Vulnerability Summary for the Week of August 28, 2017

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:  High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0  Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9  Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

High Vulnerabilities CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging CVE-2015- incorrect 3653 permission 2017- CONFIRM(li

arubanetworks -- clearpass checking. 08-29 9.0 nk is external) Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote CVE-2015- authenticated 3654 administrators to 2017- CONFIRM(li

arubanetworks -- clearpass gain root 08-29 9.0 nk is external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root CVE-2015- privileges via 4649 unspecified CONFIRM(li vectors, a different nk is external) vulnerability than 2017- BID(link is

arubanetworks -- clearpass CVE-2015-3654. 08-29 9.0 external) Hard coded weak CVE-2014- credentials in 8426 Barracuda Load MISC(link is Balancer 2017- external)

barracuda -- load_balancer 5.0.0.015. 08-28 7.5 FULLDISC Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 CVE-2014- via the use of an 8428 improperly MISC(link is protected SSH 2017- external)

barracuda -- load_balancer key. 08-28 7.5 FULLDISC SQL injection vulnerability in the baserCMS 3.0.14 and earlier, CVE-2017- 4.0.5 and earlier 10842 allows remote JVN(link is attackers to external) execute arbitrary 2017- MISC(link is

basercms -- basercms SQL commands 08-28 7.5 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info via unspecified vectors. CVE-2014- 9637 CONFIRM FEDORA FEDORA GNU patch 2.7.2 MLIST(link and earlier allows is external) remote attackers BID(link is to cause a denial external) of service UBUNTU(lin (memory k is external) consumption and CONFIRM(li segmentation nk is external) fault) via a crafted 2017- CONFIRM

canonical -- ubuntu_linux diff file. 08-25 7.1 CONFIRM Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1- 0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to CVE-2015- arbitrary files and 1324 gain root BID(link is privileges by external) leveraging UBUNTU(lin incorrect handling k is external) of permissions 2017- CONFIRM(li

canonical -- ubuntu_linux when generating 08-25 7.2 nk is external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info core dumps for setuid binaries. CVE-2015- Directory traversal 1395 vulnerability in FEDORA GNU patch FEDORA versions which MLIST(link support Git-style is external) patching before BID(link is 2.7.3 allows external) remote attackers UBUNTU(lin to write to k is external) arbitrary files with MISC the permissions of CONFIRM(li the target user via nk is external) a .. (dot dot) in a 2017- CONFIRM

canonical -- ubuntu_linux diff file name. 08-25 7.8 CONFIRM CrushFTP 8.x CVE-2017- before 8.2.0 has a 14035 serialization 2017- CONFIRM(li

crushftp -- crushftp vulnerability. 08-30 7.5 nk is external) The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) CVE-2017- library (aka 2017- 13716

gnu -- binutils libbfd). 08-28 7.1 MISC CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU CVE-2017- and memory 13775 resources may be CONFIRM(li consumed nk is external) although the file MISC(link is itself does not external) support the 2017- BID(link is

graphicsmagick -- graphicsmagick requests. 08-30 7.1 external) GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would CVE-2017- cause large 13776 amounts of CPU CONFIRM(li and memory nk is external) consumption MISC(link is although the external) crafted file itself 2017- BID(link is

graphicsmagick -- graphicsmagick does not request it. 08-30 7.1 external) GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() CVE-2017- in a coders/xbm.c 13777 "Read hex image CONFIRM(li data" version==10 nk is external) case that results in MISC(link is the reader not external) returning; it would 2017- BID(link is

graphicsmagick -- graphicsmagick cause large 08-30 7.1 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info amounts of CPU and memory consumption although the crafted file itself does not request it. The WritePixelCacheP ixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial CVE-2017- of service (CPU 12875 consumption) via 2017- CONFIRM(li

imagemagick -- imagemagick a crafted file. 08-29 7.1 nk is external) CVE-2013- 7426 Insecure MLIST(link Temporary file is external) vulnerability in BID(link is /tmp/kamailio_fifo 2017- external)

kamailio -- kamailio in kamailio 4.0.1. 08-29 7.5 CONFIRM In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized CVE-2017- access to the 12816 product BID(link is functionality by external) using Android 2017- CONFIRM(li

kaspersky -- kaspersky_internet_security IPC. 08-25 7.5 nk is external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows CVE-2017- an attacker to gain 10831 privileges via a MISC(link is moj.go -- Trojan horse DLL external) commercial_registration_electronic_authenticati in an unspecified 2017- JVN(link is

on_software directory. 08-28 9.3 external) "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers CVE-2017- to execute 10832 arbitrary OS MISC(link is commands via external) unspecified 2017- JVN(link is

nippon-antenna -- scr02hd_firmware vectors. 08-28 10.0 external) Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an CVE-2017- attacker to gain 10827 privileges via a MISC(link is Trojan horse DLL external) in an unspecified 2017- JVN(link is

ntt -- flets_azukuu_pc_automatic_backup_tool directory. 08-28 9.3 external) Untrusted search 2017- CVE-2017-

ntt -- flets_install_tool path vulnerability 08-28 9.3 10828 CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info in Flets Install MISC(link is Tool all versions external) distributed JVN(link is through the external) website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows CVE-2017- an attacker to gain 2242 privileges via a MISC(link is Trojan horse DLL external) in an unspecified 2017- JVN(link is

ntt -- flets_setsuzoku_tool directory. 08-28 9.3 external) Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows CVE-2017- an attacker to gain 10826 privileges via a MISC(link is Trojan horse DLL external) in an unspecified 2017- JVN(link is

ntt -- security_kinou_mihariban directory. 08-28 9.3 external) Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker CVE-2017- to gain privileges 10830 via a Trojan horse MISC(link is DLL in an external) unspecified 2017- JVN(link is

ntt -- security_setup_tool directory. 08-28 9.3 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a CVE-2017- Trojan horse DLL 10812 in an unspecified 2017- JVN(link is

nttdocomo -- photo_collection_pc_software directory. 08-28 9.3 external) Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker CVE-2017- to gain privileges 10836 via a Trojan horse JVN(link is DLL in an external) unspecified 2017- MISC(link is

optim -- optimal_guard directory. 08-28 9.3 external) CVE-2014- 9558 MISC(link is Multiple SQL external) injection FULLDISC vulnerabilities in 2017- BID(link is

smartcms -- smartcms SmartCMS v.2. 08-28 7.5 external) A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions CVE-2017- 1.6.30.144 and 12707 prior. Opening a BID(link is maliciously 2017- external)

spidercontrol -- scada_microbrowser crafted html file 08-25 7.5 MISC CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info may cause a stack overflow. In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to CVE-2017- 2.0.14, the MSDP 13767 dissector could go BID(link is into an infinite external) loop. This was SECTRACK( addressed in link is epan/dissectors/pa external) cket-msdp.c by CONFIRM adding length 2017- CONFIRM

wireshark -- wireshark validation. 08-30 7.8 CONFIRM CVE-2015- 1430 Buffer overflow in 2017- MLIST(link

xymon -- xymon xymon 4.3.17-1. 08-28 7.5 is external) Back to top

Medium Vulnerabilities CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user- supplied data prior to copying it to CVE-2017- the heap-based buffer, which could 12704 allow an attacker to execute arbitrary BID(link is code under the context of the 2017- external)

advantech -- webaccess process. 08-30 6.8 MISC Apache Atlas versions 0.6.0 CVE-2016- (incubating), 0.7.0 (incubating), and 2017- 8752

apache -- atlas 0.7.1 (incubating) allow access to 08-29 5.0 MLIST CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info the webapp directory contents by pointing to URIs like /js and /img. CVE-2017- Apache Atlas versions 0.6.0- 3150 incubating and 0.7.0-incubating use BID(link is cookies that could be accessible to 2017- external)

apache -- atlas client-side script. 08-29 4.3 MLIST Apache Atlas versions 0.6.0- CVE-2017- incubating and 0.7.0-incubating 3151 were found vulnerable to Stored BID(link is Cross-Site Scripting in the edit-tag 2017- external)

apache -- atlas functionality. 08-29 4.3 MLIST CVE-2017- Apache Atlas versions 0.6.0- 3152 incubating and 0.7.0-incubating BID(link is were found vulnerable to DOM XSS 2017- external)

apache -- atlas in the edit-tag functionality. 08-29 4.3 MLIST CVE-2017- Apache Atlas versions 0.6.0- 3153 incubating and 0.7.0-incubating BID(link is were found vulnerable to Reflected 2017- external)

apache -- atlas XSS in the search functionality. 08-29 4.3 MLIST Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0- CVE-2017- incubating included stack trace, 2017- 3154

apache -- atlas exposing excessive information. 08-29 5.0 MLIST Apache Atlas versions 0.6.0- incubating and 0.7.0-incubating CVE-2017- were found vulnerable to cross 2017- 3155

apache -- atlas frame scripting. 08-29 4.3 MLIST Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the CVE-2015- authentication of administrators by 3655 leveraging improper enforcement of 2017- CONFIRM(li

arubanetworks -- clearpass the anti-CSRF token. 08-29 6.8 nk is external) Aruba Networks ClearPass Policy CVE-2015- Manager before 6.4.7 and 6.5.x 3656 before 6.5.2 allows remote 2017- CONFIRM(li

arubanetworks -- clearpass authenticated lower-level 08-29 6.5 nk is external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info administrators to gain privileges by leveraging failure to properly enforce authorization checks. Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level CVE-2015- administrators to gain "Super 3657 Admin" privileges via unspecified 2017- CONFIRM(li

arubanetworks -- clearpass vectors. 08-29 6.5 nk is external) baserCMS version 3.0.14 and CVE-2017- earlier, 4.0.5 and earlier allows 10843 remote attackers to delete arbitrary JVN(link is files via unspecified vectors when external) the "File" field is being used in the 2017- MISC(link is

basercms -- basercms mail form. 08-28 6.4 external) CVE-2017- 10844 baserCMS 3.0.14 and earlier, 4.0.5 JVN(link is and earlier allows an attacker to external) execute arbitrary PHP code on the 2017- MISC(link is

basercms -- basercms server via unspecified vectors. 08-28 6.5 external) In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in CVE-2017- backend/media/ajax_upload.php, as 13670 demonstrated by a ZIP archive that 2017- MISC(link is

blackcat-cms -- blackcat_cms contains a .php file. 08-31 4.0 external) BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted new_modulename parameter to CVE-2017- backend/addons/ajax_create.php. 14048 NOTE: this can be exploited via 2017- MISC(link is

blackcat-cms -- blackcat_cms CSRF. 08-31 6.5 external) In BlackCat CMS 1.2, backend/addons/install.php allows CVE-2017- remote authenticated users to 14050 execute arbitrary PHP code via a 2017- MISC(link is

blackcat-cms -- blackcat_cms ZIP archive that contains a .php file. 08-31 6.5 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info CVE-2014- Cross-site scripting (XSS) 9514 bmc -- vulnerability in BMC Footprints 2017- BUGTRAQ(li

footprints_service_core Service Core 11.5. 08-28 4.3 nk is external) Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows CVE-2017- remote attackers to inject arbitrary 12856 web script or HTML via the 2017- CONFIRM(li

c.p.sub_project -- c.p.sub keyword parameter to index.php. 08-29 4.3 nk is external) Race condition in Apport before CVE-2015- 2.17.2-0ubuntu1.1 as packaged in 1325 Ubuntu 15.04, before MLIST(link is 2.14.70ubuntu8.5 as packaged in external) Ubuntu 14.10, before 2.14.1- BID(link is 0ubuntu3.11 as packaged in Ubuntu external) 14.04 LTS, and before 2.0.1- UBUNTU(lin 0ubuntu17.9 as packaged in Ubuntu k is external) 12.04 LTS allow local users to write EXPLOIT- to arbitrary files and gain root 2017- DB(link is

canonical -- ubuntu_linux privileges. 08-25 6.9 external) Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject CVE-2015- arbitrary web script or HTML via a 2017- 6942

coremail -- coremail_xt hyperlink in a document attachment. 08-29 4.3 FULLDISC CVE-2017- 14036 CONFIRM(li nk is external) CrushFTP before 7.8.0 and 8.x 2017- CONFIRM(li

crushftp -- crushftp before 8.2.0 has XSS. 08-30 4.3 nk is external) CVE-2017- 14037 CONFIRM(li CrushFTP before 7.8.0 and 8.x nk is external) before 8.2.0 has an HTTP header 2017- CONFIRM(li

crushftp -- crushftp vulnerability. 08-30 4.3 nk is external) CVE-2017- CrushFTP before 7.8.0 and 8.x 14038 before 8.2.0 has a redirect 2017- CONFIRM(li

