verification logic of the code 8231 lenovo_service_bri signing certificate could be exploited by an attacker to 2017-06- CONFIRM(lin
dge insert a forged code signing certificate. 04 5.0 k is external)
CVE-2017- 2017-06- 9403 In LibTIFF 4.0.7, a memory leak vulnerability was libtiff -- libtiff 02 4.3 CONFIRM found in the function TIFFReadDirEntryLong8Array CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in CVE-2017- tif_ojpeg.c, which allows attackers to cause a denial 2017-06- 9404
libtiff -- libtiff of service via a crafted file. 02 4.3 CONFIRM
Directory traversal vulnerability in tools.file_open in CVE-2017- Odoo 8.0, 9.0, and 10.0 allows remote authenticated 9416 users to read arbitrary local files readable by the Odoo 2017-06- CONFIRM(lin
odoo -- odoo service. 04 4.0 k is external)
OpenEMR 5.0.0 and prior allows low-privilege users CVE-2017- to upload files of dangerous types which can result in 9380 open-emr -- arbitrary code execution within the context of the 2017-06- MISC(link is
openemr vulnerable application. 02 6.5 external)
CVE-2017- 1000367 SUSE SUSE SUSE MISC(link is external) FULLDISC DEBIAN MLIST(link is external) BID(link is external) SECTRACK(li nk is external) UBUNTU(link is external) REDHAT(link is external) Todd Miller's sudo version 1.8.20 and earlier is FEDORA vulnerable to an input validation (embedded spaces) GENTOO in the get_process_ttyname() function resulting in 2017-06- CONFIRM(lin
todd_miller -- sudo information disclosure and command execution. 05 6.9 k is external) CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info libyara/re.c in the regexp module in YARA 3.5.0 CVE-2017- allows remote attackers to cause a denial of service 9438 (stack consumption) via a crafted rule (involving hex CONFIRM(lin strings) that is mishandled in the _yr_re_emit k is external) function, a different vulnerability than CVE-2017- 2017-06- CONFIRM(lin
virustotal -- yara 9304. 05 5.0 k is external)
CVE-2017- 9361 websitebaker -- WebsiteBaker v2.10.0 has a stored XSS vulnerability 2017-06- MISC(link is
websitebaker in /account/details.php. 02 4.3 external)
CVE-2017- 9343 BID(link is external) In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MISC MSNIP dissector misuses a NULL pointer. This was MISC wireshark -- addressed in epan/dissectors/packet-msnip.c by 2017-06- MISC
wireshark validating an IPv4 address. 02 5.0 MISC
CVE-2017- 9344 BID(link is external) In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MISC Bluetooth L2CAP dissector could divide by zero. This MISC wireshark -- was addressed in epan/dissectors/packet-btl2cap.c by 2017-06- MISC
wireshark validating an interval value. 02 5.0 MISC
CVE-2017- 9347 BID(link is external) In Wireshark 2.2.0 to 2.2.6, the ROS dissector could MISC crash with a NULL pointer dereference. This was MISC wireshark -- addressed in epan/dissectors/asn1/ros/packet-ros- 2017-06- MISC
wireshark template.c by validating an OID. 02 5.0 MISC
CVE-2017- In Wireshark 2.2.0 to 2.2.6, the DOF dissector could 9348 read past the end of a buffer. This was addressed in BID(link is wireshark -- epan/dissectors/packet-dof.c by validating a size 2017-06- external) wireshark value. 02 5.0 MISC CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info MISC MISC MISC
CVE-2017- 9351 BID(link is external) MISC In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MISC DHCP dissector could read past the end of a buffer. MISC This was addressed in epan/dissectors/packet-bootp.c MISC wireshark -- by extracting the Vendor Class Identifier more 2017-06- MISC
wireshark carefully. 02 5.0 MISC
CVE-2017- 9353 BID(link is external) MISC In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could MISC wireshark -- crash. This was addressed in epan/dissectors/packet- 2017-06- MISC
wireshark ipv6.c by validating an IPv6 address. 02 5.0 MISC
CVE-2017- 9354 BID(link is external) In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MISC RGMP dissector could crash. This was addressed in MISC wireshark -- epan/dissectors/packet-rgmp.c by validating an IPv4 2017-06- MISC
wireshark address. 02 5.0 MISC
In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service CVE-2017- ytnef_project -- (NULL pointer dereference and application crash) via 2017-06- 9470
ytnef a crafted file. 07 4.3 MISC
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service CVE-2017- ytnef_project -- (heap-based buffer over-read and application crash) 2017-06- 9471
ytnef via a crafted file. 07 4.3 MISC CVS S Primary Publishe Scor Source & Vendor -- Product Description d e Patch Info In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service CVE-2017- ytnef_project -- (heap-based buffer over-read and application crash) 2017-06- 9472
ytnef via a crafted file. 07 4.3 MISC
In ytnef 1.9.2, the TNEFFillMapi function in CVE-2017- ytnef_project -- lib/ytnef.c allows remote attackers to cause a denial of 2017-06- 9473
ytnef service (memory consumption) via a crafted file. 07 4.3 MISC
In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of CVE-2017- ytnef_project -- service (heap-based buffer over-read and application 2017-06- 9474
ytnef crash) via a crafted file. 07 4.3 MISC
Low Vulnerabilities Primary Vendor -- CVSS Source & Patch Product Description Published Score Info Cross-site scripting (XSS) vulnerability in admin.php in CVE-2017-9452 piwigo -- Piwigo 2.9.0 and earlier allows remote attackers to inject 2017-06- MISC(link is
piwigo arbitrary web script or HTML via the page parameter. 06 3.5 external)
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site CVE-2017-9366 Scripting (XSS) vulnerability in CONFIRM(link modules/Base/Dashboard/Dashboard_0.php, which allows is external) telaxus -- remote attackers to inject arbitrary web script or HTML via 2017-06- CONFIRM(link
epesi a crafted tab_name parameter. 02 3.5 is external)
Severity Not Yet Assigned Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- Untrusted search path vulnerability in 2017-2178 acquisition_technology_&_logistics_a Installer of electronic tendering and bid JVN(link gency - opening system available prior to May not is external) - installer_of_electronic_tendering_an 25, 2017 allows an attacker to gain yet CONFIR d_bid_opening_system privileges via a Trojan horse DLL in an 2017- calcul M(link is unspecified directory. 06-09 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2015-2692 CONFIR AdBlock before 2.21 allows remote not M(link is attackers to block arbitrary resources on yet external) adblock -- adblock arbitrary websites and to disable 2017- calcul MISC(link arbitrary blocking filters. 06-08 ated is external)
CVE- 2015-7724 MISC(link is external) FULLDIS C BUGTRA Q(link is AMD fglrx-driver before 15.9 allows external) local users to gain privileges via a not BID(link is symlink attack. NOTE: This yet external) vulnerability exists due to an incomplete 2017- calcul MISC(link amd -- fglrx-driver fix for CVE-2015-7723. 06-07 ated is external)
CVE- 2015-7723 MISC(link is external) FULLDIS C BUGTRA Q(link is external) not BID(link is AMD fglrx-driver before 15.7 allows yet external) local users to gain privileges via a 2017- calcul MISC(link amd -- fglrx-driver symlink attack. 06-07 ated is external)
CVE- 2016-5004 MLIST(lin The Content-Encoding HTTP header k is feature in ws-xmlrpc 3.1.3 as used in external) Apache Archiva allows remote attackers not BID(link is to cause a denial of service (resource yet external) consumption) by decompressing a large 2017- calcul SECTRAC file containing zeroes. 06-06 ated apache -- archiva K(link is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info external) MISC(link is external) MISC(link is external)
CVE- 2015-5175 MLIST(lin k is external) BID(link is external) CONFIR Application plugins in Apache CXF not M Fediz before 1.1.3 and 1.2.x before 1.2.1 yet CONFIR allow remote attackers to cause a denial 2017- calcul M apache -- cxf_fediz of service. 06-07 ated MLIST
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of CVE- the custom error page. Notes for other not 2017-5664 user provided error pages: (1) Unless yet BID(link is explicitly coded otherwise, JSPs ignore apache -- java_servlet_specification 2017- calcul external) the the HTTP method. JSPs used as 06-06 ated MLIST error pages must must ensure that they Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.
Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to not CVE- execute arbitrary code via a specially yet 2017-2214 appcheck -- appcheck crafted executable file in an unspecified 2017- calcul JVN(link directory. 06-09 ated is external)
Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 not CVE- and earlier (Mac App Store) may allow a yet 2016-7831 apple -- mac_sleipnir_4 remote attacker to spoof the URL 2017- calcul JVN(link display via a specially crafted webpage. 06-09 ated is external)
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection CVE- mechanism. This issue occurs because not 2017-7563 of inconsistency in the number of yet CONFIR arm -- arm_trusted_firmware execute-never bits (one bit versus two 2017- calcul M(link is bits). 06-07 ated external)
In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug CVE- interface allows normal world attackers not 2017-7564 to cause a denial of service (secure yet CONFIR arm -- arm_trusted_firmware world panic) via vectors involving 2017- calcul M(link is debug exceptions and debug registers. 06-07 ated external)
CVE- not 2016-2034 SQL injection vulnerability in ClearPass yet CONFIR arubanetworks -- Policy Manager 6.5.x through 6.5.6 and 2017- calcul M(link is clearpass_policy_manager 6.6.0. 06-08 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before CVE- 14.4.1, Certified Asterisk 13.13 before 2017-9372 13.13-cert4, and other products, allows CONFIR remote attackers to cause a denial of M service (buffer overflow and application not BID(link is crash) via a SIP packet with a crafted yet external) asterisk -- asterisk CSeq header in conjunction with a Via 2017- calcul CONFIR header that lacks a branch parameter. 06-02 ated M
CVE- 2017-9359 The multi-part body parser in PJSIP, as CONFIR used in Asterisk Open Source 13.x M before 13.15.1 and 14.x before 14.4.1, BID(link is Certified Asterisk 13.13 before 13.13- external) cert4, and other products, allows remote not CONFIR attackers to cause a denial of service yet M asterisk -- asterisk (out-of-bounds read and application 2017- calcul CONFIR crash) via a crafted packet. 06-02 ated M
CVE- not 2017-9517 atmail before 7.8.0.2 has CSRF, yet CONFIR atmail -- atmail allowing an attacker to upload and 2017- calcul M(link is import users via CSV. 06-08 ated external)
CVE- not 2017-9519 atmail before 7.8.0.2 has CSRF, yet CONFIR atmail -- atmail allowing an attacker to create a user 2017- calcul M(link is account. 06-08 ated external)
CVE- not 2017-9518 atmail before 7.8.0.2 has CSRF, yet CONFIR atmail -- atmail allowing an attacker to change the 2017- calcul M(link is SMTP hostname and hijack all emails. 06-08 ated external)
BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update not CVE- .php script (modify user information), yet 2017-9444 the bigtree -- bigtree_cms 2017- calcul MISC(link index.php/admin/developer/packages/del 06-05 ated is external) ete/ URI (remove packages), the Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info index.php/admin/developer/upgrade/ign ore/?versions= URI, and the index.php/admin/developer/upgrade/set- ftp-directory/ URI.
** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. This issue exists in core\admin\modules\developer\extensio ns\install\unpack.php and core\admin\modules\developer\packages \install\unpack.php. NOTE: the vendor not CVE- states "You must implicitly trust any yet 2017-9441 bigtree -- bigtree_cms package or extension you install as they 2017- calcul MISC(link all have the ability to write PHP files." 06-05 ated is external)
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/ views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at not CVE- admin/ajax/auto- yet 2017-9449 bigtree -- bigtree_cms modules/views/searchable-page/ or 2017- calcul MISC(link admin/modules_name. 06-06 ated is external)
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue not CVE- exists in core\admin\ajax\pages\save- yet 2017-9448 revision.php and bigtree -- bigtree_cms 2017- calcul MISC(link core\admin\modules\pages\revisions.php 06-06 ated is external) . Low-privileged (administrator) users Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info can attack high-privileged (Developer) users.
Blue Coat Advanced Secure Gateway CVE- blue_coat -- 6.6, CacheFlow 3.4, ProxySG 6.5 and not 2016-6594 advanced_secure_gateway 6.6 allows remote attackers to bypass yet CONFIR blocked requests, user authentication, 2017- calcul M(link is and payload scanning. 06-08 ated external)
CVE- 2016-7837 Buffer overflow in BlueZ 5.41 and not CONFIR bluez -- bluez earlier allows an attacker to execute yet M arbitrary code via the parse_line 2017- calcul JVN(link function used in some userland utilities. 06-09 ated is external)
Broadcom BCM43xx Wi-Fi chips allow not CVE- remote attackers to execute arbitrary yet 2017-9417 broadcom -- wi-fi_chip code via unspecified vectors, aka the 2017- calcul MISC(link "Broadpwn" issue. 06-04 ated is external)
CVE- 2016-7824 Buffalo NC01WH devices with CONFIR firmware version 1.0.0.8 and earlier not M(link is allows authenticated attackers to bypass yet external) buffalo_inc -- wnc01wh_firmware access restriction to enable the debug 2017- calcul JVN(link option via unspecified vectors. 06-09 ated is external)
CVE- Directory traversal vulnerability in 2016-7825 Buffalo WNC01WH devices with CONFIR firmware version 1.0.0.8 and earlier not M(link is allows authenticated attackers to read yet external) buffalo_inc -- wnc01wh_firmware arbitrary files via specially crafted 2017- calcul JVN(link commands. 06-09 ated is external)
Cross-site request forgery (CSRF) CVE- vulnerability in Buffalo WNC01WH 2016-7822 devices with firmware version 1.0.0.8 CONFIR and earlier allows remote attackers to not M(link is hijack the authentication of a logged in yet external) buffalo_inc -- wnc01wh_firmware user to perform unintended operations 2017- calcul JVN(link via unspecified vectors. 06-09 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- Directory traversal vulnerability in 2016-7826 Buffalo WNC01WH devices with CONFIR firmware version 1.0.0.8 and earlier not M(link is allows authenticated attackers to read yet external) buffalo_inc -- wnc01wh_firmware arbitrary files via specially crafted POST 2017- calcul JVN(link requests. 06-09 ated is external)
CVE- Cross-site scripting vulnerability in 2016-7823 Buffalo WNC01WH devices with CONFIR firmware version 1.0.0.8 and earlier not M(link is allows authenticated attackers to inject yet external) buffalo_inc -- wnc01wh_firmware arbitrary web script or HTML via 2017- calcul JVN(link unspecified vectors. 06-09 ated is external)
CVE- 2016-7821 Buffalo WNC01WH devices with CONFIR firmware version 1.0.0.8 and earlier not M(link is buffalo_inc -- wnc01wh_firmware allow remote attackers to cause a denial yet external) of service against the management 2017- calcul JVN(link screen via unspecified vectors. 06-09 ated is external)
CVE- 2017-8920 CONFIR irc.cgi in CGI:IRC before 0.5.12 reflects not M user-supplied input from the R yet CONFIR cgi:irc -- irc.cgi parameter without proper output 2017- calcul M(link is encoding, aka XSS. 06-06 ated external)
A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The CVE- vulnerability is due to incomplete input 2017-6638 validation of path and file names of a BID(link is DLL file before it is loaded. An attacker cisco -- not external) could exploit this vulnerability by anyconnect_secure_mobility_client_fo yet CONFIR creating a malicious DLL file and r_windows 2017- calcul M(link is installing it in a specific system 06-08 ated external) directory. A successful exploit could Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability. This vulnerability affects all Cisco AnyConnect Secure Mobility Client for Windows software versions prior to 4.4.02034. Cisco Bug IDs: CSCvc97928.
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM CVE- server. This vulnerability affects Cisco 2017-6640 Prime Data Center Network Manager BID(link is (DCNM) Software releases prior to not external) cisco -- Release 10.2(1) for Microsoft Windows, yet CONFIR prime_data_center_network_manager Linux, and Virtual Appliance platforms. 2017- calcul M(link is Cisco Bug IDs: CSCvd95346. 06-08 ated external)
A vulnerability in the role-based access CVE- cisco -- control (RBAC) functionality of Cisco 2017-6639 prime_data_center_network_manager 2017- Prime Data Center Network Manager not BID(link is 06-08 (DCNM) could allow an yet external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info unauthenticated, remote attacker to calcul CONFIR access sensitive information or execute ated M(link is arbitrary code with root privileges on an external) affected system. The vulnerability is due to the lack of authentication and authorization mechanisms for a debugging tool that was inadvertently enabled in the affected software. An attacker could exploit this vulnerability by remotely connecting to the debugging tool via TCP. A successful exploit could allow the attacker to access sensitive information about the affected software or execute arbitrary code with root privileges on the affected system. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software Releases 10.1(1) and 10.1(2) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd09961.
A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow- control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and CVE- data of the device, including a complete 2017-6648 DoS condition. This vulnerability affects BID(link is cisco -- the following Cisco TC and CE not external) telepresence_codec_and_collaboration platforms when running software yet CONFIR _endpoint_software versions prior to TC 7.3.8 and CE 8.3.0. 2017- calcul M(link is Cisco Bug IDs: CSCux94002. 06-08 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection CVE- mechanism for write protection of flash not 2017-8083 memory regions, which allows local yet MISC compulab -- users to install a firmware rootkit by 2017- calcul MISC(link intense_pc_and_mintbox_2_firmware leveraging administrative privileges. 06-06 ated is external)
CVE- 2016-7808 Cross-site scripting vulnerability in CONFIR Corega CG-WLBARGMH and CG- not M(link is corega -- cg-wlbargmh_firmware WLBARGNL allows remote attackers to yet external) inject arbitrary web script or HTML via 2017- calcul JVN(link unspecified vectors. 06-09 ated is external)
CVE- Cross-site scripting vulnerability in 2016-7810 Corega CG-WLR300NX firmware Ver. CONFIR 1.20 and earlier allows attacker with not M(link is administrator rights to inject arbitrary yet external) corega -- cg-wlr300nx_firmware web script or HTML via unspecified 2017- calcul JVN(link vectors. 06-09 ated is external)
Cross-site request forgery (CSRF) CVE- vulnerability in Corega CG-WLR300NX 2016-7809 firmware Ver. 1.20 and earlier allows CONFIR remote attackers to hijack the not M(link is authentication of logged in user to yet external) corega -- cg-wlr300nx_firmware conduct unintended operations via 2017- calcul JVN(link unspecified vectors. 06-09 ated is external)
CVE- 2016-7811 Corega CG-WLR300NX firmware Ver. CONFIR 1.20 and earlier allows an attacker on not M(link is the same network segment to bypass yet external) corega -- cg-wlr300nx_firmware access restriction to perform arbitrary 2017- calcul JVN(link operations via unspecified vectors. 06-09 ated is external)
CVE- 2017-9516 not MISC(link Craft CMS before 2.6.2982 allows for a yet is external) craft_cms -- craft_cms potential XSS attack vector by 2017- calcul MISC(link uploading a malicious SVG file. 06-08 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info MISC(link is external)
CVE- 2016-7832 Cybozu Dezie 8.0.0 to 8.1.1 allows JVN(link remote attackers to bypass access not is external) restrictions to obtain an arbitrary DBM yet CONFIR cybozu -- dezie (Cybozu Dezie proprietary format) file 2017- calcul M(link is via unspecified vectors. 06-09 ated external)
CVE- 2016-7833 Cybozu Dezie 8.0.0 to 8.1.1 allows JVN(link remote attackers to bypass access not is external) restrictions to delete an arbitrary DBM yet CONFIR cybozu -- dezie (Cybozu Dezie proprietary format) file 2017- calcul M(link is via unspecified vectors. 06-09 ated external)
CVE- 2016-4907 JVN(link not is external) Cybozu Garoon 3.0.0 to 4.2.2 allow yet CONFIR remote attackers to obtain CSRF tokens 2017- calcul M(link is cybozu -- garoon via unspecified vectors. 06-09 ated external)
CVE- 2016-4906 Cross-site scripting vulnerability in JVN(link Cybozu Garoon 3.0.0 to 4.2.2 allows not is external) remote attackers to inject arbitrary web yet CONFIR script or HTML via "Messages" function 2017- calcul M(link is cybozu -- garoon of Cybozu Garoon Keitai. 06-09 ated external) CVE- 2016-4908 Cybozu Garoon 3.0.0 to 4.2.2 allows JVN(link remote authenticated attackers to bypass not is external) access restriction to alter or delete yet CONFIR cybozu -- garoon another user's private RSS settings via 2017- calcul M(link is unspecified vectors. 06-09 ated external)
SQL injection vulnerability in the CVE- cybozu -- garoon 2017- Cybozu Garoon 3.0.0 to 4.2.2 allows not 2016-7803 06-09 remote authenticated attackers to yet JVN(link Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info execute arbitrary SQL commands via calcul is external) "MultiReport" function. ated CONFIR M(link is external)
CVE- 2016-7801 JVN(link Cybozu Garoon 3.0.0 to 4.2.2 allows not is external) remote attackers to bypass access yet CONFIR cybozu -- garoon restrictions to delete other users' To-Dos 2017- calcul M(link is via unspecified vectors. 06-09 ated external)
CVE- 2016-4910 Cybozu Garoon 3.0.0 to 4.2.2 allows JVN(link remote authenticated attackers to bypass not is external) access restriction to delete other yet CONFIR cybozu -- garoon operational administrators' MultiReport 2017- calcul M(link is filters via unspecified vectors. 06-09 ated external)
CVE- 2016-7802 JVN(link Directory traversal vulnerability in not is external) Cybozu Garoon 3.0.0 to 4.2.2 allows yet CONFIR cybozu -- garoon remote authenticated attackers to read 2017- calcul M(link is arbitrary files via unspecified vectors. 06-09 ated external)
CVE- 2016-4909 Cross-site request forgery (CSRF) JVN(link vulnerability in Cybozu Garoon 3.0.0 to not is external) 4.2.2 allows remote attackers to hijack yet CONFIR cybozu -- garoon the authentication of a logged in user to 2017- calcul M(link is force a logout via unspecified vectors. 06-09 ated external)