crushftp -- crushftp vulnerability. 08-30 5.8 nk is external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info CONFIRM(li nk is external) CVE-2017- 2254 Cybozu Garoon 3.5.0 to 4.2.5 allows JVN(link is an attacker to cause a denial of external) service in the application menu's edit 2017- CONFIRM(li

cybozu -- garoon function via specially crafted input 08-28 4.0 nk is external) CVE-2017- 2257 Cross-site scripting vulnerability in JVN(link is Cybozu Garoon 3.0.0 to 4.2.5 allows external) an attacker to inject arbitrary web 2017- CONFIRM(li

cybozu -- garoon script or HTML via mail function. 08-28 4.3 nk is external) CVE-2017- Directory traversal vulnerability in 2258 Cybozu Garoon 4.2.4 to 4.2.5 allows JVN(link is an attacker to read arbitrary files via external) Garoon SOAP API 2017- CONFIRM(li

cybozu -- garoon "WorkflowHandleApplications". 08-28 4.0 nk is external) CVE-2015- 1177 MISC(link is external) BUGTRAQ(li Cross-site scripting (XSS) nk is external) vulnerability in Exponent CMS 2017- BID(link is

exponentcms -- exponent_cms 2.3.2. 08-28 4.3 external) CVE-2012- 2805 Unspecified vulnerability in MISC(link is FFMPEG 0.10 allows remote 2017- external)

ffmpeg -- ffmpeg attackers to cause a denial of service. 08-28 5.0 CONFIRM CVE-2017- controllers/member/api.php in 13697 dayrui FineCms 5.0.11 has XSS 2017- MISC(link is

finecms_project -- finecms related to the dirname variable. 08-25 4.3 external) CVE-2017- Fiyo CMS 2.0.7 has XSS in 13778 dapur\apps\app_config\sys_config.p 2017- MISC(link is

fiyo -- fiyo_cms hp via the site_name parameter. 08-30 4.3 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote CVE-2017- attackers to cause a denial of service 13710 (NULL pointer dereference and BID(link is application crash) via a group 2017- external)

gnu -- binutils section that is too small. 08-27 5.0 CONFIRM The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted CVE-2017- ELF file, related to 13757 elf_i386_get_synthetic_symtab in BID(link is elf32-i386.c and external) elf_x86_64_get_synthetic_symtab in 2017- CONFIRM

gnu -- binutils elf64-x86-64.c. 08-29 4.3 CONFIRM CVE-2014- 9483 MLIST(link is external) XF(link is external) Emacs 24.4 allows remote attackers 2017- CONFIRM(li

gnu -- emacs to bypass security restrictions. 08-28 5.0 nk is external) There is an infinite loop in the next_char function in comp_scan.c CVE-2017- in ncurses 6.0, related to libtic. A 13728 crafted input will lead to a remote 2017- MISC(link is

gnu -- ncurses denial of service attack. 08-29 4.3 external) There is an illegal address access in the _nc_save_str function in CVE-2017- alloc_entry.c in ncurses 6.0. It will 13729 lead to a remote denial of service 2017- MISC(link is

gnu -- ncurses attack. 08-29 4.3 external) There is an illegal address access in CVE-2017- the function 13730 _nc_read_entry_source() in 2017- MISC(link is

gnu -- ncurses progs/tic.c in ncurses 6.0 that might 08-29 4.3 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info lead to a remote denial of service attack. There is an illegal address access in the function postprocess_termcap() CVE-2017- in parse_entry.c in ncurses 6.0 that 13731 will lead to a remote denial of 2017- MISC(link is

gnu -- ncurses service attack. 08-29 4.3 external) There is an illegal address access in the function dump_uses() in CVE-2017- progs/dump_entry.c in ncurses 6.0 13732 that might lead to a remote denial of 2017- MISC(link is

gnu -- ncurses service attack. 08-29 4.3 external) There is an illegal address access in the fmt_entry function in CVE-2017- progs/dump_entry.c in ncurses 6.0 13733 that might lead to a remote denial of 2017- MISC(link is

gnu -- ncurses service attack. 08-29 4.3 external) There is an illegal address access in CVE-2017- the _nc_safe_strcat function in 13734 strings.c in ncurses 6.0 that will lead 2017- MISC(link is

gnu -- ncurses to a remote denial of service attack. 08-29 4.3 external) CVE-2014- 4925 MISC(link is external) Cross-site scripting (XSS) FULLDISC vulnerability in Good for Enterprise 2017- XF(link is

good -- good_for_enterprise for Android 2.8.0.398 and 1.9.0.40. 08-28 4.3 external) There are lots of memory leaks in CVE-2017- the GMCommand function in 13736 magick/command.c in BID(link is GraphicsMagick 1.3.26 that will external) graphicsmagick -- lead to a remote denial of service 2017- MISC(link is

graphicsmagick attack. 08-29 4.3 external) There is an invalid free in the CVE-2017- MagickFree function in 13737 magick/memory.c in MISC(link is GraphicsMagick 1.3.26 that will external) graphicsmagick -- lead to a remote denial of service 2017- MISC(link is

graphicsmagick attack. 08-29 4.3 external) graphicsmagick -- A memory allocation failure was 2017- CVE-2017-

graphicsmagick discovered in the ReadPNMImage 08-30 4.3 14042 CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info function in coders/pnm.c in MISC(link is GraphicsMagick 1.3.26. The external) vulnerability causes a big memory BID(link is allocation, which may lead to remote external) denial of service in the MISC MagickRealloc function in magick/memory.c. In Tidy 5.5.31, the IsURLCodePoint CVE-2017- function in attrs.c allows attackers to 13692 cause a denial of service BID(link is (Segmentation Fault), as external) demonstrated by an invalid 2017- CONFIRM(li

htacg -- tidy ISALNUM argument. 08-25 5.0 nk is external) IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in CVE-2017- the Web UI thus altering the 1427 intended functionality potentially CONFIRM(li leading to credentials disclosure nk is external) within a trusted session. IBM X- 2017- MISC(link is

ibm -- cognos_analytics Force ID: 127579. 08-29 4.3 external) IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote CVE-2017- attacker could exploit this 1428 vulnerability to hijack the victim's CONFIRM(li click actions and possibly launch nk is external) further attacks against the victim. 2017- MISC(link is

ibm -- cognos_analytics IBM X-Force ID: 127583. 08-29 5.8 external) IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 CVE-2017- contains an unspecified vulnerability 1110 that could allow an authenticated CONFIRM(li ibm -- user to view the incidents of a higher nk is external) curam_social_program_mana privileged user. IBM X-Force ID: 2017- MISC(link is

gement 120915. 08-28 4.0 external) ibm -- IBM Curam Social Program CVE-2017- curam_social_program_mana Management 6.0, 6.1, 6.2, and 7.0 2017- 1195

gement could allow a remote attacker to 08-29 5.8 CONFIRM(li CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info conduct phishing attacks, using an nk is external) open redirect attack. By persuading MISC(link is a victim to visit a specially-crafted external) Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670. IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A CVE-2017- remote attacker could send a 1440 specially-crafted URL to specify a CONFIRM(li malicious file from a remote system, nk is external) which could allow the attacker to BID(link is ibm -- execute arbitrary code on the external) emptoris_services_procureme vulnerable Web server. IBM X- 2017- MISC(link is

nt Force ID: 128105. 08-30 6.5 external) CVE-2017- IBM Emptoris Services Procurement 1442 10.0.0.5 is vulnerable to cross-site CONFIRM(li request forgery which could allow nk is external) an attacker to execute malicious and BID(link is ibm -- unauthorized actions transmitted external) emptoris_services_procureme from a user that the website trusts. 2017- MISC(link is

nt IBM X-Force ID: 128107. 08-30 6.8 external) IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site CVE-2017- scripting. This vulnerability allows 1443 users to embed arbitrary JavaScript CONFIRM(li code in the Web UI thus altering the nk is external) intended functionality potentially BID(link is ibm -- leading to credentials disclosure external) emptoris_services_procureme within a trusted session. IBM X- 2017- MISC(link is

nt Force ID: 128109. 08-30 4.3 external) CRLF injection vulnerability in IBM CVE-2014- Flex System EN6131 40Gb Ethernet 2017- 9564

ibm -- en6131_firmware and IB6131 40Gb Infiniband Switch 08-25 4.3 BID(link is CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info firmware before 3.4.1110 allows external) remote attackers to inject arbitrary CONFIRM(li HTTP headers and conduct HTTP nk is external) response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. IBM Sametime Enterprise Meeting CVE-2016- Server 8.5.2 and 9.0 could allow an 0354 authenticated user to upload a CONFIRM(li malicious file to a Sametime nk is external) meeting room, that could be SECTRACK(l downloaded by unsuspecting users ink is which could be executed with user external) privileges. IBM X-Force ID: 2017- MISC(link is

ibm -- sametime 111893. 08-29 6.0 external) CVE-2016- 0355 IBM Sametime Enterprise Meeting CONFIRM(li Server 8.5.2 and 9.0 could allow an nk is external) authenticated user that has been SECTRACK(l invited to a Sametime meeting room, ink is to cause the screen sharing to cease external) through the use of cross-site request 2017- MISC(link is

ibm -- sametime forgery. IBM X-Force ID: 111894. 08-29 4.0 external) CVE-2016- 0356 IBM Sametime Enterprise Meeting CONFIRM(li Server 8.5.2 and 9.0 could allow an nk is external) authenticated user that has been SECTRACK(l invited to a Sametime meeting room, ink is to cause the screen sharing to cease external) through the use of cross-site request 2017- MISC(link is

ibm -- sametime forgery. IBM X-Force ID: 111895. 08-29 4.0 external) IBM Sametime 8.5.2 and 9.0 could CVE-2016- allow an unauthorized authenticated 0358 user to enumerate group chat ID CONFIRM(li numbers and join meetings that he nk is external) was not invited to. IBM X-Force ID: 2017- BID(link is

ibm -- sametime 111928. 08-29 4.0 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info MISC(link is external) IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated CVE-2016- and invited user of Sametime 10503 meeting to lower any or all hands in CONFIRM(li an e-meeting, thus spoofing results nk is external) of votes in the meeting. IBM X- 2017- MISC(link is

ibm -- sametime Force ID: 113803. 08-29 4.0 external) CVE-2016- 2959 CONFIRM(li nk is external) IBM Sametime Meeting Server 8.5.2 SECTRACK(l and 9.0 could allow a meeting room ink is manager to remove the primary external) managers privileges. IBM X-Force 2017- MISC(link is

ibm -- sametime ID: 113804. 08-29 4.0 external) CVE-2016- 2964 IBM Sametime 8.5.2 and 9.0 under CONFIRM(li certain conditions provides an error nk is external) message to a user that is too detailed BID(link is and may reveal details about the external) application. IBM X-Force ID: 2017- MISC(link is

ibm -- sametime 113813. 08-29 5.0 external) CVE-2016- IBM Sametime Meeting Server 8.5.2 2965 and 9.0 is vulnerable to cross-site CONFIRM(li request forgery, caused by improper nk is external) validation of user-supplied input. By SECTRACK(l persuading a user to visit a malicious ink is link, a remote attacker could force external) the user to log out of Sametime. 2017- MISC(link is

ibm -- sametime IBM X-Force ID: 113846. 08-29 4.3 external) CVE-2016- IBM Sametime 8.5.1 and 9.0 could 2966 allow an authenticated user to CONFIRM(li enumerate meeting rooms by nk is external) guessing the meeting room id. IBM 2017- BID(link is

ibm -- sametime X-Force ID: 113847. 08-29 4.0 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info MISC(link is external) CVE-2016- 2969 CONFIRM(li nk is external) IBM Sametime Meeting Server 8.5.2 SECTRACK(l and 9.0 may send replies that contain ink is emails of people that should not be external) in these messages. IBM X-Force ID: 2017- MISC(link is

ibm -- sametime 113850. 08-29 4.0 external) CVE-2016- 2976 IBM Sametime Meeting Server 8.5.2 CONFIRM(li and 9.0 could allow a meeting nk is external) invitee to obtain previously cleared BID(link is sensitive information by viewing the external) meeting report history. IBM X-Force 2017- MISC(link is

ibm -- sametime ID: 113936. 08-29 4.0 external) CVE-2016- 2977 CONFIRM(li nk is external) SECTRACK(l IBM Sametime Meeting Server 8.5.2 ink is and 9.0 could allow a malicious user external) to lower other users hands in the 2017- MISC(link is

ibm -- sametime meeting. IBM X-Force ID: 113937. 08-29 4.0 external) CVE-2016- The Sametime WebPlayer 8.5.2 and 2980 9.0 is vulnerable to a script injection CONFIRM(li where a malicious site can inject nk is external) their own script by exploiting a BID(link is vulnerability in the way that the external) WebPlayer works. IBM X-Force ID: 2017- MISC(link is

ibm -- sametime 113993. 08-29 6.8 external) CVE-2014- 8900 Cross-site request forgery (CSRF) CONFIRM(li vulnerability in IBM UrbanCode nk is external) Release 6.0.1.6 and earlier, 6.1.0.7 2017- BID(link is

ibm -- urbancode_deploy and earlier, and 6.1.1.1 and earlier. 08-28 6.8 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info CVE-2017- 12876 Heap-based buffer overflow in MLIST(link is enhance.c in ImageMagick before external) 7.0.6-6 allows remote attackers to MISC cause a denial of service via a 2017- CONFIRM(li

imagemagick -- imagemagick crafted file. 08-28 4.3 nk is external) CVE-2017- 12877 Use-after-free vulnerability in the MLIST(link is DestroyImage function in image.c in external) ImageMagick before 7.0.6-6 allows MISC remote attackers to cause a denial of 2017- CONFIRM(li

imagemagick -- imagemagick service via a crafted file. 08-28 4.3 nk is external) CVE-2017- 13758 In ImageMagick 7.0.6-10, there is a SECTRACK(l heap-based buffer overflow in the ink is TracePoint() function in 2017- external)

imagemagick -- imagemagick MagickCore/draw.c. 08-29 4.3 CONFIRM Null Pointer Dereference in the IdentifyImage function in CVE-2017- MagickCore/identify.c in 13768 ImageMagick through 7.0.6-10 BID(link is allows an attacker to perform denial external) of service by sending a crafted 2017- CONFIRM(li

imagemagick -- imagemagick image file. 08-30 4.3 nk is external) The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 CVE-2017- allows an attacker to cause a denial 13769 of service (buffer over-read) by 2017- CONFIRM(li

imagemagick -- imagemagick sending a crafted JPEG file. 08-30 4.3 nk is external) There is a reachable assertion abort CVE-2017- in the function 13745 jpc_dec_process_sot() in BID(link is jpc/jpc_dec.c in JasPer 2.0.12 that external) will lead to a remote denial of 2017- MISC(link is

jasper_project -- jasper service attack. 08-29 5.0 external) There is a reachable assertion abort CVE-2017- in the function 2017- 13746

jasper_project -- jasper jpc_dec_process_siz() in 08-29 5.0 BID(link is CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info jpc/jpc_dec.c:1297 in JasPer 2.0.12 external) that will lead to a remote denial of MISC(link is service attack. external) CVE-2017- There is a reachable assertion abort 13747 in the function jpc_floorlog2() in BID(link is jpc/jpc_math.c in JasPer 2.0.12 that external) will lead to a remote denial of 2017- MISC(link is

jasper_project -- jasper service attack. 08-29 5.0 external) CVE-2017- There are lots of memory leaks in 13748 JasPer 2.0.12, triggered in the BID(link is function jas_strdup() in external) base/jas_string.c, that will lead to a 2017- MISC(link is

jasper_project -- jasper remote denial of service attack. 08-29 5.0 external) CVE-2017- There is a reachable assertion abort 13749 in the function jpc_pi_nextrpcl() in BID(link is jpc/jpc_t2cod.c in JasPer 2.0.12 that external) will lead to a remote denial of 2017- MISC(link is

jasper_project -- jasper service attack. 08-29 5.0 external) There is a reachable assertion abort CVE-2017- in the function 13750 jpc_dec_process_siz() in BID(link is jpc/jpc_dec.c:1296 in JasPer 2.0.12 external) that will lead to a remote denial of 2017- MISC(link is

jasper_project -- jasper service attack. 08-29 5.0 external) CVE-2017- There is a reachable assertion abort 13751 in the function calcstepsizes() in BID(link is jpc/jpc_dec.c in JasPer 2.0.12 that external) will lead to a remote denial of 2017- MISC(link is

jasper_project -- jasper service attack. 08-29 5.0 external) CVE-2017- There is a reachable assertion abort 13752 in the function jpc_dequantize() in BID(link is jpc/jpc_dec.c in JasPer 2.0.12 that external) will lead to a remote denial of 2017- MISC(link is

jasper_project -- jasper service attack. 08-29 5.0 external) CVE-2017- kaspersky -- In Kaspersky Internet Security for 2017- 12817

kaspersky_internet_security Android 11.12.4.1622, some of the 08-25 5.0 BID(link is CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info application trace files were not external) encrypted. CONFIRM(li nk is external) NULL Pointer Dereference in the CVE-2017- id3v2AddAudioDuration function in 13712 libmp3lame/id3tag.c in LAME BID(link is 3.99.5 allows attackers to perform external) Denial of Service by triggering a 2017- MISC(link is

lame_project -- lame NULL first argument. 08-28 5.0 external) Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in CVE-2017- olestrm.cpp in libfpx 1.3.1_p6 12919 allows remote attackers to cause a MLIST(link is denial of service via a crafted fpx 2017- external)

libfpx_project -- libfpx image. 08-28 4.3 MISC CDirectory::GetDirEntry in dir.cxx CVE-2017- in libfpx 1.3.1_p6 allows remote 12920 attackers to cause a denial of service MLIST(link is (NULL pointer dereference) via a 2017- external)

libfpx_project -- libfpx crafted fpx image. 08-28 4.3 MISC PFileFlashPixView::GetGlobalInfoP roperty in f_fpxvw.cpp in libfpx CVE-2017- 1.3.1_p6 allows remote attackers to 12921 cause a denial of service (NULL MLIST(link is pointer dereference) via a crafted fpx 2017- external)

libfpx_project -- libfpx image. 08-28 4.3 MISC CVE-2017- wchar.c in libfpx 1.3.1_p6 allows 12922 remote attackers to cause a denial of MLIST(link is service (NULL pointer dereference) 2017- external)

libfpx_project -- libfpx via a crafted fpx image. 08-28 4.3 MISC OLEStream::WriteVT_LPSTR in CVE-2017- olestrm.cpp in libfpx 1.3.1_p6 12923 allows remote attackers to cause a MLIST(link is denial of service (NULL pointer 2017- external)

libfpx_project -- libfpx dereference) via a crafted fpx image. 08-28 4.3 MISC CDirVector::GetTable in CVE-2017- dirfunc.hxx in libfpx 1.3.1_p6 12924 allows remote attackers to cause a MLIST(link is denial of service (divide-by-zero 2017- external)

libfpx_project -- libfpx error) via a crafted fpx image. 08-28 4.3 MISC CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info Double free vulnerability in CVE-2017- DfFromLB in docfile.cxx in libfpx 12925 1.3.1_p6 allows remote attackers to MLIST(link is cause a denial of service via a 2017- external)

libfpx_project -- libfpx crafted fpx image. 08-28 4.3 MISC The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and CVE-2017- application crash) via a crafted gig 2017- 12950

libgig0 -- libgig file. 08-28 4.3 FULLDISC The gig::DimensionRegion::CreateVeloc ityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack- based buffer over-read and CVE-2017- application crash) via a crafted gig 2017- 12951

libgig0 -- libgig file. 08-28 4.3 FULLDISC The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and CVE-2017- application crash) via a crafted gig 2017- 12952

libgig0 -- libgig file. 08-28 4.3 FULLDISC The gig::Instrument::UpdateRegionKeyT able function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid CVE-2017- memory write and application crash) 2017- 12953

libgig0 -- libgig via a crafted gig file. 08-28 4.3 FULLDISC The gig::Region::GetSampleFromWaveP ool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid CVE-2017- memory read and application crash) 2017- 12954

libgig0 -- libgig via a crafted gig file. 08-28 4.3 FULLDISC libhtp 0.5.15 allows remote attackers CVE-2015- to cause a denial of service (NULL 2017- 0928

libhtp_project -- libhtp pointer dereference). 08-28 5.0 BID(link is CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info external) MISC There is an illegal address access in CVE-2017- the _lou_getALine function in 13738 compileTranslationTable.c:346 in 2017- MISC(link is

liblouis -- liblouis Liblouis 3.2.0. 08-29 6.8 external) There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in CVE-2017- compileTranslationTable.c. It will 13739 lead to denial of service or remote 2017- MISC(link is

liblouis -- liblouis code execution. 08-29 6.8 external) There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in CVE-2017- compileTranslationTable.c, that will 13740 lead to denial of service or possibly 2017- MISC(link is

liblouis -- liblouis unspecified other impact. 08-29 6.8 external) There is a use-after-free in the function compileBrailleIndicator() in CVE-2017- compileTranslationTable.c in 13741 Liblouis 3.2.0 that will lead to a 2017- MISC(link is

liblouis -- liblouis remote denial of service attack. 08-29 4.3 external) There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in CVE-2017- compileTranslationTable.c, that will 13742 lead to a remote denial of service 2017- MISC(link is

liblouis -- liblouis attack. 08-29 4.3 external) There is a buffer overflow in Liblouis 3.2.0, triggered in the CVE-2017- function _lou_showString() in 13743 utils.c, that will lead to a remote 2017- MISC(link is

liblouis -- liblouis denial of service attack. 08-29 4.3 external) There is an illegal address access in CVE-2017- the function _lou_getALine() in 13744 compileTranslationTable.c:343 in 2017- MISC(link is

liblouis -- liblouis Liblouis 3.2.0. 08-29 4.3 external) There is a floating point exception in 2017- CVE-2017-

libraw -- libraw the kodak_radc_load_raw function 08-29 5.0 13735 CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info in dcraw_common.cpp in LibRaw MISC(link is 0.18.2. It will lead to a remote denial external) of service attack. There is a reachable assertion abort in the function TIFFWriteDirectorySec() in CVE-2017- LibTIFF 4.0.8, related to 13726 tif_dirwrite.c and a SubIFD tag. A MISC crafted input will lead to a remote 2017- BID(link is

libtiff -- libtiff denial of service attack. 08-29 4.3 external) There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in CVE-2017- LibTIFF 4.0.8, related to 13727 tif_dirwrite.c and a SubIFD tag. A MISC crafted input will lead to a remote 2017- BID(link is

libtiff -- libtiff denial of service attack. 08-29 4.3 external) An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the CVE-2017- Linux kernel through 4.12.10 allows 14051 local users to cause a denial of BID(link is service (memory corruption and external) system crash) by leveraging root 2017- MISC

linux -- linux_kernel access. 08-31 4.9 MISC The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a CVE-2017- kernel stack dump, which allows 13693 local users to obtain sensitive BID(link is information from kernel memory external) and bypass the KASLR protection MISC(link is mechanism (in the kernel through 2017- external)

linux -- linux_kernel 4.9) via a crafted ACPI table. 08-25 4.9 MISC CVE-2015- 2046 Cross-site scripting (XSS) MLIST(link is vulnerability in MantisBT 1.2.13 2017- external)

mantisbt -- mantisbt and later before 1.2.20. 08-28 4.3 MLIST(link is CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info external) CONFIRM(li nk is external) Cross-site scripting (XSS) CVE-2013- vulnerability in the Googlemaps 7430 plugin before 3.1 for Joomla! allows CONFIRM(li remote attackers to inject arbitrary nk is external) web script or HTML via the xmlns 2017- MLIST(link is

mapsplugin -- googlemaps parameter. 08-28 4.3 external) CVE-2013- 7431 MISC(link is external) CONFIRM(li Full path disclosure in the nk is external) Googlemaps plugin before 3.1 for 2017- MLIST(link is

mapsplugin -- googlemaps Joomla!. 08-29 5.0 external) CVE-2013- 7432 MISC(link is external) The Googlemaps plugin before 3.1 CONFIRM(li for Joomla! allows remote attackers nk is external) to bypass an intended protection 2017- MLIST(link is

mapsplugin -- googlemaps mechanism. 08-29 5.0 external) CVE-2013- 7433 MISC(link is external) CONFIRM(li Cross-site scripting (XSS) nk is external) vulnerability in the Googlemaps 2017- MLIST(link is

mapsplugin -- googlemaps plugin before 3.1 for Joomla!. 08-29 4.3 external) Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 CVE-2015- allows remote attackers to inject 6588 arbitrary web script or HTML via 2017- MISC(link is

modx -- modx_revolution the QUERY_STRING. 08-29 4.3 external) CVE-2014- Buffer overflow in mpg123 before 2017- 9497

mpg123 -- mpg123 1.18.0. 08-29 5.0 MLIST(link is CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info external) GENTOO MISC(link is external) "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and CVE-2017- earlier allows remote attackers to 10833 bypass access restriction to view MISC(link is information or modify external) nippon-antenna -- configurations via unspecified 2017- JVN(link is

scr02hd_firmware vectors. 08-28 6.4 external) Directory traversal vulnerability in CVE-2017- "Dokodemo eye Smart HD" 10834 SCR02HD Firmware 1.0.3.1000 and MISC(link is earlier allows authenticated attackers external) nippon-antenna -- to read arbitrary files via unspecified 2017- JVN(link is