CVE- The Cybozu kintone mobile for Android 2016-7816 1.0.6 and earlier does not verify X.509 JVN(link certificates from SSL servers, which not is external) allows man-in-the-middle attackers to yet CONFIR cybozu -- kintone spoof servers and obtain sensitive 2017- calcul M(link is information via a crafted certificate. 06-09 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- Cross-site scripting vulnerability in 2016-7813 DERAEMON-CMS version 0.8.9 and CONFIR earlier allows remote attackers to inject not M(link is arbitrary web script or HTML via the yet external) deraemon-cms -- deraemon-cms parameters hostname, database and 2017- calcul JVN(link username. 06-09 ated is external)
Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer CVE- overflow related to the not 2017-9433 document_liberation_project -- MsWrd1Parser::readFootnoteCorrespon yet MISC libmwaw dance function in 2017- calcul MISC(link lib/MsWrd1Parser.cxx. 06-04 ated is external)
Document Liberation Project libstaroffice before 2017-04-07 has an CVE- out-of-bounds write caused by a stack- not 2017-9432 document_liberation_project -- based buffer overflow related to the yet MISC libstaroffice DatabaseName::read function in 2017- calcul MISC(link lib/StarWriterStruct.cxx. 06-04 ated is external)
CVE- 2017-8440 CONFIR M(link is external) Starting in version 5.3.0, Kibana had a CONFIR cross-site scripting (XSS) vulnerability M(link is in the Discover page that could allow an not external) attacker to obtain sensitive information yet CONFIR elastic -- kibana from or perform destructive actions on 2017- calcul M(link is behalf of other Kibana users. 06-05 ated external)
CVE- 2017-8439 CONFIR M(link is Kibana version 5.4.0 was affected by a external) Cross Site Scripting (XSS) bug in the not CONFIR Time Series Visual Builder. This bug yet M(link is elastic -- kibana could allow an attacker to obtain 2017- calcul external) sensitive information from Kibana users. 06-05 ated CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external)
CVE- 2017-8441 CONFIR Elastic X-Pack Security versions prior to M(link is 5.4.1 and 5.3.3 did not always correctly external) apply Document Level Security to index CONFIR aliases. This bug could allow a user with M(link is restricted permissions to view data they not external) should not have access to when yet CONFIR elastic -- x-pack performing certain operations against an 2017- calcul M(link is index alias. 06-05 ated external)
Elastic X-Pack Security versions 5.0.0 to CVE- 5.4.0 contain a privilege escalation bug 2017-8438 in the run_as functionality. This bug CONFIR prevents transitioning into the specified M(link is user specified in a run_as request. If a external) role has been created using a template CONFIR that contains the _user properties, the M(link is behavior of run_as will be incorrect. not external) Additionally if the run_as user specified yet CONFIR elastic -- x-pack does not exist, the transition will not 2017- calcul M(link is happen. 06-05 ated external)
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all CVE- patch levels) have Stored Cross Site not 2017-5004 Scripting vulnerabilities that could yet CONFIR emc -- multiple_products potentially be exploited by malicious 2017- calcul M(link is users to compromise an affected system. 06-09 ated external)
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and CVE- Governance version 7.0 (all patch not 2017-5003 levels); and RSA Identity Management yet CONFIR and Governance (IMG) version 6.9.1 (all emc -- multiple_products 2017- calcul M(link is patch levels) have Reflected Cross Site 06-09 ated external) Scripting vulnerabilities that could Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info potentially be exploited by malicious users to compromise an affected system.
Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and CVE- Enterprise Manager 2.1.0 through 2.3.0 not 2014-6031 and 3.x before 3.1.1 HF5 allows remote yet CONFIR f5 -- big-ip_enterprise_manager authenticated administrators to cause a 2017- calcul M(link is denial of service via unspecified vectors. 06-08 ated external)
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource CVE- Administrator or Administrator not 2016-7469 privileges, and it could cause the yet CONFIR Configuration utility client to become 2017- calcul M(link is f5 -- multiple_products unstable. 06-09 ated external)
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to not CVE- use of unsanitized yet 2017-9451 flatcore -- flatcore $_SERVER['PHP_SELF'] to generate 2017- calcul MISC(link URLs. 06-06 ated is external)
CVE- 2016-9961 SUSE SUSE not MLIST(lin yet k is game-music-emu -- game-music-emu game-music-emu before 0.6.1 2017- calcul external) mishandles unspecified integer values. 06-06 ated BID(link is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info external) CONFIR M CONFIR M(link is external) FEDORA FEDORA FEDORA FEDORA MISC(link is external)
CVE- 2016-9960 SUSE SUSE MLIST(lin k is external) BID(link is external) CONFIR M CONFIR M(link is external) FEDORA FEDORA not FEDORA game-music-emu before 0.6.1 allows yet FEDORA game-music-emu -- game-music-emu local users to cause a denial of service 2017- calcul MISC(link (divide by zero and process crash). 06-06 ated is external)
CVE- 2014-7919 CONFIR M(link is external) b/libs/gui/ISurfaceComposer.cpp in not CONFIR Android allows attackers to trigger a yet M(link is google -- android denial of service (null pointer 2017- calcul external) dereference and process crash). 06-08 ated CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external)
CVE- 2016-5648 MISC(link is external) Acer Portal app before 3.9.4.2000 for FULLDIS Android does not properly validate SSL C certificates, which allows remote not BUGTRA attackers to perform a Man-in-the- yet Q(link is google -- android middle attack via a crafted SSL 2017- calcul external) certificate. 06-08 ated CERT-VN
The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle not CVE- attackers to spoof servers and obtain yet 2016-7805 google -- android sensitive information via a crafted 2017- calcul JVN(link certificate. 06-09 ated is external)
CVE- Double-free vulnerability in 2015-1207 libavformat/mov.c in FFMPEG in CONFIR Google Chrome 41.0.2251.0 allows not M remote attackers to cause a denial of yet CONFIR google -- chrome service (memory corruption and crash) 2017- calcul M(link is via a crafted .m4a file. 06-06 ated external)
CVE- Google gRPC before 2017-04-05 has an not 2017-9431 out-of-bounds write caused by a heap- yet MISC google -- grpc based buffer overflow related to 2017- calcul MISC(link core/lib/iomgr/error.c. 06-04 ated is external)
GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to not CVE- bypass access restrictions to obtain yet 2017-2165 sensitive information such as emails via 2017- calcul JVN(link group_sessions -- group_sessions unspecified vectors. 06-09 ated is external)
Use-after-free vulnerability in H2O CVE- 2017- allows remote attackers to cause a not 2016-7835 06-09 h2o_project -- h2o denial-of-service (DoS) or obtain server yet CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info certificate private keys and possibly calcul M(link is other information. ated external) JVN(link is external)
CVE- Untrusted search path vulnerability in 2017-2209 the installer of Houkokusyo Sakusei CONFIR Shien Tool ver3.0.2 (For the first M(link is installation) (The version which was external) available on the website from 2017 CONFIR April 4 to 2017 May 18) and ver2.0 and M(link is later (For the first installation) (The external) versions which were available on the not MISC(link website prior to 2017 April 4) allows an yet is external) houkokusyo -- sakusei_shien_tool attacker to gain privileges via a Trojan 2017- calcul JVN(link horse DLL in an unspecified directory. 06-09 ated is external)
Huawei AR1220 routers with software before V200R005SPH006 allow remote CVE- attackers to cause a denial of service not 2015-2255 (board reset) via vectors involving a yet CONFIR huawei -- ar1220_firmware large amount of traffic from the GE port 2017- calcul M(link is to the FE port. 06-08 ated external)
The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, CVE- S9300, and S9700 with software before 2015-2800 V200R001SPH015 allows remote CONFIR attackers to cause a denial of service not M(link is (device restart) via vectors involving yet external) huawei -- campus_firmware authentication, which trigger an array 2017- calcul BID(link is access violation. 06-08 ated external)
The IP stack in multiple Huawei CVE- Campus series switch models allows not 2015-3913 remote attackers to cause a denial of yet CONFIR huawei -- campus_firmware service (reboot) via a crafted ICMP 2017- calcul M(link is request message. 06-08 ated external)
The XML interface in Huawei OceanStor UDS devices with software CVE- huawei -- oceanstor_firmware 2017- before V100R002C01SPC102 allows not 2015-2253 06-08 remote authenticated users to obtain yet CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info sensitive information via a crafted XML calcul M(link is document. ated external)
Huawei OceanStor UDS devices with CVE- software before V100R002C01SPC102 not 2015-2252 might allow remote attackers to execute yet CONFIR huawei -- oceanstor_firmware arbitrary code with root privileges via a 2017- calcul M(link is crafted UDS patch with shell scripts. 06-08 ated external)
The DeviceManager in Huawei OceanStor UDS devices with software CVE- before V100R002C01SPC102 might not 2015-2251 allow remote attackers to obtain yet CONFIR huawei -- oceanstor_firmware sensitive information via a crafted UDS 2017- calcul M(link is patch with JavaScript. 06-08 ated external)
CVE- 2017-1179 CONFIR IBM BigFix Compliance Analytics M(link is 1.9.79 uses weaker than expected external) cryptographic algorithms that could not BID(link is allow an attacker to decrypt highly yet external) ibm -- bigfix_compliance_analytics sensitive information. IBM X-Force ID: 2017- calcul MISC(link 123431. 06-08 ated is external)
CVE- 2017-1196 CONFIR IBM BigFix Compliance (TEMA M(link is SUAv1 SCA SCM) 1.9.70 does not external) require that users should have strong not BID(link is passwords by default, which makes it yet external) ibm -- bigfix_compliance_analytics easier for attackers to compromise user 2017- calcul MISC(link accounts. IBM X-Force ID: 123671. 06-07 ated is external)
CVE- 2017-1140 IBM Business Process Manager 8.0 and CONFIR 8.5 are vulnerable to cross-site scripting. M(link is This vulnerability allows users to embed external) arbitrary JavaScript code in the Web UI not BID(link is thus altering the intended functionality yet external) ibm -- business_process_manager potentially leading to credentials 2017- calcul MISC(link disclosure within a trusted session. 06-08 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2017-1125 CONFIR M(link is IBM Cognos Analytics 10.1 and 10.2 external) could allow a local user to craft a URL not BID(link is which could confirm the existence of yet external) ibm -- cognos_analytics and expose postial contents of a file. 2017- calcul MISC(link IBM X-Force ID: 121340. 06-07 ated is external)