scr02hd_firmware vectors. 08-28 4.0 external) CVE-2017- "Dokodemo eye Smart HD" 10835 SCR02HD Firmware 1.0.3.1000 and MISC(link is earlier allows authenticated attackers external) nippon-antenna -- to conduct code injection attacks via 2017- JVN(link is

scr02hd_firmware unspecified vectors. 08-28 6.5 external) CVE-2017- 13762 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM ONOS versions 1.8.0, 1.9.0, and 2017- CONFIRM

onosproject -- onos 1.10.0 are vulnerable to XSS. 08-29 4.3 CONFIRM ONOS versions 1.8.0, 1.9.0, and CVE-2017- 1.10.0 do not restrict the amount of 13763 memory allocated. The Netty 2017- CONFIRM

onosproject -- onos payload size is not limited. 08-29 5.0 CONFIRM Heap-based buffer overflow CVE-2016- vulnerability in the opj_mqc_byteout 2017- 10504

openjpeg -- openjpeg function in mqc.c in OpenJPEG 08-30 4.3 BID(link is CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info before 2.2.0 allows remote attackers external) to cause a denial of service CONFIRM(li (application crash) via a crafted bmp nk is external) file. CONFIRM(li nk is external) NULL pointer dereference vulnerabilities in the imagetopnm CVE-2016- function in convert.c, 10505 sycc444_to_rgb function in color.c, CONFIRM(li color_esycc_to_rgb function in nk is external) color.c, and sycc422_to_rgb CONFIRM(li function in color.c in OpenJPEG nk is external) before 2.2.0 allow remote attackers CONFIRM(li to cause a denial of service nk is external) (application crash) via crafted j2k 2017- CONFIRM(li

openjpeg -- openjpeg files. 08-30 4.3 nk is external) CVE-2016- 10506 BID(link is external) CONFIRM(li nk is external) CONFIRM(li nk is external) CONFIRM(li nk is external) Division-by-zero vulnerabilities in CONFIRM(li the functions opj_pi_next_cprl, nk is external) opj_pi_next_pcrl, and CONFIRM(li opj_pi_next_rpcl in pi.c in nk is external) OpenJPEG before 2.2.0 allow CONFIRM(li remote attackers to cause a denial of nk is external) service (application crash) via 2017- CONFIRM(li

openjpeg -- openjpeg crafted j2k files. 08-30 4.3 nk is external) CVE-2016- Integer overflow vulnerability in the 10507 bmp24toimage function in BID(link is convertbmp.c in OpenJPEG before external) 2.2.0 allows remote attackers to CONFIRM(li cause a denial of service (heap-based nk is external) buffer over-read and application 2017- CONFIRM(li

openjpeg -- openjpeg crash) via a crafted bmp file. 08-30 4.3 nk is external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info CVE-2017- A heap-based buffer overflow was 14039 discovered in the BID(link is opj_t2_encode_packet function in external) lib/openjp2/t2.c in OpenJPEG 2.2.0. MISC The vulnerability causes an out-of- MISC(link is bounds write, which may lead to external) remote denial of service or possibly 2017- MISC(link is

openjpeg -- openjpeg unspecified other impact. 08-30 6.8 external) CVE-2017- 14040 An invalid write access was BID(link is discovered in bin/jp2/convert.c in external) OpenJPEG 2.2.0, triggering a crash MISC in the tgatoimage function. The MISC(link is vulnerability may lead to remote external) denial of service or possibly 2017- MISC(link is

openjpeg -- openjpeg unspecified other impact. 08-30 6.8 external) CVE-2017- A stack-based buffer overflow was 14041 discovered in the pgxtoimage BID(link is function in bin/jp2/convert.c in external) OpenJPEG 2.2.0. The vulnerability MISC causes an out-of-bounds write, MISC(link is which may lead to remote denial of external) service or possibly remote code 2017- MISC(link is

openjpeg -- openjpeg execution. 08-30 6.8 external) An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has CVE-2017- protocol flaws with the potential to 7930 expose change records in the clear BID(link is and allow a malicious party to spoof 2017- external)

osisoft -- pi_data_archive a server within a collective. 08-25 5.8 MISC An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior CVE-2017- to 2017. PI Network Manager using 7934 older protocol versions contains a BID(link is flaw that could allow a malicious 2017- external)

osisoft -- pi_data_archive user to authenticate with a server 08-25 4.3 MISC CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info and then cause PI Network Manager to behave in an undefined manner. A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to CVE-2017- occur when an otherwise- 7926 unauthorized cross-site request is BID(link is sent from a browser the server has 2017- external)

osisoft -- pi_web_api previously authenticated. 08-25 6.8 MISC Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party CVE-2015- information. NOTE: this 4180 phpmybackuppro -- vulnerability exists due to an 2017- MLIST(link is

phpmybackuppro incomplete fix to CVE-2009-4050. 08-25 5.0 external) Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party CVE-2015- information. NOTE: this 4181 phpmybackuppro -- vulnerability exists due to an 2017- MLIST(link is

phpmybackuppro incomplete fix to CVE-2015-4180. 08-25 5.0 external) CVE-2014- Cross-site scripting (XSS) 0141 vulnerability in Red Hat Satellite 2017- CONFIRM(li

redhat -- satellite 6.0.3. 08-28 4.3 nk is external) Directory traversal vulnerability in CVE-2017- viewer_script.jsp in Riverbed 7693 riverbed -- OPNET App Response Xpert (ARX) 2017- MISC(link is

opnet_app_response_xpert version 9.6.1 allows remote 08-26 6.8 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info authenticated users to inject arbitrary commands to read OS files. CVE-2015- 4017 MLIST(link is external) CONFIRM(li nk is external) Salt before 2014.7.6 does not verify CONFIRM(li certificates when connecting via the nk is external) aliyun, proxmox, and splunk 2017- CONFIRM(li

saltstack -- salt modules. 08-25 5.0 nk is external) Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 CVE-2017- allows an attacker to inject arbitrary 10838 web script or HTML via unspecified 2017- JVN(link is

seopanel -- seo_panel vectors. 08-28 4.3 external) SQL injection vulnerability in the SEO Panel prior to version 3.11.0 CVE-2017- allows authenticated attackers to 10839 execute arbitrary SQL commands 2017- JVN(link is

seopanel -- seo_panel via unspecified vectors. 08-28 6.5 external) CVE-2014- 9557 MISC(link is Multiple cross-site scripting (XSS) 2017- external)

smartcms -- smartcms vulnerabilities in SmartCMS v.2. 08-28 4.3 FULLDISC A Directory Traversal issue was discovered in SpiderControl CVE-2017- SCADA Web Server. An attacker 12694 may be able to use a simple GET BID(link is spidercontrol -- request to perform a directory 2017- external)

scada_web_server traversal into system files. 08-25 5.0 MISC The dump_callback function in CVE-2017- SQLite 3.20.0 allows remote 13685 attackers to cause a denial of service MISC (EXC_BAD_ACCESS and 2017- BID(link is

sqlite -- sqlite application crash) via a crafted file. 08-29 4.3 external) Uncontrolled Resource CVE-2017- Consumption vulnerability in 12076 synology -- SYNO.Core.PortForwarding.Rules 2017- CONFIRM(li

diskstation_manager in Synology DiskStation (DSM) 08-28 4.0 nk is external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote CVE-2017- authenticated attacker to exhaust the 12077 memory resources of the machine, 2017- CONFIRM(li

synology -- router_manager causing a denial of service attack. 08-28 4.0 nk is external) CVE-2015- 1386 MLIST(link is external) Directory traversal vulnerability in 2017- CONFIRM(li

unshield_project -- unshield unshield 1.0-1. 08-28 5.0 nk is external) CVE-2014- 9469 MISC(link is Cross-site scripting (XSS) external) vulnerability in vBulletin 3.5.4, FULLDISC 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 2017- BID(link is

vbulletin -- vbulletin 5.1.3. 08-28 4.3 external) CVE-2015- 0210 wpa_supplicant 2.0-16 does not CONFIRM(li properly check certificate subject nk is external) name, which allows remote attackers 2017- CONFIRM(li

w1.fi -- wpa_supplicant to cause a man-in-the-middle attack. 08-28 4.3 nk is external) CVE-2014- 9312 MISC(link is external) MISC(link is external) Unrestricted File Upload 2017- BID(link is

web-dorado -- photo_gallery vulnerability in Photo Gallery 1.2.5. 08-28 6.5 external) Cross-site scripting vulnerability in CVE-2017- webcalendar_project -- WebCalendar 1.2.7 and earlier 2017- 10840

webcalendar allows an attacker to inject arbitrary 08-28 4.3 MISC(link is CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info web script or HTML via unspecified external) vectors. JVN(link is external) CVE-2017- Directory traversal vulnerability in 10841 WebCalendar 1.2.7 and earlier MISC(link is allows authenticated attackers to external) webcalendar_project -- read arbitrary files via unspecified 2017- JVN(link is

webcalendar vectors. 08-28 4.0 external) A Use of Hard-Coded Cryptographic Key issue was discovered in MRD- 305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD- 455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow CVE-2016- westermo -- mrd-315- an attacker to decrypt traffic from 2017- 5816

din_firmware any other source. 08-25 5.0 MISC A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was CVE-2017- intentionally provided by the user, 12703 making it possible for an attacker to BID(link is westermo -- mrd-315- trick a user into making a malicious 2017- external)

din_firmware request to the server. 08-25 6.8 MISC CVE-2017- 13764 BID(link is external) SECTRACK(l In Wireshark 2.4.0, the Modbus ink is dissector could crash with a NULL external) pointer dereference. This was CONFIRM addressed in epan/dissectors/packet- 2017- CONFIRM

wireshark -- wireshark mbtcp.c by adding length validation. 08-30 5.0 CONFIRM In Wireshark 2.4.0, 2.2.0 to 2.2.8, CVE-2017- and 2.0.0 to 2.0.14, the IrCOMM 2017- 13765

wireshark -- wireshark dissector has a buffer over-read and 08-30 5.0 BID(link is CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info application crash. This was external) addressed in plugins/irda/packet- SECTRACK(l ircomm.c by adding length ink is validation. external) CONFIRM CONFIRM CONFIRM CVE-2017- 13766 BID(link is external) SECTRACK(l In Wireshark 2.4.0 and 2.2.0 to ink is 2.2.8, the Profinet I/O dissector external) could crash with an out-of-bounds CONFIRM write. This was addressed in CONFIRM plugins/profinet/packet-dcerpc-pn- 2017- CONFIRM

wireshark -- wireshark io.c by adding string validation. 08-30 5.0 CONFIRM Zend/Diactoros/Uri::filterPath in CVE-2015- zend-diactoros before 1.0.4 does not 3257 properly sanitize path input, which BID(link is allows remote attackers to perform external) cross-site scripting (XSS) or open 2017- CONFIRM(li

zend -- diactoros redirect attacks. 08-25 4.3 nk is external) Back to top

Low Vulnerabilities CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info In BlackCat CMS 1.2, backend/settings/ajax_save_settin gs.php allows remote CVE-2017- authenticated users to conduct 14049 XSS attacks via the Website 2017- MISC(link is

blackcat-cms -- blackcat_cms header or Website footer field. 08-31 3.5 external) Cross-site scripting vulnerability CVE-2017- in Cybozu Garoon 3.7.0 to 4.2.5 2255 allows an attacker to inject 2017- JVN(link is

cybozu -- garoon arbitrary web script or HTML via 08-28 3.5 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info "Rich text" function of the CONFIRM(lin application "Space". k is external) Cross-site scripting vulnerability CVE-2017- in Cybozu Garoon 3.0.0 to 4.2.5 2256 allows an attacker to inject JVN(link is arbitrary web script or HTML via external) "Rich text" function of the 2017- CONFIRM(lin

cybozu -- garoon application "Memo". 08-28 3.5 k is external) IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code CVE-2017- in the Web UI thus altering the 1485 intended functionality potentially CONFIRM(lin leading to credentials disclosure k is external) within a trusted session. IBM X- 2017- MISC(link is

ibm -- cognos_analytics Force ID: 128623. 08-29 3.5 external) IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code CVE-2017- in the Web UI thus altering the 1535 intended functionality potentially CONFIRM(lin leading to credentials disclosure k is external) within a trusted session. IBM X- 2017- MISC(link is

ibm -- cognos_analytics Force ID: 130677. 08-29 3.5 external) IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI CVE-2016- thus altering the intended 9732 functionality potentially leading to CONFIRM(lin ibm -- credentials disclosure within a k is external) curam_social_program_manag trusted session. IBM X-Force ID: 2017- MISC(link is

ement 119761. 08-28 3.5 external) CVE-2017- IBM Emptoris Services 1441 ibm -- Procurement 10.0.0.5 could allow CONFIRM(lin emptoris_services_procuremen a local user to view sensitive 2017- k is external)