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External CVE- Entity Injection (XXE) error when 2016-0254 processing XML data. A remote CONFIR authenticated attacker could exploit this not M(link is vulnerability to consume all available yet external) ibm -- cognos_business_intelligence CPU resources and cause a denial of 2017- calcul MISC(link service. IBM X-Force ID: 110563. 06-07 ated is external)
Curam Universal Access in IBM Curam CVE- Social Program Management (SPM) 6.0 2014-4843 SP2 before EP26, 6.0.4 before 6.0.4.6, CONFIR and 6.0.5 before 6.0.5.5 iFix5 allows not M(link is ibm -- remote attackers to obtain sensitive yet external) curam_social_program_management information about internal caseworker 2017- calcul BID(link is usernames via vectors related to a URL. 06-08 ated external)
CVE- 2016-6087 CONFIR M(link is IBM Domino 8.5 and 9.0 could allow an external) attacker to steal credentials using not BID(link is multiple sessions and large amounts of yet external) ibm -- domino data using Domino TLS Key Exchange 2017- calcul MISC(link validation. IBM X-Force ID: 117918. 06-07 ated is external)
IBM DOORS Next Generation CVE- (DNG/RRC) 6.0.2 and 6.0.3 is 2017-1305 vulnerable to cross-site scripting. This CONFIR not vulnerability allows users to embed M(link is yet arbitrary JavaScript code in the Web UI external) ibm -- doors_next_generation 2017- calcul thus altering the intended functionality BID(link is 06-07 ated potentially leading to credentials external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info disclosure within a trusted session. IBM MISC(link X-Force ID: 125459. is external)
IBM Endpoint Manager for Security and CVE- Compliance 1.9.70 is vulnerable to 2017-1178 cross-site scripting. This vulnerability CONFIR allows users to embed arbitrary M(link is JavaScript code in the Web UI thus external) ibm -- altering the intended functionality not BID(link is endpoint_manager_for_security_and_c potentially leading to credentials yet external) ompliance disclosure within a trusted session. IBM 2017- calcul MISC(link X-Force ID: 123430. 06-07 ated is external)
CVE- IBM Maximo Asset Management 7.1, 2016-9977 7.5, and 7.6 could allow a remote CONFIR attacker to hijack a user's session, caused M(link is by the failure to invalidate an existing external) session identifier. An attacker could not BID(link is exploit this vulnerability to gain access yet external) ibm -- maximo_asset_management to another user's session. IBM X-Force 2017- calcul MISC(link ID: 120253. 06-07 ated is external)
CVE- 2016-8987 CONFIR M(link is external) IBM Maximo Asset Management 7.1, not BID(link is 7.5, and 7.6 could allow an authenticated yet external) ibm -- maximo_asset_management user to view incorrect item sets that they 2017- calcul MISC(link should not have access to view. 06-08 ated is external)
IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote CVE- attacker to include arbitrary files. A 2016-9710 remote attacker could send a specially- CONFIR crafted URL to specify a file from the not M(link is local system, which could allow the yet external) ibm -- predictive_solutions_foundation attacker to obtain sensitive information. 2017- calcul MISC(link IBM X-Force ID: 119618. 06-07 ated is external)
IBM Rhapsody DM 4.0, 5.0, and 6.0 is CVE- vulnerable to a denial of service, caused 2016-9698 ibm -- rhapsody_dm 2017- by an XML External Entity Injection not CONFIR 06-08 (XXE) error when processing XML yet M(link is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info data. A remote attacker could exploit calcul external) this vulnerability to expose highly ated CONFIR sensitive information or consume all M(link is available memory resources. IBM external) Reference #: 1999960. BID(link is external) MISC(link is external)
CVE- 2016-3019 CONFIR IBM Security Access Manager for Web M(link is 9.0.0 uses weaker than expected external) cryptographic algorithms that could not BID(link is allow an attacker to decrypt highly yet external) ibm -- security_access_manager_9.0 sensitive information. IBM X-Force ID: 2017- calcul MISC(link 114462. 06-07 ated is external)
CVE- 2016-3051 CONFIR M(link is external) IBM Security Access Manager for Web not BID(link is 9.0.0 could allow an authenticated user yet external) ibm -- security_access_manager_9.0 to access some privileged functionality 2017- calcul MISC(link of the server. IBM X-Force ID: 114714. 06-07 ated is external)
CVE- IBM Security Privileged Identity 2016-5959 Manager 2.0.2 and 2.1.0 stores sensitive CONFIR information in URL parameters. This M(link is may lead to information disclosure if external) unauthorized parties have access to the not BID(link is ibm -- URLs via server logs, referrer header or yet external) security_privileged_identity_manager browser history. IBM X-Force ID: 2017- calcul MISC(link 116136. 06-07 ated is external)
CVE- 2016-5960 IBM Security Privileged Identity CONFIR Manager 2.0.2 and 2.1.0 stores user not M(link is ibm -- credentials in plain in clear text which yet external) security_privileged_identity_manager can be read by a local user. IBM X- 2017- calcul BID(link is Force ID: 116171. 06-07 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info MISC(link is external)
CVE- 2016-9991 IBM Sterling Order Management 9.2 CONFIR through 9.5 is vulnerable to cross-site M(link is request forgery which could allow an external) attacker to execute malicious and not BID(link is unauthorized actions transmitted from a yet external) ibm -- sterling_order_management user that the website trusts. IBM X- 2017- calcul MISC(link Force ID: 121314. 06-08 ated is external)
CVE- 2016-6098 CONFIR M(link is IBM Tivoli Key Lifecycle Manager external) 2.0.1, 2.5, and 2.6 specifies permissions not BID(link is for a security-critical resource in a way yet external) ibm -- tivoli key lifecycle manager that allows that resource to be read or 2017- calcul MISC(link modified by unintended actors. 06-08 ated is external)
CVE- 2016-6093 CONFIR M(link is IBM Tivoli Key Lifecycle Manager does external) not require that users should have strong not BID(link is passwords by default, which makes it yet external) ibm -- tivoli key lifecycle manager easier for attackers to compromise user 2017- calcul MISC(link accounts. 06-08 ated is external)
CVE- 2017-1319 IBM Tivoli Federated Identity Manager CONFIR 6.2 is affected by a vulnerability due to a not M(link is ibm -- missing secure attribute in encrypted yet external) tivoli_federated_identity_manager session (SSL) cookie. IBM X-Force ID: 2017- calcul MISC(link 125731. 06-08 ated is external)
CVE- not IBM Tivoli Storage Manager (IBM 2016-8939 yet Spectrum Protect 7.1 and 8.1) CONFIR ibm -- tivoli_storage_manager 2017- calcul clients/agents store password M(link is 06-07 ated information in the Windows Registry in external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info a manner which can be compromised. BID(link is IBM X-Force ID: 118790. external) MISC(link is external)
CVE- 2016-9736 CONFIR M(link is external) CONFIR M(link is external) IBM WebSphere Application Server not BID(link is using malformed SOAP requests could yet external) ibm -- websphere_application_server allow a remote attacker to obtain 2017- calcul MISC(link sensitive information. 06-08 ated is external)
CVE- 2016-6089 CONFIR IBM WebSphere MQ 9.0.0.1 and 9.0.2 M(link is could allow a local user to write to a file external) or delete files in a directory they should not BID(link is not have access to due to improper yet external) ibm -- websphere_mq access controls. IBM X-Force ID: 2017- calcul MISC(link 117926. 06-07 ated is external)
CVE- 2017-9500 In ImageMagick 7.0.5-8 Q16, an BID(link is assertion failure was found in the not external) function ResetImageProfileIterator, yet CONFIR imagemagick -- imagemagick which allows attackers to cause a denial 2017- calcul M(link is of service via a crafted file. 06-07 ated external)
CVE- 2017-9501 BID(link is In ImageMagick 7.0.5-7 Q16, an external) assertion failure was found in the not CONFIR function LockSemaphoreInfo, which yet M(link is imagemagick -- imagemagick allows attackers to cause a denial of 2017- calcul external) service via a crafted file. 06-07 ated CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external)
CVE- 2017-9499 BID(link is external) CONFIR In ImageMagick 7.0.5-7 Q16, an M(link is assertion failure was found in the not external) function SetPixelChannelAttributes, yet CONFIR imagemagick -- imagemagick which allows attackers to cause a denial 2017- calcul M(link is of service via a crafted file. 06-07 ated external)
CVE- 2015-5232 MLIST(lin k is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is not external) Race conditions in opa-fm before yet CONFIR 10.4.0.0.196 and opa-ff before 2017- calcul M(link is intel -- omni_path_architecture 10.4.0.0.197. 06-07 ated external)
CVE- 2015-6540 MISC(link not is external) Cross-site scripting (XSS) vulnerability yet BUGTRA in Intellect Design Arena Intellect Core 2017- calcul Q(link is intellect_design_arena -- intellect_core banking software. 06-07 ated external)
CVE- not I-O DATA DEVICE TS-WRLP 2016-7814 yet firmware version 1.00.01 and earlier and CONFIR iodata -- ts-wrlp_firmware 2017- calcul TS-WRLA firmware version 1.00.01 M(link is 06-09 ated and earlier allow remote attackers to external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info obtain authentication credentials via JVN(link unspecified vectors. is external)
Buffer overflow in I-O DATA DEVICE CVE- TS-WRLP firmware version 1.01.02 and 2016-7820 earlier and TS-WRLA firmware version CONFIR 1.01.02 and earlier allows an attacker not M(link is with administrator rights to cause a yet external) iodata -- ts-wrlp_firmware denial-of-service (DoS) or execute 2017- calcul JVN(link arbitrary code via unspecified vectors. 06-09 ated is external)
CVE- I-O DATA DEVICE TS-WRLP 2016-7819 firmware version 1.01.02 and earlier and CONFIR TS-WRLA firmware version 1.01.02 not M(link is and earlier allows an attacker with yet external) iodata -- ts-wrlp_firmware administrator rights to execute arbitrary 2017- calcul JVN(link OS commands via unspecified vectors. 06-09 ated is external)
CVE- 2016-7806 CONFIR I-O DATA DEVICE WFS-SR01 not M(link is iodata -- wfs-sr01_firmware firmware version 1.10 and earlier allow yet external) remote attackers to execute arbitrary OS 2017- calcul JVN(link commands via unspecified vectors. 06-09 ated is external)
CVE- I-O DATA DEVICE WFS-SR01 2016-7807 firmware version 1.10 and earlier allow CONFIR remote attackers to bypass access not M(link is restriction to access data on storage yet external) iodata -- wfs-sr01_firmware devices inserted into the product via 2017- calcul JVN(link unspecified vectors. 06-09 ated is external)
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution not CVE- ipa -- appgoat via unspecified vectors, a different yet 2017-2179 vulnerability than CVE-2017-2181 and 2017- calcul JVN(link CVE-2017-2182. 06-09 ated is external)
not CVE- Hands-on Vulnerability Learning Tool ipa -- appgoat yet 2017-2181 "AppGoat" for Web Application V3.0.2 2017- calcul JVN(link and earlier allow remote attackers to 06-09 ated is external) obtain local files via unspecified vectors, Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info a different vulnerability than CVE-2017- 2179 and CVE-2017-2182.
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to not CVE- ipa -- appgoat obtain local files via unspecified vectors, yet 2017-2182 a different vulnerability than CVE-2017- 2017- calcul JVN(link 2179 and CVE-2017-2181. 06-09 ated is external)
Hands-on Vulnerability Learning Tool not CVE- ipa -- appgoat "AppGoat" for Web Application V3.0.2 yet 2017-2180 and earlier allow remote attackers to 2017- calcul JVN(link obtain local files via unspecified vectors. 06-09 ated is external)
CVE- In Irssi before 1.0.3, when receiving 2017-9469 certain incorrectly quoted DCC files, it CONFIR tries to find the terminating quote one not M(link is byte before the allocated memory. Thus, yet external) irssi -- irssi remote attackers might be able to cause 2017- calcul CONFIR a crash. 06-06 ated M
CVE- 2017-9468 In Irssi before 1.0.3, when receiving a CONFIR DCC message without source nick/host, not M(link is it attempts to dereference a NULL yet external) irssi -- irssi pointer. Thus, remote IRC servers can 2017- calcul CONFIR cause a crash. 06-06 ated M
Cross-site scripting vulnerability in not CVE- Simple keitai chat 2.0 and earlier allows yet 2016-7817 lemons_php -- simple_keitai_chat_2.0 remote attackers to inject arbitrary web 2017- calcul JVN(link script or HTML via unspecified vectors. 06-09 ated is external)
In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the CVE- system's embedded controller, which not 2017-3740 could cause a denial of service attack on yet CONFIR lenovo -- active_protection_system the system or the ability to alter 2017- calcul M(link is hardware functionality. 06-04 ated external)
In the Lenovo Power Management CVE- 2017- driver before 1.67.12.24, a local user not 2017-3741 lenovo -- power_management_driver 06-04 may alter the trackpoint's firmware and yet CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info stop the trackpoint from functioning calcul M(link is correctly. This issue only affects ated external) ThinkPad X1 Carbon 5th generation.
CVE- 2015-8538 MLIST(lin k is not external) yet CONFIR dwarf_leb.c in libdwarf allows attackers 2017- calcul M(link is libdwarf -- libdwarf to cause a denial of service (SIGSEGV). 06-07 ated external) In Libgcrypt before 1.7.7, an attacker CVE- who learns the EdDSA session key 2017-9526 (from side-channel observation during CONFIR the signing process) can easily recover M(link is the long-term secret key. 1.7.7 makes a external) cipher/ecc-eddsa.c change to store this not CONFIR session key in secure memory, to ensure yet M libgcrypt -- libgcrypt that constant-time point operations are 2017- calcul CONFIR used in the MPI library. 06-10 ated M
CVE- 2017-9330 CONFIR M MLIST(lin k is external) QEMU (aka Quick Emulator), when BID(link is built with the USB OHCI Emulation not external) support, allows local guest OS users to yet CONFIR linux-- qemu_emulator cause a denial of service (infinite loop) 2017- calcul M(link is by leveraging an incorrect return value. 06-08 ated external)
CVE- 2017-8108 CONFIR M(link is Unspecified tests in Lynis before 2.5.0 not external) allow local users to write to arbitrary yet CONFIR lynis -- lynis files or possibly gain privileges via a 2017- calcul M(link is symlink attack on a temporary file. 06-08 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info FEDORA FEDORA
CVE- 2015-3295 MLIST(lin k is external) BID(link is not external) yet CONFIR markdown-it -- markdown-it markdown-it before 4.1.0 does not block 2017- calcul M(link is data: URLs. 06-07 ated external)
Stack-based buffer overflow in dnstracer CVE- through 1.9 allows attackers to cause a 2017-9430 denial of service (application crash) or MISC(link possibly have unspecified other impact is external) via a command line with a long name MISC(link argument that is mishandled in a strcpy not is external) call for argv[0]. An example threat yet EXPLOIT- mavetju -- mavetju model is a web application that launches 2017- calcul DB(link is dnstracer with an untrusted name string. 06-05 ated external)
Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 not CVE- allows an attacker to gain privileges via yet 2017-2191 microsoft -- windows_7 a Trojan horse DLL in an unspecified 2017- calcul JVN(link directory. 06-09 ated is external)
Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version not CVE- 1.2.0.0 allows an attacker to gain yet 2017-2190 microsoft -- windows_7 privileges via a Trojan horse DLL in an 2017- calcul JVN(link unspecified directory. 06-09 ated is external)
Untrusted search path vulnerability in RW-4040 driver installer for Windows 7 not CVE- version 2.27 allows an attacker to gain yet 2017-2189 microsoft -- windows_7 privileges via a Trojan horse DLL in an 2017- calcul JVN(link unspecified directory. 06-09 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info Untrusted search path vulnerability in RW-5100 tool to verify execution environment for Windows 7 version 1.1.0.0 and RW-5100 tool to verify execution environment for Windows 8.1 not CVE- version 1.2.0.0 allows an attacker to gain yet 2017-2192 microsoft -- windows_7 privileges via a Trojan horse DLL in an 2017- calcul JVN(link unspecified directory. 06-09 ated is external)
Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows not CVE- microsoft -- windows_vista remote attackers to gain privileges via a yet 2016-4902 Trojan horse DLL in an unspecified 2017- calcul JVN(link directory. 06-09 ated is external)
CVE- 2015-7326 MISC(link is external) BUGTRA Q(link is external) BID(link is external) CONFIR M(link is external) CONFIR M(link is not external) XML External Entity (XXE) yet CONFIR vulnerability in Milton Webdav before 2017- calcul M(link is milton -- milton_webdav 2.7.0.3. 06-07 ated external)
SQL injection vulnerability in the Multi CVE- multi_feed_reader -- multi_feed_reader 2017- Feed Reader prior to version 2.2.4 not 2017-2195 06-09 allows authenticated attackers to execute yet JVN(link Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info arbitrary SQL commands via calcul is external) unspecified vectors. ated CONFIR M
The Fedora Nagios package uses "nagiosadmin" as the default password CVE- for the "nagiosadmin" administrator not 2016-0726 account, which makes it easier for yet CONFIR nagios -- fedora_nagios remote attackers to obtain access by 2017- calcul M(link is leveraging knowledge of the credentials. 06-06 ated external)
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct CVE- privilege escalation. However, the local not 2017-7180 attacker might have the goal of yet EXPLOIT- net_monitor -- executing program.exe even though 2017- calcul DB(link is net_monitor_for_employees program.exe is a blocked application. 06-08 ated external)
CVE- 2015-1588 MISC(link is external) BUGTRA Q(link is external) BID(link is Multiple cross-site scripting (XSS) not external) open-xchange -- open- vulnerabilities in Open-Xchange Server yet SECTRAC xchange_appsuite 6 and OX AppSuite before 7.4.2-rev43, 2017- calcul K(link is 7.6.0-rev38, and 7.6.1-rev21. 06-08 ated external)
Openbravo Business Suite 3.0 is affected by SQL injection. This not CVE- openbravo -- vulnerability could allow remote yet 2017-9437 openbravo_business_suite authenticated attackers to inject arbitrary 2017- calcul MISC(link SQL code. 06-05 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2015-7514 MLIST(lin k is external) CONFIR M(link is external) OpenStack Ironic 4.2.0 through 4.2.1 not CONFIR does not "clean" the disk after use, yet M which allows remote authenticated users 2017- calcul CONFIR openstack -- ironic to obtain sensitive information. 06-07 ated M
CVE- Untrusted search path vulnerability in 2017-2211 PatchJGD (Hyoko) JVN(link (PatchJGDh101.EXE) ver. 1.0.1 allows not is external) an attacker to gain privileges via a yet CONFIR patchjgd -- patchjgd Trojan horse DLL in an unspecified 2017- calcul M(link is directory. 06-09 ated external)
CVE- 2017-2210 Untrusted search path vulnerability in JVN(link PatchJGD (PatchJGD101.EXE) ver. not is external) 1.0.1 allows an attacker to gain yet CONFIR patchjgd -- patchjgd privileges via a Trojan horse DLL in an 2017- calcul M(link is unspecified directory. 06-09 ated external)
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw- b305hw2_380hw6_580hw2_710hw3_13 50hw2_2500-7.0.1-build2093. The CVE- attack methodology is absolute path not 2017-8841 traversal in cgi- yet MISC peplink -- balance_router bin/MANGA/firmware_process.cgi via 2017- calcul MISC(link the upfile.path parameter. 06-05 ated is external)
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 CVE- devices with firmware before fw- not 2017-8835 b305hw2_380hw6_580hw2_710hw3_13 yet MISC 50hw2_2500-7.0.1-build2093. An attack peplink -- balance_router 2017- calcul MISC(link vector is the bauth cookie to cgi- 06-05 ated is external) bin/MANGA/admin.cgi. One impact is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw- b305hw2_380hw6_580hw2_710hw3_13 50hw2_2500-7.0.1-build2093. A direct request to cgi- CVE- bin/HASync/hasync.cgi?debug=1 shows not 2017-8840 Master LAN Address, Serial Number, yet MISC peplink -- balance_router HA Group ID, Virtual IP, and Submitted 2017- calcul MISC(link syncid. 06-05 ated is external)
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw- b305hw2_380hw6_580hw2_710hw3_13 50hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and CVE- /etc/roapass. In case one of these devices not 2017-8837 is compromised, the attacker can gain yet MISC peplink -- balance_router access to passwords and abuse them to 2017- calcul MISC(link compromise further systems. 06-05 ated is external)
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw- b305hw2_380hw6_580hw2_710hw3_13 50hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user CVE- visits a malicious website. This can for not 2017-8836 example be used to change the yet MISC peplink -- balance_router credentials of the administrative 2017- calcul MISC(link webinterface. 06-05 ated is external)
not XSS via orig_url exists on Peplink yet Balance 305, 380, 580, 710, 1350, and CVE- peplink -- balance_router 2017- calcul 2500 devices with firmware before fw- 2017-8839 06-05 ated b305hw2_380hw6_580hw2_710hw3_13 MISC Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info 50hw2_2500-7.0.1-build2093. The MISC(link affected script is guest/preview.cgi. is external)
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw- CVE- b305hw2_380hw6_580hw2_710hw3_13 not 2017-8838 50hw2_2500-7.0.1-build2093. The yet MISC peplink -- balance_router affected script is cgi- 2017- calcul MISC(link bin/HASync/hasync.cgi. 06-05 ated is external)
CVE- 2015-8326 MLIST(lin k is external) CONFIR M(link is external) CONFIR not M(link is The IPTables-Parse module before 1.6 yet external) for Perl allows local users to write to 2017- calcul CONFIR perl -- perl arbitrary files owned by the current user. 06-07 ated M
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 not CVE- personify360 -- personify360_e- URI, anyone can add a vendor account yet 2017-7312 business or read existing vendor account data 2017- calcul MISC(link (including usernames and passwords). 06-07 ated is external)
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email not CVE- personify360 -- personify360_e- address. In other words, anyone can yet 2017-7313 business search for users/customers in the system 2017- calcul MISC(link - no authentication is required. 06-07 ated is external)
not CVE- An issue was discovered in personify360 -- personify360_e- yet 2017-7314 Personify360 e-Business 7.5.2 through business 2017- calcul MISC(link 7.6.1. When going to the /TabId/275 06-07 ated is external) URI, while creating a new role, a list of Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info database tables and their columns is available.