t information stored locally due to 08-30 2.1 BID(link is CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info improper access control. IBM X- external) Force ID: 128106. MISC(link is external) IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. CVE-2016- This vulnerability allows users to 2967 embed arbitrary JavaScript code CONFIRM(lin in the Sametime away message k is external) altering the intended functionality BID(link is potentially leading to credentials external) disclosure within a trusted session. 2017- MISC(link is

ibm -- sametime IBM X-Force ID: 113848. 08-29 3.5 external) CVE-2016- IBM Sametime Meeting Server 2972 8.5.2 and 9.0 could store CONFIRM(lin credentials of the Sametime k is external) Meetings user in the local cache SECTRACK(li of their browser which could be nk is external) accessed by a local user. IBM X- 2017- MISC(link is

ibm -- sametime Force ID: 113855. 08-29 2.1 external) IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the CVE-2016- Sametime Rich Client, could 2974 disclose potentially sensitive CONFIRM(lin information related to the k is external) Sametime environment as well as BID(link is other users on the local machine external) of the user. IBM X-Force ID: 2017- MISC(link is

ibm -- sametime 113934. 08-29 2.1 external) IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. CVE-2016- This vulnerability allows users to 2975 embed arbitrary JavaScript code CONFIRM(lin in the Web UI thus altering the k is external) intended functionality potentially BID(link is leading to credentials disclosure external) within a trusted session. IBM X- 2017- MISC(link is

ibm -- sametime Force ID: 113935. 08-29 3.5 external) IBM Sametime 8.5.2 and 9.0 CVE-2016- could store potentially sensitive 2978 information from the browser 2017- CONFIRM(lin

ibm -- sametime cache locally that could be 08-29 2.1 k is external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info available to a local user. IBM X- BID(link is Force ID: 113938. external) MISC(link is external) IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This CVE-2016- vulnerability allows users to 2979 embed arbitrary JavaScript code CONFIRM(lin in the Web UI thus altering the k is external) intended functionality potentially SECTRACK(li leading to credentials disclosure nk is external) within a trusted session. IBM X- 2017- MISC(link is

ibm -- sametime Force ID: 113945. 08-29 3.5 external) The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a CVE-2017- kernel stack dump, which allows 13694 local users to obtain sensitive BID(link is information from kernel memory external) and bypass the KASLR protection MISC(link is mechanism (in the kernel through 2017- external)

linx -- linux_kernel 4.9) via a crafted ACPI table. 08-25 2.1 MISC The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, CVE-2017- which allows local users to obtain 13695 sensitive information from kernel BID(link is memory and bypass the KASLR external) protection mechanism (in the MISC(link is kernel through 4.9) via a crafted 2017- external)

linx -- linux_kernel ACPI table. 08-25 2.1 MISC In The Sleuth Kit (TSK) 4.4.2, CVE-2017- opening a crafted ISO 9660 image 13755 triggers an out-of-bounds read in 2017- MISC(link is

sleuthkit -- the_sleuth_kit iso9660_proc_dir() in 08-29 2.1 external) CVS S Primary Publish Scor Source & Vendor -- Product Description ed e Patch Info tsk/fs/iso9660_dent.c in libtskfs.a, as demonstrated by fls. In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in CVE-2017- dos_load_ext_table() in 13756 tsk/vs/dos.c in libtskvs.a, as 2017- MISC(link is

sleuthkit -- the_sleuth_kit demonstrated by mmls. 08-29 2.1 external) In The Sleuth Kit (TSK) 4.4.2, fls CVE-2017- hangs on a corrupt exfat image in 13760 tsk_img_read() in 2017- MISC(link is

sleuthkit -- the_sleuth_kit tsk/img/img_io.c in libtskimg.a. 08-29 2.1 external) A Use of Hard-Coded Credentials issue was discovered in MRD- 305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than CVE-2017- 1.7.5.0. The device utilizes hard- 12709 coded credentials, which could BID(link is westermo -- mrd-315- allow for unauthorized local low- 2017- external)