A Use of Hard-Coded Password issue was discovered in Phoenix Broadband CVE- PowerAgent SC3 BMS, all versions not 2017-6039 prior to v6.87. Use of a hard-coded yet BID(link is phoenix -- password may allow unauthorized 2017- calcul external) broadband_poweragent_sc3_bms access to the device. 06-02 ated MISC
The smarty_self function in modules/module_smarty.php in PivotX not CVE- 2.3.11 mishandles the URI, allowing yet 2017-9332 pivotx -- pivotx XSS via vectors involving quotes in the 2017- calcul MISC(link self Smarty tag. 06-06 ated is external)
poppler through version 0.55.0 is not CVE- vulnerable to an uncontrolled recursion yet 2017-7515 poppler -- poppler in pdfunite resulting into potential 2017- calcul CONFIR denial-of-service. 06-06 ated M
CVE- not 2016-0768 yet CONFIR PostgreSQL PL/Java after 9.0 does not 2017- calcul M(link is postgresql -- postgresql honor access controls on large objects. 06-06 ated external) CVE- PostgreSQL PL/Java before 1.5.0 allows not 2016-0767 remote authenticated users with USAGE yet CONFIR permission on the public schema to alter 2017- calcul M(link is postgresql -- postgresql the public schema classpath. 06-06 ated external) CVE- not 2016-2192 PostgreSQL PL/Java before 1.5.0 allows yet CONFIR postgresql -- postgresql remote authenticated users to alter type 2017- calcul M(link is mappings for types they do not own. 06-06 ated external)
CVE- 2017-9310 QEMU (aka Quick Emulator), when CONFIR built with the e1000e NIC emulation M not support, allows local guest OS MLIST(lin yet privileged users to cause a denial of k is qemu -- qemu_emulator 2017- calcul service (infinite loop) via vectors related external) 06-08 ated to setting the initial receive / transmit BID(link is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info descriptor head (TDH/RDH) outside the external) allocated descriptor buffer. CONFIR M(link is external)
CVE- 2017-9520 CONFIR The r_config_set function in M(link is libr/config/config.c in radare2 1.5.0 not external) allows remote attackers to cause a denial yet CONFIR radare -- radare2 of service (use-after-free and application 2017- calcul M(link is crash) via a crafted DEX file. 06-08 ated external)
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant CVE- version of OpenSSH and makes the not 2017-5243 installations vulnerable to a range of yet CONFIR rapid7 -- nexpose MITM, downgrade, and decryption 2017- calcul M(link is attacks. 06-06 ated external)
CVE- The AMF unmarshallers in Red5 Media 2017-5878 Server before 1.0.8 do not restrict the MLIST(lin classes for which it performs not k is deserialization, which allows remote yet external) red5 -- media_server attackers to execute arbitrary code via 2017- calcul MISC(link crafted serialized Java data. 06-08 ated is external)
CVE- 2015-6240 MLIST(lin k is external) CONFIR M(link is external) The chroot, jail, and zone connection not CONFIR plugins in ansible before 1.9.2 allow yet M(link is local users to escape a restricted 2017- calcul external) red_hat -- ansible environment via a symlink attack. 06-07 ated CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external)
CVE- 2014-3498 CONFIR M(link is not external) The user module in ansible before 1.6.6 yet CONFIR red_hat -- ansible allows remote authenticated users to 2017- calcul M(link is execute arbitrary commands. 06-08 ated external)
CVE- 2014-8180 CONFIR MongoDB on Red Hat Satellite 6 allows M(link is local users to bypass authentication by not external) logging in with an empty password and yet CONFIR red_hat -- satellite_6 delete information which can cause a 2017- calcul M(link is Denial of Service. 06-06 ated external)
CVE- Red Hat Satellite 6 allows remote not 2015-5202 authenticated users with privileged yet CONFIR red_hat -- satellite_6 access on a content host to authenticate 2017- calcul M(link is to the capsule broker or server broker. 06-07 ated external)
CVE- 2016-4992 REDHAT( 389 Directory Server in Red Hat link is Enterprise Linux Desktop 6 through 7, external) Red Hat Enterprise Linux HPC Node 6 REDHAT( through 7, Red Hat Enterprise Linux link is Server 6 through 7, and Red Hat not external) Enterprise Linux Workstation 6 through yet CONFIR redhat -- 389_directory_server 7 allows remote attackers to infer the 2017- calcul M(link is existence of RDN component objects. 06-08 ated external)
CVE- 389 Directory Server in Red Hat 2016-5405 Enterprise Linux Desktop 6 through 7, REDHAT( not Red Hat Enterprise Linux HPC Node 6 link is yet through 7, Red Hat Enterprise Linux external) redhat -- 389_directory_server 2017- calcul Server 6 through 7, and Red Hat REDHAT( 06-08 ated Enterprise Linux Workstation 6 through link is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info 7 allows remote attackers to obtain user external) passwords. BID(link is external) CONFIR M(link is external)
CVE- 2016-5416 REDHAT( 389 Directory Server in Red Hat link is Enterprise Linux Desktop 6 through 7, external) Red Hat Enterprise Linux HPC Node 6 REDHAT( through 7, Red Hat Enterprise Linux link is Server 6 through 7, and Red Hat not external) Enterprise Linux Workstation 6 through yet CONFIR redhat -- 389_directory_server 7 allows remote attackers to read the 2017- calcul M(link is default Access Control Instructions. 06-08 ated external)
CVE- not 2016-3091 Cloud Foundry Diego 0.1468.0 through yet MLIST(lin redhat -- cloud_foundry_diego 0.1470.0 allows remote attackers to 2017- calcul k is cause a denial of service. 06-08 ated external)
CVE- 2016-4471 CONFIR M(link is not external) ManageIQ in CloudForms before 4.1 yet CONFIR redhat -- cloudforms allows remote authenticated users to 2017- calcul M(link is execute arbitrary code. 06-08 ated external)
CVE- not 2016-4457 CloudForms Management Engine before yet CONFIR redhat -- cloudforms 5.8 includes a default SSL/TLS 2017- calcul M(link is certificate. 06-08 ated external)
CVE- 2016-4973 not Binaries compiled against targets that MLIST(lin yet use the libssp library in GCC for stack k is redhat -- gnu_compiler_collection 2017- calcul smashing protection (SSP) might allow external) 06-07 ated local users to perform buffer overflow BID(link is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info attacks by leveraging lack of the Object external) Size Checking feature. CONFIR M(link is external)
CVE- 2016-3690 CONFIR M(link is external) MISC(link The PooledInvokerServlet in JBoss EAP not is external) 4.x and 5.x allows remote attackers to yet CONFIR redhat -- jboss_eap execute arbitrary code via a crafted 2017- calcul M(link is serialized payload. 06-08 ated external)
CVE- 2016-3099 FEDORA FEDORA mod_ns in Red Hat Enterprise Linux FEDORA Desktop 7, Red Hat Enterprise Linux REDHAT( HPC Node 7, Red Hat Enterprise Linux link is Server 7, and Red Hat Enterprise Linux not external) Workstation 7 allows remote attackers to yet CONFIR redhat -- mod_ns force the use of ciphers that were not 2017- calcul M(link is intended to be enabled. 06-08 ated external)
The CVE- VersionMapper.fromKernelVersionStrin not 2016-3077 g method in oVirt Engine allows remote yet CONFIR redhat -- ovirt authenticated users to cause a denial of 2017- calcul M(link is service (process crash) for all VMs. 06-06 ated external)
CVE- 2016-4473 SUSE REDHAT( /ext/phar/phar_object.c in PHP 7.0.7 and link is 5.6.x allows remote attackers to execute not external) arbitrary code. NOTE: Introduced as yet CONFIR redhat -- php part of an incomplete fix to CVE-2015- 2017- calcul M(link is 6833. 06-08 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- 2016-3095 FEDORA MLIST(lin k is external) MLIST(lin k is external) CONFIR M(link is not external) server/bin/pulp-gen-ca-certificate in yet CONFIR Pulp before 2.8.2 allows local users to 2017- calcul M(link is redhat -- pulp read the generated private key. 06-08 ated external)
CVE- 2016-3108 MLIST(lin k is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is The pulp-gen-nodes-certificate script in not external) Pulp before 2.8.3 allows local users to yet CONFIR redhat -- pulp leak the keys or write to arbitrary files 2017- calcul M(link is via a symlink attack. 06-08 ated external)
CVE- 2016-3111 MISC MISC MLIST(lin k is external) not CONFIR yet M(link is redhat -- pulp pulp.spec in Pulp 2.8.3 allows local 2017- calcul external) users to read generated RSA keys. 06-08 ated CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info M(link is external) CONFIR M(link is external) CONFIR M(link is external) CONFIR M(link is external)
CVE- 2016-3107 MLIST(lin k is external) CONFIR M(link is external) The Node certificate in Pulp before 2.8.3 CONFIR contains the private key, and is stored in M(link is a world-readable file in the not external) "/etc/pki/pulp/nodes/" directory, which yet CONFIR redhat -- pulp allows local users to gain access to 2017- calcul M(link is sensitive data. 06-08 ated external)
CVE- 2016-3112 MLIST(lin k is external) CONFIR M(link is external) CONFIR M(link is client/consumer/cli.py in Pulp before not external) 2.8.3 writes consumer private keys to yet CONFIR redhat -- pulp etc/pki/pulp/consumer/consumer- 2017- calcul M(link is cert.pem as world-readable. 06-08 ated external)
SerializableProvider in RESTEasy in CVE- 2017- Red Hat Enterprise Linux Desktop 7, not 2016-7050 06-08 redhat -- resteasy Red Hat Enterprise Linux HPC Node 7, yet REDHAT( Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info Red Hat Enterprise Linux Server 7, and calcul link is Red Hat Enterprise Linux Workstation 7 ated external) allows remote attackers to execute CONFIR arbitrary code. M(link is external)
CVE- not 2016-3066 The spice-gtk widget allows remote yet CONFIR redhat -- spice-gtk authenticated users to obtain information 2017- calcul M(link is from the host clipboard. 06-06 ated external)