din_firmware privileged access to the device. 08-25 2.1 MISC Back to top

Severity Not Yet Assigned CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info CVE- 2015- 0233 not FEDORA 389_administration_server -- Multiple insecure Temporary File yet CONFIR 389_administration_server vulnerabilities in 389 2017- calculM(link is Administration Server before 1.1.38. 08-28 ated external) An Improper Restriction Of Operations Within The Bounds Of CVE- A Memory Buffer issue was not 2017- discovered in Advantech yet 12708 advantech -- webaccess WebAccess versions prior to 2017- calculBID(link V8.2_20170817. Researchers have 08-30 ated is CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info identified multiple vulnerabilities external) that allow invalid locations to be MISC referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash. A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper CVE- validation of the length of user- 2017- supplied data prior to copying it to a 12706 stack-based buffer, which could not BID(link allow an attacker to execute yet is advantech -- webaccess arbitrary code under the context of 2017- calculexternal) the process. 08-30 ated MISC A SQL Injection issue was discovered in Advantech WebAccess versions prior to CVE- V8.2_20170817. By submitting a 2017- specially crafted parameter, it is 12710 possible to inject arbitrary SQL not BID(link statements that could allow an yet is advantech -- webaccess attacker to obtain sensitive 2017- calculexternal) information. 08-30 ated MISC An Incorrect Privilege Assignment CVE- issue was discovered in Advantech 2017- WebAccess versions prior to 12711 V8.2_20170817. A built-in user not BID(link account has been granted a sensitive yet is advantech -- webaccess privilege that may allow a user to 2017- calculexternal) elevate to administrative privileges. 08-30 ated MISC An Incorrect Permission Assignment for Critical Resource CVE- issue was discovered in Advantech 2017- WebAccess versions prior to 12713 V8.2_20170817. Multiple files and not BID(link folders with ACLs that affect other yet is advantech -- webaccess users are allowed to be modified by 2017- calculexternal) non-administrator accounts. 08-30 ated MISC CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info An Externally Controlled Format String issue was discovered in CVE- Advantech WebAccess versions 2017- prior to V8.2_20170817. String 12702 format specifiers based on user not BID(link provided input are not properly yet is advantech -- webaccess validated, which could allow an 2017- calculexternal) attacker to execute arbitrary code. 08-30 ated MISC An Uncontrolled Search Path Element issue was discovered in CVE- Advantech WebAccess versions 2017- prior to V8.2_20170817. A 12717 maliciously crafted dll file placed not BID(link earlier in the search path may allow yet is advantech -- webaccess an attacker to execute code within 2017- calculexternal) the context of the application. 08-30 ated MISC An Improper Authentication issue CVE- was discovered in Advantech 2017- WebAccess versions prior to 12698 V8.2_20170817. Specially crafted not BID(link requests allow a possible yet is advantech -- webaccess authentication bypass that could 2017- calculexternal) allow remote code execution. 08-30 ated MISC This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 CVE- in the short-circuit reads feature of 2016- HDFS. A local user on an HDFS 5001 DataNode may be able to craft a not MLIST block token that grants unauthorized yet BID(link apache -- hadoop read access to random files by 2017- calculis guessing certain fields in the token. 08-30 ated external) The default configuration of the OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article not CVE- field is not properly sanitized. It is yet 2016- apache -- ofbiz possible to inject arbitrary 2017- calcul6800 JavaScript code in these form fields. 08-30 ated MLIST CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info This code gets executed from the browser of every user who is visiting this article. Mitigation: Upgrade to Apache OFBiz 16.11.01. By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used not CVE- for remote code execution. yet 2016- apache -- ofbiz Mitigation: Upgrade to Apache 2017- calcul4462 OFBiz 16.11.01 08-30 ated MLIST When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not CVE- not be at risk since only trusted yet 2017- apache -- solr clients and users would gain direct 2017- calcul3163 HTTP access. 08-30 ated MLIST CVE- 2015- 5209 BID(link is Apache Struts 2.x before 2.3.24.1 external) allows remote attackers to SECTRA manipulate Struts internals, alter not CK(link is user sessions, or affect container yet external) apache -- struts settings via vectors involving a top 2017- calculCONFIR object. 08-29 ated M ARM mbed TLS before 1.3.21 and 2017- not CVE- arm_mbed_tls -- arm_mbed_tls 2.x before 2.1.9, if optional 08-30 yet 2017- CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info authentication is configured, allows calcul14032 remote attackers to bypass peer ated CONFIR authentication via an X.509 M certificate chain with many CONFIR intermediates. NOTE: although M(link is mbed TLS was formerly known as external) PolarSSL, the releases shipped with CONFIR the PolarSSL name are not affected. M(link is external) CONFIR M In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program CVE- configuration option that is executed 2017- by the MinivmNotify dialplan 14100 application. The application uses the CONFIR caller-id name and number as part of M a built string passed to the OS shell SECTRA for interpretation and execution. CK(link is Since the caller-id name and number external) can come from an untrusted source, not CONFIR a crafted caller-id name or number yet M asterisk -- asterisk allows an arbitrary shell command 2017- calculCONFIR injection. 09-02 ated M In res/res_rtp_asterisk.c in Asterisk CVE- 11.x before 11.25.2, 13.x before 2017- 13.17.1, and 14.x before 14.6.1 and 14099 Certified Asterisk 11.x before 11.6- CONFIR cert17 and 13.x before 13.13-cert5, M unauthorized data disclosure (media SECTRA takeover in the RTP stack) is CK(link is possible with careful timing by an external) attacker. The "strictrtp" option in CONFIR rtp.conf enables a feature of the RTP not M stack that learns the source address yet CONFIR asterisk -- asterisk of media for a session and drops any 2017- calculM packets that do not originate from 09-02 ated MISC(lin CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info the expected address. This option is k is enabled by default in Asterisk 11 external) and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well. CVE- 2017- 14098 CONFIR In the pjsip channel driver M (res_pjsip) in Asterisk 13.x before SECTRA 13.17.1 and 14.x before 14.6.1, a not CK(link is carefully crafted tel URI in a From, yet external) asterisk -- asterisk To, or Contact header could cause 2017- calculCONFIR Asterisk to crash. 09-02 ated M CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info CONFIR M Async Http Client (aka async-http- CVE- client) before 2.0.35 can be tricked 2017- into connecting to a host different 14063 from the one extracted by MISC(lin java.net.URI if a '?' character occurs k is in a fragment identifier. Similar not external) bugs were previously identified in yet MISC(lin async-http-client -- async-http-client cURL (CVE-2016-8624) and Oracle 2017- calculk is Java 8 java.net.URL. 08-31 ated external) CVE- 2015- 7711 MISC(lin k is external) MISC(lin k is Cross-site scripting (XSS) external) vulnerability in popuphelp.php in FULLDIS ATutor 2.2 and earlier allows not C atutor -- atutor remote attackers to inject arbitrary yet BUGTRA web script or HTML via the h 2017- calculQ(link is parameter. 08-31 ated external) An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter CVE- malicious input to WebCTRL, i-Vu, 2016- or SiteScan Web through a weakly 5795 configured XML parser causing the not BID(link automated_logic_corporation -- application to execute arbitrary code yet is liebert_sitescan_web or disclose file contents from a 2017- calculexternal) server or connected network. 08-31 ated MISC CVE- Improper Verification of not 2014- avm -- fritz!box Cryptographic Signature in AVM yet 8872 FRITZ!Box 6810 LTE after 2017- calculMISC(lin firmware 5.22, FRITZ!Box 6840 08-28 ated k is CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info LTE after firmware 5.23, and other external) models with firmware 5.50. FULLDIS C BUGTRA Q(link is external) CVE- 2016- 0634 MLIST(li nk is external) MLIST(li nk is external) MLIST(li nk is external) MLIST(li nk is external) MLIST(li nk is external) MLIST(li nk is external) MLIST(li nk is external) MLIST(li nk is external) MLIST(li nk is external) MLIST(li The expansion of '\h' in the prompt nk is string in bash 4.3 allows remote external) authenticated users to execute not BID(link arbitrary code via shell yet is bash -- bash metacharacters placed in 'hostname' 2017- calculexternal) of a machine. 08-28 ated CONFIR CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info M(link is external) GENTOO This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low- privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within processing of the 0x8000E038 CVE- IOCTL in the bdfwfpf driver. The 2017- issue results from the lack of 10950 validating the existence of an object BID(link prior to performing operations on is the object. An attacker could not external) leverage this vulnerability to yet MISC(lin bitdefender -- total_security execute arbitrary code in the context 2017- calculk is of SYSTEM. Was ZDI-CAN-4776. 08-29 ated external) CVE- 2014- 8753 MISC(lin k is external) FULLDIS not C Multiple cross-site scripting (XSS) yet BID(link cit-e-net -- cit-e-access vulnerabilities in Cit-e-Net Cit-e- 2017- calculis Access 6. 08-28 ated external) CVE- Gorouter in Cloud Foundry cf- 2016- release v141 through v228 allows 0713 man-in-the-middle attackers to not CONFIR cloud_foundry -- gorouter conduct cross-site scripting (XSS) yet M(link is attacks via vectors related to 2017- calculexternal) modified requests. 08-31 ated MLIST Stack-based buffer overflow in not CVE- "dnsproxy.c" in connman 1.34 and yet 2017- connman -- connman earlier allows remote attackers to 2017- calcul12865 cause a denial of service (crash) or 08-29 ated DEBIAN CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info execute arbitrary code via a crafted BID(link response query string passed to the is "name" variable. external) MISC(lin k is external) CONFIR M CVE- 2014- 8393 MISC(lin k is external) FULLDIS C SECUNI A(link is external) MISC(lin k is external) BUGTRA Q(link is external) BID(link DLL Hijacking vulnerability in is CorelDRAW X7, Corel Photo-Paint not external) X7, Corel PaintShop Pro X7, Corel yet SECTRA corel -- multiple_products Painter 2015, and Corel PDF 2017- calculCK(link is Fusion. 08-28 ated external) CVE- D-Link DNS-320L firmware before 2014- 1.04b12, DNS-327L before 1.03b04 7857 Build0119, DNR-326 1.40b03, MISC(lin DNS-320B 1.02b01, DNS-345 k is 1.03b06, DNS-325 1.05b03, and external) DNS-322L 2.00b07 allow remote FULLDIS attackers to bypass authentication C and log in with administrator not CONFIR permissions by passing the yet M(link is d-link -- d-link cgi_set_wto command in the cmd 2017- calculexternal) parameter, and setting the spawned 08-25 ated BUGTRA CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info session's cookie to Q(link is username=admin. external) BID(link is external) A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of type 0x0FA4204. The vulnerability is present due to the kernel driver failing to allocate sufficient memory on the kernel heap to contain a user supplied string as such the string is copied into a buffer of constant size (0x1000-bytes) and thus an overflow condition results. Access to the kernel driver is permitted CVE- through an obfuscated interface 2017- whereby bytes of user supplied not 12840 message are "authenticated" via an yet MISC(lin deslock+ -- deslock+ obfuscation routine employing a 2017- calculk is linear equation. 08-28 ated external) An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some CVE- Lenovo brand notebooks (not 2017- ThinkPads). This could allow an not 3757 attacker with local privileges to yet CONFIR elantech -- touchpad_driver execute code with administrative 2017- calculM(link is privileges. 08-28 ated external) CVE- 2015- not 1876 yet MISC(lin es_file_explorer -- es_file_explorer Directory traversal vulnerability in 2017- calculk is ES File Explorer 3.2.4.1. 08-28 ated external) The EyesOfNetwork web interface 2017- not CVE- eyesofnetwork -- web_interface (aka eonweb) 5.1-0 allows directory 08-30 yet 2017- CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info traversal attacks for reading calcul13780 arbitrary files via the ated MISC(lin module/admin_conf/download.php k is file parameter. external) In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain CVE- sufficient backing data, is provided, 2017- the first type==4 loop would not 14054 consume huge CPU resources, since yet CONFIR ffmpeg -- ffmpeg there is no EOF check inside the 2017- calculM(link is loop. 08-31 ated external) CVE- 2013- 0870 CONFIR M MLIST(li not nk is The 'vp3_decode_frame' function in yet external) ffmpeg -- ffmpeg FFmpeg 1.1.4 moves threads check 2017- calculCONFIR out of header packet type check. 08-28 ated M In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain CVE- sufficient backing data, is provided, 2017- the loop over the frames would not 14055 consume huge CPU and memory yet CONFIR ffmpeg -- ffmpeg resources, since there is no EOF 2017- calculM(link is check inside the loop. 08-31 ated external) In libavformat/rl2.c in FFmpeg not CVE- 3.3.3, a DoS in rl2_read_header() yet 2017- ffmpeg -- ffmpeg due to lack of an EOF (End of File) 2017- calcul14056 check might cause huge CPU and 08-31 ated CONFIR CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info memory consumption. When a M(link is crafted RL2 file, which claims a external) large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient CVE- backing data, is provided, the 2017- image-offset parsing loop would not 14059 consume huge CPU and memory yet CONFIR ffmpeg -- ffmpeg resources, since there is no EOF 2017- calculM(link is check inside the loop. 08-31 ated external) In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain CVE- sufficient backing data, is provided, 2017- the loops over the name and markers not 14057 would consume huge CPU and yet CONFIR ffmpeg -- ffmpeg memory resources, since there is no 2017- calculM(link is EOF check inside these loops. 08-31 ated external) In FFmpeg 3.3.3, the read_data CVE- function in libavformat/hls.c does 2017- not restrict reload attempts for an not 14058 insufficient list, which allows yet CONFIR ffmpeg -- ffmpeg remote attackers to cause a denial of 2017- calculM(link is service (infinite loop). 08-31 ated external) CVE- fli4l -- fli4l The httpd package in fli4l before 2017- not 2015- 3.10.1 and 4.0 before 2015-01-30 08-28 yet 1443 CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info allows remote attackers to execute calculMLIST arbitrary code. ated CONFIR M(link is external) MLIST(li nk is external) CVE- 2015- 1445 MLIST CONFIR M(link is not external) HTTP header injection in the httpd yet MLIST(li fli4l -- fli4l package in fli4l before 3.10.1 and 2017- calculnk is 4.0 before 2015-01-30. 08-28 ated external) CVE- 2017- 13709 In FlightGear before version CONFIR 2017.3.1, Main/logger.cxx in the M(link is FGLogger subsystem allows one to not external) overwrite any file via a resource that yet CONFIR flightgear -- flightgear affects the contents of the global 2017- calculM(link is Property Tree. 08-27 ated external) This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must CVE- visit a malicious page or open a 2017- malicious file. The specific flaw 10951 exists within app.launchURL BID(link method. The issue results from the is lack of proper validation of a user- external) supplied string before using it to SECTRA execute a system call. An attacker CK(link is can leverage this vulnerability to not external) execute code under the context of yet MISC(lin foxit -- reader the current process. Was ZDI-CAN- 2017- calculk is 4724. 