CVE- 2017-2206 Untrusted search path vulnerability in JVN(link the installer of SaAT Netizen not is external) ver.1.2.10.510 and earlier allows an yet CONFIR saat -- netizen attacker to gain privileges via a Trojan 2017- calcul M(link is horse DLL in an unspecified directory. 06-09 ated external)
CVE- 2017-2207 Untrusted search path vulnerability in JVN(link the installer of SaAT Personal not is external) ver.1.0.10.272 and earlier allows an yet CONFIR saat -- personal attacker to gain privileges via a Trojan 2017- calcul M(link is horse DLL in an unspecified directory. 06-09 ated external)
CVE- 2017-9461 smbd in Samba before 4.4.10 and 4.5.x CONFIR before 4.5.6 has a denial of service M vulnerability (fd_open_atomic infinite not CONFIR loop with high CPU usage and memory yet M samba -- samba consumption) due to wrongly handling 2017- calcul CONFIR dangling symlinks. 06-06 ated M
CVE- Directory traversal vulnerability in the 2015-7888 WifiHs20UtilityService on the Samsung MISC(link S6 Edge LRX22G.G925VVRU1AOE2 not is external) allows remote attackers to overwrite or yet BID(link is create arbitrary files as the system-level 2017- calcul external) user via a .. (dot dot) in the name of a 06-07 ated MISC samsung -- samsung_mobile file, compressed into a zipped file Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info named cred.zip, and downloaded to /sdcard/Download.
A DLL Hijacking vulnerability in the CVE- programming software in Schneider 2017-7966 Electric's SoMachine HVAC v2.1.0 CONFIR allows a remote attacker to execute not M(link is arbitrary code on the targeted system. yet external) schneider_electric – somachine_hvac The vulnerability exists due to the 2017- calcul BID(link is improper loading of a DLL. 06-07 ated external)
CVE- 2017-7965 A buffer overflow vulnerability exists in CONFIR Programming Software executable not M(link is AlTracePrint.exe, in Schneider Electric's yet external) schneider_electric – somachine_hvac SoMachine HVAC v2.1.0 for Modicon 2017- calcul BID(link is M171/M172 Controller. 06-07 ated external)
Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, CVE- scramble_setup.exe, 2017-2176 clock_01_setup.exe, JVN(link clock_02_setup.exe) available prior to not is external) screensaver_installers -- N/A May 25, 2017 allows an attacker to gain yet CONFIR screensaver_installers privileges via a Trojan horse DLL in an 2017- calcul M(link is unspecified directory. 06-09 ated external)
CVE- 2014-8687 MISC(link is external) MISC(link is external) BID(link is external) Seagate Business NAS devices with MISC(link firmware before 2015.00322 allow is external) remote attackers to execute arbitrary not EXPLOIT- code with root privileges by leveraging yet DB(link is seagate -- business_nas use of a static encryption key to create 2017- calcul external) session tokens. 06-08 ated EXPLOIT- Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info DB(link is external)
CVE- Untrusted search path vulnerability in 2017-2213 SemiDynaEXE JVN(link (SemiDynaEXE2008.EXE) ver. 1.0.2 not is external) allows an attacker to gain privileges via yet CONFIR semidynaexe -- semidynaexe a Trojan horse DLL in an unspecified 2017- calcul M(link is directory. 06-09 ated external)
CVE- Untrusted search path vulnerability in 2017-2177 Installer of Shogyo Touki Denshi JVN(link Ninsho Software Ver 1.7 and earlier not is external) shogyo_touki_denshi_ninsho -- allows an attacker to gain privileges via yet CONFIR shogyo_touki_denshi_ninsho a Trojan horse DLL in an unspecified 2017- calcul M(link is directory. 06-09 ated external)
Untrusted search path vulnerability in the [Simeji for Windows] installer not CVE- (simeji.exe) allows an attacker to gain yet 2017-2219 simeji -- simeji privileges via a Trojan horse DLL in an 2017- calcul JVN(link unspecified directory. 06-09 ated is external)
CVE- 2016-7836 CONFIR M(link is external) SKYSEA Client View Ver.11.221.03 JVN(link and earlier allows remote code execution not is external) via a flaw in processing authentication yet CONFIR skysea -- skysea on the TCP connection with the 2017- calcul M(link is management console program. 06-09 ated external)
CVE- 2015-1379 CONFIR M MLIST(lin k is The signal handler implementations in not external) socat before 1.7.3.0 and 2.0.0-b8 allow yet MLIST(lin socat -- socat remote attackers to cause a denial of 2017- calcul k is service (process freeze or crash). 06-08 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info BID(link is external) CONFIR M(link is external)
Sony PCS-XG100, PCS-XG100S, PCS- XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware CVE- versions prior to Ver.1.51 and PCS-XC1 2016-7830 devices with firmware version prior to JVN(link Ver.1.22 allow an attacker on the same not is external) network segment to bypass yet CONFIR sony -- video_conference_firmware authentication to perform administrative 2017- calcul M(link is operations via unspecified vectors. 06-09 ated external)
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A not vulnerable URI is yet CVE- sophos -- cyberoam_firmware /corporate/webpages/trafficdiscovery/Li 2017- calcul 2016-9834 veConnectionDetail.jsp. 06-07 ated MISC
CVE- not 2017-9523 The Sophos Web Appliance before 4.3.2 yet CONFIR sophos -- sophos_web_appliance has XSS in the FTP redirect page, aka 2017- calcul M(link is NSWA-1342. 06-08 ated external)
CVE- Directory traversal vulnerability in 2017- not 2015-8235 spiffy -- spiffy Spiffy before 5.4. 06-07 yet CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info calcul M ated MLIST(lin k is external) BID(link is external) MLIST
CVE- 2017-9023 DEBIAN BID(link is The ASN.1 parser in strongSwan before external) 5.5.3 improperly handles CHOICE types UBUNTU( when the x509 plugin is enabled, which not link is allows remote attackers to cause a denial yet external) strongswan -- strongswan of service (infinite loop) via a crafted 2017- calcul CONFIR certificate. 06-08 ated M
CVE- 2017-9022 DEBIAN The gmp plugin in strongSwan before BID(link is 5.5.3 does not properly validate RSA external) public keys before calling UBUNTU( mpz_powm_sec, which allows remote not link is peers to cause a denial of service yet external) strongswan -- strongswan (floating point exception and process 2017- calcul CONFIR crash) via a crafted certificate. 06-08 ated M
XML external entity (XXE) vulnerability in the import playlist CVE- feature in Subsonic 6.1.1 might allow not 2017-9355 remote attackers to conduct server-side yet MISC subsonic -- subsonic request forgery (SSRF) attacks via a 2017- calcul MISC(link crafted XSPF playlist file. 06-07 ated is external)
Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including not CVE- symantec -- rar symlinks contained in the archive. This yet 2014-9983 allows remote attackers to write to 2017- calcul CONFIR arbitrary files via a crafted archive. 06-04 ated M Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CVE- not 2017-9436 yet CONFIR teampass -- teampass TeamPass before 2.1.27.4 is vulnerable 2017- calcul M(link is to a SQL injection in users.queries.php. 06-05 ated external)
CVE- 2017-2193 Untrusted search path vulnerability in JVN(link the installer of Tera Term 4.94 and not is external) earlier allows an attacker to gain yet CONFIR privileges via a Trojan horse DLL in an 2017- calcul M(link is tera_term -- tera_term unspecified directory. 06-09 ated external)
CVE- 2017-2212 Untrusted search path vulnerability in JVN(link TKY2JGD (TKY2JGD1379.EXE) ver. not is external) 1.3.79 allows an attacker to gain yet CONFIR privileges via a Trojan horse DLL in an 2017- calcul M(link is tky2jgd -- tky2jgd unspecified directory. 06-09 ated external) CVE- 2016-7818 CONFIR M(link is external) Untrusted search path vulnerability in CONFIR Installers for Specification check M(link is program (social insurance) Ver. 9.00 and external) earlier, TODOKESHO print program CONFIR Ver. 5.00 and earlier, Device data M(link is encryption program Ver. 1.00 and external) earlier, and TODOKESHO creation CONFIR program Ver. 15.00 and earlier available not M(link is prior to October 17, 2016 allows remote yet external) todokesho -- todokesho attackers to gain privileges via a Trojan 2017- calcul JVN(link horse DLL in an unspecified directory. 06-09 ated is external)
CVE- The hidden-service feature in Tor before 2017-0376 0.3.0.8 allows a denial of service CONFIR (assertion failure and daemon exit) in not M(link is the connection_edge_process_relay_cell yet external) function via a BEGIN_DIR cell on a 2017- calcul CONFIR rendezvous circuit. 06-09 ated torproject -- tor M Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CONFIR M
CVE- 2017-0375 CONFIR M(link is The hidden-service feature in Tor before external) 0.3.0.8 allows a denial of service not CONFIR (assertion failure and daemon exit) in yet M the relay_send_end_cell_from_edge_ 2017- calcul CONFIR torproject -- tor function via a malformed BEGIN cell. 06-09 ated M In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1- 128ubuntu2 on Ubuntu, the postinst CVE- maintainer script allows for group- not 2017-9525 crontab-to-root privilege escalation via yet MISC ubuntu -- debian symlink attacks against unsafe usage of 2017- calcul MISC(link the chown and chmod programs. 06-09 ated is external)
not CVE- yet 2015-6959 vindula -- vindula Cross-site scripting (XSS) vulnerability 2017- calcul MISC(link in Vindula 1.9. 06-07 ated is external)
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600- 201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; CVE- Workstation Pro / Player 12.x prior to 2017-4903 12.5.5; and Fusion Pro / Fusion 8.x prior BID(link is to 8.5.6 have an uninitialized stack not external) memory usage in SVGA. This issue may yet CONFIR vmware -- esxi allow a guest to execute code on the 2017- calcul M(link is host. 06-07 ated external)
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410- CVE- not SG, 6.0 U3 without patch ESXi600- 2017-4904 yet 201703401-SG, 6.0 U2 without patch BID(link is vmware -- esxi 2017- calcul ESXi600-201703403-SG, 6.0 U1 external) 06-07 ated without patch ESXi600-201703402-SG, CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info and 5.5 without patch ESXi550- M(link is 201703401-SG; Workstation Pro / external) Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 CVE- without patch ESXi550-201703401-SG; 2017-4902 Workstation Pro / Player 12.x prior to BID(link is 12.5.5; and Fusion Pro / Fusion 8.x prior not external) to 8.5.6 have a Heap Buffer Overflow in yet CONFIR vmware -- esxi SVGA. This issue may allow a guest to 2017- calcul M(link is execute code on the host. 06-07 ated external)
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600- 201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without CVE- patch ESXi550-201703401-SG; 2017-4905 Workstation Pro / Player 12.x prior to BID(link is 12.5.5; and Fusion Pro / Fusion 8.x prior not external) to 8.5.6 have uninitialized memory yet CONFIR vmware -- esxi usage. This issue may lead to an 2017- calcul M(link is information leak. 06-07 ated external)
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful CVE- exploitation of this issue may allow not 2017-4918 unprivileged users to escalate their yet CONFIR privileges to root on the Mac OSX 2017- calcul M(link is vmware -- horizon_view_client system where the client is installed. 06-08 ated external)
VMware Unified Access Gateway CVE- not (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and 2017-4907 yet Horizon View (7.x prior to 7.1.0, 6.x BID(link is vmware -- unified_access_gateway 2017- calcul prior to 6.2.4) contain a heap buffer- external) 06-08 ated overflow vulnerability which may allow CONFIR Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info a remote attacker to execute code on the M(link is security gateway. external)
CVE- VMware vSphere Data Protection 2017-4914 (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x BID(link is contains a deserialization issue. not external) Exploitation of this issue may allow a yet CONFIR vmware -- vsphere_data_protection remote attacker to execute commands on 2017- calcul M(link is the appliance. 06-07 ated external)
CVE- VMware vSphere Data Protection 2017-4917 (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x BID(link is locally stores vCenter Server credentials not external) using reversible encryption. This issue yet CONFIR vmware -- vsphere_data_protection may allow plaintext credentials to be 2017- calcul M(link is obtained. 06-07 ated external)
VMware Workstation Pro/Player 12.x CVE- before 12.5.3 contains a NULL pointer 2017-4900 dereference vulnerability that exists in BID(link is the SVGA driver. Successful not external) exploitation of this issue may allow yet CONFIR vmware -- workstation attackers with normal user privileges to 2017- calcul M(link is crash their VMs. 06-07 ated external)
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of- bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS CVE- that runs the Horizon View Client. 2017-4910 Exploitation is only possible if virtual BID(link is printing has been enabled. This feature not external) is not enabled by default on Workstation yet CONFIR vmware -- workstation but it is enabled by default on Horizon 2017- calcul M(link is View. 06-08 ated external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info The drag-and-drop (DnD) function in VMware Workstation 12.x before CVE- version 12.5.4 and Fusion 8.x before 2017-4901 version 8.5.5 has an out-of-bounds BID(link is memory access vulnerability. This may not external) allow a guest to execute code on the yet CONFIR vmware -- workstation operating system that runs Workstation 2017- calcul M(link is or Fusion. 06-08 ated external)
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs CVE- from a path defined in the local 2017-4898 environment-variable. Successful BID(link is exploitation of this issue may allow not external) normal users to escalate privileges to yet CONFIR vmware -- workstation System in the host machine where 2017- calcul M(link is VMware Workstation is installed. 06-07 ated external)
VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA CVE- driver. An attacker may exploit this 2017-4899 issue to crash the VM or trigger an out- BID(link is of-bound read. Note: This issue can be not external) triggered only when the host has no yet CONFIR vmware -- workstation graphics card or no graphics drivers are 2017- calcul M(link is installed. 06-07 ated external)
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of- bounds read vulnerabilities in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs CVE- Workstation. In the case of a Horizon 2017-4912 View Client, this may allow a View BID(link is desktop to execute code or perform a not external) Denial of Service on the Windows OS yet CONFIR that runs the Horizon View Client. vmware -- workstation 2017- calcul M(link is Exploitation is only possible if virtual 06-08 ated external) printing has been enabled. This feature Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info is not enabled by default on Workstation but it is enabled by default on Horizon View.
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS CVE- that runs the Horizon View Client. 2017-4908 Exploitation is only possible if virtual BID(link is printing has been enabled. This feature not external) is not enabled by default on Workstation yet CONFIR vmware -- workstation but it is enabled by default on Horizon 2017- calcul M(link is View. 06-08 ated external)
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of- bounds write vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS CVE- that runs the Horizon View Client. 2017-4911 Exploitation is only possible if virtual BID(link is printing has been enabled. This feature not external) is not enabled by default on Workstation yet CONFIR vmware -- workstation but it is enabled by default on Horizon 2017- calcul M(link is View. 06-08 ated external)
VMware Workstation (12.x prior to CVE- vmware -- workstation 2017- 12.5.3) and Horizon View Client (4.x not 2017-4909 06-08 prior to 4.4.0) contain a heap buffer- yet BID(link is Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info overflow vulnerability in TrueType Font calcul external) (TTF) parser in the TPView.dll. On ated CONFIR Workstation, this may allow a guest to M(link is execute code or perform a Denial of external) Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View.
VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer- overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS CVE- that runs the Horizon View Client. 2017-4913 Exploitation is only possible if virtual BID(link is printing has been enabled. This feature not external) is not enabled by default on Workstation yet CONFIR vmware -- workstation but it is enabled by default on Horizon 2017- calcul M(link is View. 06-08 ated external)
CVE- 2016-7838 CONFIR Untrusted search path vulnerability in M(link is WinSparkle versions prior to 0.5.3 external) allows remote attackers to execute not JVN(link arbitrary code via a specially crafted yet is external) winsparkle -- winsparkle executable file in an unspecified 2017- calcul JVN(link directory. 06-09 ated is external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info CONFIR M
CVE- Cross-site scripting vulnerability in WP 2017-2187 Live Chat Support prior to version not JVN(link 7.0.07 allows remote attackers to inject yet is external) wordpress -- live_chat_support arbitrary web script or HTML via 2017- calcul CONFIR unspecified vectors. 06-09 ated M
CVE- 2015-3634 MLIST(lin k is external) The BID(link is SlideshowPluginSlideshowStylesheet::lo external) adStylesheetByAJAX function in the CONFIR Slideshow plugin 2.2.8 through 2.2.21 not M(link is for Wordpress allows remote attackers yet external) to read arbitrary Wordpress option 2017- calcul CONFIR wordpress -- slideshow values. 06-08 ated M
CVE- 2017-9420 MISC(link Cross site scripting (XSS) vulnerability is external) in the Spiffy Calendar plugin before not MISC(link 3.3.0 for WordPress allows remote yet is external) wordpress -- spiffy_calendar attackers to inject arbitrary JavaScript 2017- calcul BID(link is via the yr parameter. 06-05 ated external)
CVE- 2014-9310 BID(link is external) not MISC(link wordpress -- Cross-site scripting (XSS) vulnerability yet is external) wordpress_backup_to_dropbox in the WordPress Backup to Dropbox 2017- calcul CONFIR plugin before 4.1 for WordPress. 06-07 ated M
The yr_arena_write_data function in CVE- not YARA 3.6.1 allows remote attackers to 2017-9465 yet cause a denial of service (buffer over- CONFIR yara -- yara 2017- calcul read and application crash) or obtain M(link is 06-06 ated sensitive information from process external) Primary PublisCVSS Source & Vendor -- Product Description hed Score Patch Info memory via a crafted file that is CONFIR mishandled in the yr_re_fast_exec M(link is function in libyara/re.c and the external) _yr_scan_match_callback function in libyara/scan.c.
CVE- 2015-7346 MISC MISC(link not is external) yet EXPLOIT- SQL injection vulnerability in ZCMS 2017- calcul DB(link is zencherry -- zcms 1.1. 06-07 ated external) CVE- 2015-1786 CONFIR M(link is Cross-site request forgery (CSRF) not external) vulnerability in Zend/Validator/Csrf in yet CONFIR zend -- zend_framework Zend Framework 2.3.x before 2.3.6 via 2017- calcul M(link is null or malformed token identifiers. 06-08 ated external)
CVE- Zulip Server 1.5.1 and below suffer 2017-0896 from an error in the implementation of MISC(link the invite_by_admins_only setting in the is external) Zulip group chat application server that MLIST(lin allowed an authenticated user to invite not k is other users to join a Zulip organization yet external) even if the organization was configured 2017- calcul MISC(link zulip -- zulip_server to prevent this. 06-02 ated is external)