08-29 ated external) CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction CVE- is required to exploit this 2017- vulnerability in that the target must 10952 visit a malicious page or open a BID(link malicious file. The specific flaw is exists within the saveAs JavaScript external) function. The issue results from the SECTRA lack of proper validation of user- CK(link is supplied data, which can lead to external) writing arbitrary files into attacker MISC(lin controlled locations. An attacker can k is leverage this vulnerability to not external) execute code under the context of yet MISC(lin foxit -- reader the current process. Was ZDI-CAN- 2017- calculk is 4518. 08-29 ated external) CVE- 2016- 7030 MLIST(li nk is external) BID(link is FreeIPA uses a default password external) policy that locks an account after 5 CONFIR unsuccessful authentication M(link is attempts, which allows remote not external) attackers to cause a denial of service yet CONFIR freeipa -- freeipa by locking out the account in which 2017- calculM(link is system services run on. 08-28 ated external) CVE- 2017- Untrusted search path vulnerability 10848 in Installers for DocuWorks 8.0.7 CONFIR and earlier and DocuWorks Viewer M(link is Light published in Jul 2017 and not external) earlier allows an attacker to gain yet JVN(link privileges via a Trojan horse DLL in 2017- calculis fuji_xerox -- multiple_products an unspecified directory. 09-01 ated external) CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info Untrusted search path vulnerability in Installers of ART EX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/ C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/ C2271 (Timestamp of code signing is before 12 Apr 2017 02:04 UTC.), PostScript? Driver + Additional Feature Plug-in + PPD File for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/ C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/ C2271 (Timestamp of code signing is before 12 Apr 2017 02:10 UTC.), XPS Print Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/ C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/ C2271 (Timestamp of code signing is before 3 Nov 2017 23:48 UTC.), ART EX Direct FAX Driver for ApeosPort-VI C7771/C6671/C5571/C4471/C3371/ C2271, DocuCentre-VI C7771/C6671/C5571/C4471/C3371/ C2271 (Timestamp of code signing is before 26 May 2017 07:44 UTC.), Setting Restore Tool for ApeosPort- VI CVE- C7771/C6671/C5571/C4471/C3371/ 2017- C2271, DocuCentre-VI 10850 C7771/C6671/C5571/C4471/C3371/ CONFIR C2271 (Timestamp of code signing M(link is is before 25 Aug 2015 08:51 UTC.) not external) allows an attacker to gain privileges yet JVN(link fuji_xerox -- multiple_products via a Trojan horse DLL in an 2017- calculis unspecified directory. 09-01 ated external) Untrusted search path vulnerability not CVE- in Installer for ContentsBridge yet 2017- fuji_xerox -- multiple_products Utility for Windows 7.4.0 and 2017- calcul10851 earlier allows an attacker to gain 09-01 ated CONFIR CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info privileges via a Trojan horse DLL in M(link is an unspecified directory. external) JVN(link is external) CVE- 2017- 10849 Untrusted search path vulnerability CONFIR in Self-extracting document M(link is generated by DocuWorks 8.0.7 and not external) earlier allows an attacker to gain yet JVN(link fuji_xerox -- multiple_products privileges via a Trojan horse DLL in 2017- calculis an unspecified directory. 09-01 ated external) Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch not CVE- 5.2.0 and earlier, and GE Multilink yet 2015- ge_multilink -- ge_multilink ML800/1200/1600/2400 4.2.1 and 2017- calcul3976 earlier. 08-28 ated MISC The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free CVE- attacks via a crafted file, related to a 2017- ReadMNGImage out-of-order 14103 CloseBlob call. NOTE: this not MISC(lin vulnerability exists because of an yet k is graphicsmagick -- graphicsmagick incomplete fix for CVE-2017- 2017- calculexternal) 11403. 09-01 ated MISC CVE- 2015- 1198 MLIST(li nk is not external) yet BID(link ha -- ha Multiple directory traversal 2017- calculis vulnerabilities in ha 0.999p+dfsg-5. 08-28 ated external) CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info CVE- 2017- 6594 SUSE CONFIR The transit path validation code in M Heimdal before 7.3 might allow CONFIR attackers to bypass the capath policy M(link is protection mechanism by leveraging not external) failure to add the previous hop yet CONFIR heimdal -- heimdal realm to the transit path of issued 2017- calculM(link is tickets. 08-28 ated external) CVE- 2017- Hikvision iVMS-4200 devices not 13774 before v2.6.2.7 allow local users to yet MISC(lin hikvision -- ivms-4200_devices generate password-recovery codes 2017- calculk is via unspecified vectors. 08-30 ated external) HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even CVE- restricted as a tenant - can add a jsp 2017- at not 14105 hivemanager_classic -- HiveManager/tomcat/webapps/hm/d yet MISC(lin hivemanager_classic omains/$yourtenant/maps (it will be 2017- calculk is exposed at the web interface). 09-01 ated external) SQL injection vulnerability in the Operation and Maintenance Unit CVE- (OMU) in Huawei VCN500 before 2015- V100R002C00SPC201 allows not 8334 huawei -- vcn500 remote authenticated users to yet CONFIR execute arbitrary SQL commands 2017- calculM(link is via a crafted HTTP request. 08-29 ated external) Huawei Video Content Management CVE- (VCM) before 2015- huawei -- V100R001C10SPC001 does not not 8332 video_content_management properly "authenticate online user yet CONFIR identities and privileges," which 2017- calculM(link is allows remote authenticated users to 08-28 ated external) CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." CVE- 2014- 8871 MISC(lin k is external) FULLDIS Directory traversal vulnerability in C hybris Commerce software suite BUGTRA 5.0.3.3 and earlier, 5.0.0.3 and Q(link is earlier, 5.0.4.4 and earlier, 5.1.0.1 not external) and earlier, 5.1.1.2 and earlier, yet BID(link hybris -- commerce_software_suite 5.2.0.3 and earlier, and 5.3.0.1 and 2017- calculis earlier. 08-28 ated external) Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x CVE- before 7.5, 8.0.x before 8.0.1, 8.5.x 2015- before 8.5.5; IBM Business Process 0101 Manager Express 7.5.x before 7.5, CONFIR 8.0.x before 8.0.1, 8.5.x before M(link is 8.5.5; and IBM Business Process not external) ibm -- business_process_manager Manager Advanced 7.5.x before 7.5, yet BID(link 8.0.x before 8.0.1, 8.5.x before 2017- calculis 8.5.5. 08-28 ated external) IBM Emptoris Sourcing 9.5 - 10.1.3 CVE- is vulnerable to cross-site scripting. 2017- This vulnerability allows users to 1444 embed arbitrary JavaScript code in CONFIR the Web UI thus altering the M(link is intended functionality potentially not external) leading to credentials disclosure yet MISC(lin ibm -- emptoris_sourcing within a trusted session. IBM X- 2017- calculk is Force ID: 128110. 08-31 ated external) IBM Emptoris Sourcing 9.5 - 10.1.3 CVE- could allow a remote attacker to not 2017- conduct phishing attacks, using an yet 1450 ibm -- emptoris_sourcing open redirect attack. By persuading 2017- calculCONFIR a victim to visit a specially-crafted 08-31 ated M(link is CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info Web site, a remote attacker could external) exploit this vulnerability to spoof MISC(lin the URL displayed to redirect a user k is to a malicious Web site that would external) appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177. IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could CVE- exploit this vulnerability to spoof 2017- the URL displayed to redirect a user 1449 to a malicious Web site that would CONFIR appear to be trusted. This could M(link is allow the attacker to obtain highly not external) sensitive information or conduct yet MISC(lin ibm -- emptoris_sourcing further attacks against the victim. 2017- calculk is IBM X-Force ID: 128174. 08-31 ated external) IBM Emptoris Sourcing 9.5 - 10.1.3 CVE- is vulnerable to cross-site scripting. 2017- This vulnerability allows users to 1447 embed arbitrary JavaScript code in CONFIR the Web UI thus altering the M(link is intended functionality potentially not external) leading to credentials disclosure yet MISC(lin ibm -- emptoris_sourcing within a trusted session. IBM X- 2017- calculk is Force ID: 128172. 08-31 ated external) IBM Emptoris Spend Analysis CVE- 9.5.0.0 through 10.1.1 is vulnerable 2017- to cross-site scripting. This 1446 vulnerability allows users to embed CONFIR arbitrary JavaScript code in the Web M(link is UI thus altering the intended external) functionality potentially leading to not BID(link credentials disclosure within a yet is ibm -- emptoris_spend_analysis trusted session. IBM X-Force ID: 2017- calculexternal) 128171. 08-30 ated MISC(lin CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info k is external) CVE- 2017- IBM Emptoris Spend Analysis 1445 9.5.0.0 through 10.1.1 is vulnerable CONFIR to cross-site scripting. This M(link is vulnerability allows users to embed external) arbitrary JavaScript code in the Web BID(link UI thus altering the intended is functionality potentially leading to not external) credentials disclosure within a yet MISC(lin ibm -- emptoris_spend_analysis trusted session. IBM X-Force ID: 2017- calculk is 128170. 08-30 ated external) CVE- 2015- 0114 CONFIR M(link is not external) Stack-based buffer overflow in IBM yet BID(link V5R4, and IBM i Access for 2017- calculis ibm -- i_access_for_windows Windows 6.1 and 7.1. 08-28 ated external) CVE- 2017- 1376 CONFIR A flaw in the IBM J9 VM class M(link is verifier allows untrusted code to not external) disable the security manager and yet MISC(lin ibm -- j9_vm_class_verifier elevate its privileges. IBM X-Force 2017- calculk is ID: 126873. 08-28 ated external) CVE- 2016- 2971 CONFIR M(link is IBM Sametime Media Services external) 8.5.2 and 9.0 can disclose sensitive not SECTRA information in stack trace error logs yet CK(link is ibm -- sametime that could aid an attacker in future 2017- calculexternal) attacks. IBM X-Force ID: 113898. 08-29 ated MISC(lin CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info k is external) CVE- 2016- 2970 CONFIR M(link is external) BID(link is external) IBM Sametime 8.5 and 9.0 meetings SECTRA server may provide detailed CK(link is information in an error message that not external) may provide details about the yet MISC(lin ibm -- sametime application to possible attackers. 2017- calculk is IBM X-Force ID: 113851. 08-28 ated external) CVE- 2016- 2973 IBM Sametime Media Services CONFIR 8.5.2 and 9.0 is vulnerable to cross- M(link is site scripting. This vulnerability external) allows users to embed arbitrary SECTRA JavaScript code in the Web UI thus CK(link is altering the intended functionality not external) potentially leading to credentials yet MISC(lin ibm -- sametime disclosure within a trusted session. 2017- calculk is IBM X-Force ID: 113899. 08-29 ated external) CVE- 2017- 1489 CONFIR IBM Security Access Manager 6.1, M(link is 7.0, 8.0, and 9.0 e-community external) configurations may be affected by a SECTRA redirect vulnerability. ECSSO CK(link is Master Authentication can redirect not external) to a server not participating in an e- yet MISC(lin ibm -- security_access_manager community domain. IBM X-Force 2017- calculk is ID: 128687. 08-28 ated external) icewarp -- icewarp_server In the webmail component in 2017- not CVE- IceWarp Server 11.3.1.5, there was 08-31 yet 2017- CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info an XSS vulnerability discovered in calcul7855 the "language" parameter. ated MISC(lin k is external) The ReadBMPImage function in CVE- coders/bmp.c in ImageMagick 2017- 7.0.6-6 allows remote attackers to not 12693 cause a denial of service (memory yet CONFIR consumption) via a crafted BMP 2017- calculM(link is imagemagick -- imagemagick file. 09-01 ated external) In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service CVE- (in the 2017- QueueAuthenticPixelCacheNexus not 14060 function within the yet CONFIR imagemagick -- imagemagick MagickCore/cache.c file) by 2017- calculM(link is submitting a malformed image file. 08-31 ated external) CVE- The ReadOneLayer function in 2017- coders/xcf.c in ImageMagick 7.0.6- not 12691 imagemagick -- imagemagick 6 allows remote attackers to cause a yet CONFIR denial of service (memory 2017- calculM(link is consumption) via a crafted file. 09-01 ated external) The ReadVIFFImage function in CVE- coders/viff.c in ImageMagick 7.0.6- 2017- 6 allows remote attackers to cause a not 12692 imagemagick -- imagemagick denial of service (memory yet CONFIR consumption) via a crafted VIFF 2017- calculM(link is file. 09-01 ated external) CVE- 2015- 1554 MLIST(li nk is not external) kgb-bot 1.33-2 allows remote yet CONFIR kgb-bot -- kgb-bot attackers to cause a denial of service 2017- calculM(link is (crash). 08-28 ated external) Buffer overflow in the Group 2017- not CVE- knx_ets -- knx_ets messages monitor (Falcon) in KNX 08-29 yet 2015- CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info ETS 4.1.5 (Build 3246) allows calcul8299 remote attackers to execute arbitrary ated MISC(lin code via a crafted KNXnet/IP UDP k is packet. external) Cross-site scripting (XSS) CVE- vulnerability in the Security 2016- component of Kohana before 3.3.6 10510 allows remote attackers to inject CONFIR arbitrary web script or HTML by M(link is bypassing the strip_image_tags not external) protection mechanism in yet CONFIR kohana -- kohana system/classes/Kohana/Security.php 2017- calculM(link is . 08-31 ated external) CVE- 2017- 0379 BID(link is external) Libgcrypt before 1.8.1 does not MISC properly consider Curve25519 side- MISC channel attacks, which makes it not MISC easier for attackers to discover a yet MISC libgcrypt -- libgcrypt secret key, related to cipher/ecc.c 2017- calculMISC and mpi/ec.c. 08-29 ated MISC CVE- 2017- 14062 Integer overflow in the decode_digit CONFIR function in puny_decode.c in M(link is Libidn2 before 2.0.4 allows remote not external) attackers to cause a denial of service yet CONFIR libidn2 -- libidn2 or possibly have unspecified other 2017- calculM(link is impact. 08-31 ated external) CVE- 2017- 14061 CONFIR Integer overflow in the _isBidi M(link is function in bidi.c in Libidn2 before not external) 2.0.4 allows remote attackers to yet CONFIR libidn2 -- libidn2 cause a denial of service or possibly 2017- calculM(link is have unspecified other impact. 08-31 ated external) CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 CVE- mishandles EOCD records, which 2017- allows remote attackers to cause a 14107 denial of service (memory allocation not MISC failure in _zip_cdir_grow in yet MISC(lin libzip -- libzip zip_dirent.c) via a crafted ZIP 2017- calculk is archive. 09-01 ated external) CVE- 2017- The tcp_disconnect function in 14106 net/ipv4/tcp.c in the Linux kernel CONFIR before 4.12 allows local users to M cause a denial of service CONFIR (__tcp_select_window divide-by- not M(link is zero error and system crash) by yet external) linux -- linux_kernel triggering a disconnect within a 2017- calculCONFIR certain tcp_recvmsg code path. 09-01 ated M CVE- 2017- 13715 CONFIR The __skb_flow_dissect function in M net/core/flow_dissector.c in the CONFIR Linux kernel before 4.3 does not M ensure that n_proto, ip_proto, and BID(link thoff are initialized, which allows is remote attackers to cause a denial of not external) service (system crash) or possibly yet CONFIR linux -- linux_kernel execute arbitrary code via a single 2017- calculM(link is crafted MPLS packet. 08-28 ated external) CVE- 2014- 5302 MISC(lin k is Directory traversal vulnerability in external) ServiceDesk Plus and Plus MSP v5 FULLDIS through v9.0 v9030; AssetExplorer C v4 to v6.1; SupportCenter v5 to not FULLDIS v7.9; IT360 v8 to v10.4 allows yet C manageengine -- multiple_products remote authenticated users to 2017- calculSECUNI execute arbitrary code. 08-28 ated A(link is CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info external) SECUNI A(link is external) BUGTRA Q(link is external) XF(link is external) CVE- 2014- 5301 MISC(lin k is external) MISC(lin k is external) FULLDIS C SECUNI A(link is external) BUGTRA Q(link is external) XF(link is Directory traversal vulnerability in external) ServiceDesk Plus MSP v5 to v9.0 not EXPLOIT v9030; AssetExplorer v4 to v6.1; yet -DB(link manageengine -- multiple_products SupportCenter v5 to v7.9; IT360 v8 2017- calculis to v10.4. 08-28 ated external) A man-in-the-middle attack vulnerability in the non-certificate- based authentication mechanism in McAfee LiveSafe (MLS) versions CVE- prior to 16.0.3 allows network 2017- attackers to modify the Windows not 3898 registry value associated with the yet CONFIR mcafee -- live_safe McAfee update via the HTTP 2017- calculM(link is backend-response. 09-01 ated external) mcafee -- live_safe A Code Injection vulnerability in the 2017- not CVE- non-certificate-based authentication 09-01 yet 2017- CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info mechanism in McAfee Live Safe calcul3897 versions prior to 16.0.3 and McAfee ated CONFIR Security Scan Plus (MSS+) versions M(link is prior to 3.11.599.3 allows network external) attackers to perform a malicious file BID(link execution via a HTTP backend- is response. external) MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, CVE- which might allow local users to kill 2017- arbitrary processes by leveraging 14102 access to this non-root account for MISC(lin PID file modification before a root k is script executes a "kill `cat not external) /pathname`" command, as yet MISC(lin mimedefang -- mimedefang demonstrated by the init-script.in 2017- calculk is and mimedefang-init.in scripts. 09-01 ated external) CVE- Integer overflow in the 2017- INT123_parse_new_id3 function in 12797 the ID3 parser in mpg123 before CONFIR 1.25.5 on 32-bit platforms allows M(link is remote attackers to cause a denial of not external) service via a crafted file, which yet CONFIR mpg123 -- mpg123 triggers a heap-based buffer 2017- calculM(link is overflow. 08-29 ated external) ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, CVE- ZXHN H108N use non-unique 2015- X.509 certificates and SSH host 7255 keys, which might allow remote CERT- attackers to obtain credentials or VN other sensitive information via a not MISC(lin multiple_vendors -- man-in-the-middle attack, passive yet k is home_routers_and_ip_cameras_and decryption attack, or impersonating 2017- calculexternal) _voip_phones_and_others a legitimate device. 08-29 ated MISC NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote not CVE- netapp -- clustered_data_ontap authenticated users to read data on yet 2017- other Storage Virtual Machines 2017- calcul12423 (SVMs) via unspecified vectors. 09-01 ated CONFIR CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info M(link is external) CVE- NetApp Clustered Data ONTAP 2017- 8.3.x before 8.3.2P12 allows remote not 12421 netapp -- clustered_data_ontap authenticated users to execute yet CONFIR arbitrary code on the storage 2017- calculM(link is controller via unspecified vectors. 09-01 ated external) NetApp Data ONTAP before 8.2.5 CVE- and 8.3.x before 8.3.2P12 allow 2016- remote authenticated users to cause not 1895 a denial of service via vectors yet CONFIR netapp -- data_ontap related to unsafe user input string 2017- calculM(link is handling. 09-01 ated external) NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows CVE- remote attackers to bypass 2015- authentication and (1) obtain not 7746 netapp -- data_ontap sensitive information from or (2) yet CONFIR modify volumes via vectors related 2017- calculM(link is to UTF-8 in the volume language. 09-01 ated external) NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified CVE- cookie in an HTTPS session, which 2017- netapp -- makes it easier for remote attackers not 14053 oncommand_unified_manager_for_ to capture this cookie by yet CONFIR clustered_data_ontap intercepting its transmission within 2017- calculM(link is an HTTP session. 09-01 ated external) CVE- 2017- 12422 NetApp StorageGRID Webscale BID(link 10.2.x before 10.2.2.3, 10.3.x before is 10.3.0.4, and 10.4.x before 10.4.0.2 not external) netapp -- storagegrid_webscale allow remote authenticated users to yet CONFIR delete arbitrary objects via 2017- calculM(link is unspecified vectors. 08-29 ated external) not CVE- Information disclosure vulnerability yet 2015- netatmo -- netatmo_indoor_module in Netatmo Indoor Module firmware 2017- calcul1600 100 and earlier. 08-28 ated MISC(lin CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info k is external) BUGTRA Q(link is external) BID(link is external) MISC(lin k is external) CVE- 2017- not 14069 SQL Injection exists in NexusPHP yet MISC(lin nexusphp -- nexusphp 1.5.beta5.20120707 via the usernw 2017- calculk is array parameter to nowarn.php. 08-31 ated external) CVE- 2017- Cross Site Scripting (XSS) exists in not 14070 NexusPHP 1.5.beta5.20120707 via yet MISC(lin nexusphp -- nexusphp the PATH_INFO to ipsearch.php, 2017- calculk is related to PHP_SELF. 08-31 ated external) CVE- 2017- SQL Injection exists in NexusPHP not 14076 1.5.beta5.20120707 via the id yet MISC(lin nexusphp -- nexusphp parameter to linksmanage.php in an 2017- calculk is editlink action. 08-31 ated external) CVE- 2017- 10829 CONFIR M(link is Untrusted search path vulnerability external) in Remote Support Tool (Enkaku MISC(lin Support Tool) All versions k is distributed through the website till not external) nippon_telegraph_and_telephone -- 2017 August 10 allow an attacker to yet JVN(link remote_support_tool gain privileges via a Trojan horse 2017- calculis DLL in an unspecified directory. 09-01 ated external) nomachine -- nomachine An unspecified server utility in 2017- not CVE- NoMachine before 5.3.10 on Mac 08-29 yet 2017- CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info OS X and Linux allows calcul12763 authenticated users to gain ated CONFIR privileges by gaining access to local M(link is files. external) CONFIR M(link is external) An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03- 21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All CVE- versions < V7.4 SP1), SIMATIC 2017- WinCC Runtime Professional (All 12069 versions < V14 SP1), SIMATIC BID(link NET PC Software, and SIMATIC is IT Production Suite. By sending external) specially crafted packets to the OPC CONFIR opc_foundation -- Discovery Server at port 4840/tcp, not M opc_ua_.net_sample_code an attacker might cause the system yet CONFIR to access various resources chosen 2017- calculM(link is by the attacker. 08-30 ated external) SQL injection vulnerability in the updateAmazonOrderTracking CVE- function in 2016- upload/admin/model/openbay/amaz 10509 on.php in OpenCart before version CONFIR 2.3.0.0 allows remote authenticated M(link is administrators to execute arbitrary not external) SQL commands via a carrier (aka yet CONFIR opencart -- opencart courier_id) parameter to 2017- calculM(link is openbay.php. 08-31 ated external) While parsing an IPAddressFamily CVE- extension in an X.509 certificate, it 2017- is possible to do a one-byte 3735 overread. This would result in an BID(link incorrect text display of the not is certificate. This bug has been yet external) openssl -- openssl present since 2006 and is present in 2017- calculCONFIR all versions of OpenSSL since then. 08-28 ated M CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info CVE- 2015- 5695 MLIST MLIST(li nk is external) MLIST(li nk is Designate 2015.1.0 through external) 1.0.0.0b1 as packaged in OpenStack CONFIR Kilo does not enforce RecordSets M(link is per domain, and Records per external) RecordSet quotas when processing CONFIR an internal zone file transfer, which M(link is might allow remote attackers to not external) cause a denial of service (infinite yet CONFIR openstack -- designate loop) via a crafted resource record 2017- calculM(link is set. 08-31 ated external) CVE- 2017- 9978 MISC(lin k is On the OSNEXUS QuantaStor v4 external) virtual appliance before 4.3.1, a flaw FULLDIS was found with the error message C sent as a response for users that MISC(lin don't exist on the system. An k is attacker could leverage this external) information to fine-tune and not EXPLOIT osnexus -- enumerate valid accounts on the yet -DB(link quantastor_v4_virtual_appliance system by searching for common 2017- calculis usernames. 08-28 ated external) On the OSNEXUS QuantaStor v4 CVE- virtual appliance before 4.3.1, if the 2017- REST call invoked does not exist, 9979 an error will be triggered containing MISC(lin the invalid method previously k is invoked. The response sent to the not external) osnexus -- user isn't sanitized in this case. An yet FULLDIS quantastor_v4_virtual_appliance attacker can leverage this issue by 2017- calculC including arbitrary HTML or 08-28 ated MISC(lin CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info JavaScript code as a parameter, aka k is XSS. external) EXPLOIT -DB(link is external) CVE- 2015- not 5958 phpFileManager 0.9.8 allows remote yet MISC(lin phpfilemanager -- phpfilemanager attackers to execute arbitrary 2017- calculk is commands via a crafted URL. 08-31 ated external) Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() CVE- before 1.7.14 allow remote attackers 2016- to inject arbitrary web script or not 10508 phpthumb() -- phpthumb() HTML via parameters in yet CONFIR demo/phpThumb.demo.showpic.php 2017- calculM(link is . 08-31 ated external) CVE- 2015- 0234 CONFIR M(link is not external) yet MISC(lin pki-core -- pki-core Multiple temporary file creation 2017- calculk is vulnerabilities in pki-core 10.2.0. 08-28 ated external) CVE- 2015- 7700 CONFIR Double-free vulnerability in the M(link is sPLT chunk structure and png.c in not external) pngcrush before 1.7.87 allows yet CONFIR pngcrush -- pngcrush attackers to have unspecified impact 2017- calculM(link is via unknown vectors. 08-31 ated external) Polycom BToE Connector before CVE- 3.0.0 uses weak permissions 2015- (Everyone: Full Control) for not 8300 polycom -- btoe_connector "Program Files yet MISC(lin (x86)\polycom\polycom btoe 2017- calculk is connector\plcmbtoesrv.exe," which 08-28 ated external) CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info allows local users to gain privileges FULLDIS via a Trojan horse file. C CVE- 2015- not 1199 yet MLIST(li ppmd -- ppmd Directory traversal vulnerability in 2017- calculnk is ppmd 10.1-5. 08-28 ated external) CVE- 2017- 11455 diag.cgi in Pulse Connect Secure BID(link 8.2R1 through 8.2R5, 8.1R1 through is 8.1R10 and Pulse Policy Secure external) 5.3R1 through 5.3R5, 5.2R1 through SECTRA 5.2R8, and 5.1R1 through 5.1R10 CK(link is allow remote attackers to hijack the not external) pulse_secure -- authentication of administrators for yet CONFIR pulse_connect_secure requests to start tcpdump, related to 2017- calculM(link is the lack of anti-CSRF tokens. 08-29 ated external) The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote CVE- attackers to cause a denial of service 2017- (stack consumption and 12595 segmentation fault) or possibly have CONFIR unspecified other impact via a PDF M(link is document with a deep data structure, not external) as demonstrated by a crash in yet CONFIR qpdf -- qpdf QPDFObjectHandle::parseInternal 2017- calculM(link is in libqpdf/QPDFObjectHandle.cc. 08-27 ated external) CVE- 2017- 12775 CONFIR qa-include/qa-install.php in not M question2answer -- question2answer Question2Answer before 1.7.5 yet CONFIR allows remote attackers to create 2017- calculM(link is multiple user accounts. 08-29 ated external) QEMU (aka Quick Emulator), when not CVE- built with the VGA display emulator yet 2017- quick_emulator -- quick_emulator support, allows local guest OS 2017- calcul13672 privileged users to cause a denial of 09-01 ated MLIST(li CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info service (out-of-bounds read and nk is QEMU process crash) via vectors external) involving display update. BID(link is external) CONFIR M(link is external) MLIST CVE- 2017- 13711 MLIST(li nk is external) Use-after-free vulnerability in the BID(link sofree function in slirp/socket.c in is QEMU (aka Quick Emulator) external) allows attackers to cause a denial of not CONFIR service (QEMU instance crash) by yet M(link is quick_emulator -- quick_emulator leveraging failure to properly clear 2017- calculexternal) ifq_so from pending packets. 09-01 ated MLIST The vga display update in Qemu CVE- 2.8.0 through 2.9.0 mis-calculated 2017- the region for the dirty bitmap 13673 snapshot in case split screen mode is BID(link used causing a denial of service not is (assertion failure) in the yet external) quick_emulator -- quick_emulator "cpu_physical_memory_snapshot_g 2017- calculCONFIR et_dirty" function. 08-29 ated M CVE- 2017- 8380 BID(link Buffer overflow in the is "megasas_mmio_write" function in not external) Qemu 2.9.0 allows remote attackers yet CONFIR quick_emulator -- quick_emulator to have unspecified impact via 2017- calculM unknown vectors. 08-28 ated GENTOO not CVE- Directory traversal vulnerability in yet 2014- red_hat -- satellite_5 the XMLRPC interface in Red Hat 2017- calcul8163 Satellite 5. 08-28 ated CONFIR CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info M(link is external) CONFIR M(link is external) CVE- 2014- not 8168 Red Hat Satellite 6 allows local yet CONFIR red_hat -- satellite_6 users to access mongod and delete 2017- calculM(link is pulp_database. 08-28 ated external) Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo CVE- command execution. The vi 2017- program can be accessed through not 13707 replibit -- backup_manager sudo, in order to navigate the yet MISC(lin filesystem and modify a critical file 2017- calculk is such as /etc/passwd. 08-27 ated external) RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of CVE- RTP traffic, which allows remote 2017- attackers to obtain sensitive not 14114 information or cause a denial of yet MISC(lin rtpproxy -- rtpproxy service (communication outage) via 2017- calculk is crafted RTP packets. 09-02 ated external) Ruby through 2.2.7, 2.3.x through CVE- 2.3.4, and 2.4.x through 2.4.1 can 2017- expose arbitrary memory during a 14064 JSON.generate call. The issues lies MISC in using strdup in MISC(lin ext/json/ext/generator/generator.c, k is which will stop after encountering a not external) '\0' byte, returning a pointer to a yet MISC(lin ruby -- ruby string of length zero, which is not 2017- calculk is the length stored in space_len. 08-31 ated external) RubyGems version 2.6.12 and CVE- rubygems -- rubygems earlier fails to validate specification 2017- not 2017- names, allowing a maliciously 08-31 yet 0901 CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info crafted gem to potentially overwrite calculMISC any file on the filesystem. ated BID(link is external) SECTRA CK(link is external) MISC(lin k is external) MISC(lin k is external) CVE- 2017- 0902 MISC SECTRA CK(link is RubyGems version 2.6.12 and external) earlier is vulnerable to a DNS MISC(lin hijacking vulnerability that allows a k is MITM attacker to force the not external) RubyGems client to download and yet MISC(lin rubygems -- rubygems install gems from a server that the 2017- calculk is attacker controls. 08-31 ated external) CVE- 2017- 0900 MISC BID(link is external) SECTRA CK(link is external) RubyGems version 2.6.12 and MISC(lin earlier is vulnerable to maliciously k is crafted gem specifications to cause a not external) denial of service attack against yet MISC(lin rubygems -- rubygems RubyGems clients who have issued 2017- calculk is a `query` command. 08-31 ated external) CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info CVE- 2017- 0899 MISC BID(link is external) SECTRA CK(link is external) MISC(lin k is RubyGems version 2.6.12 and external) earlier is vulnerable to maliciously MISC(lin crafted gem specifications that k is include terminal escape characters. not external) Printing the gem specification yet MISC(lin rubygems -- rubygems would execute terminal escape 2017- calculk is sequences. 08-31 ated external) In the Siemens 7KM PAC Switched Ethernet PROFINET expansion CVE- module (All versions < V2.1.3), a 2017- Denial-of-Service condition could 9945 be induced by a specially crafted BID(link PROFINET DCP packet sent as a is siemens -- local Ethernet (Layer 2) broadcast. not external) 7km_pac_switched_ethernet_profin The affected component requires a yet CONFIR et_expansion_module manual restart via the main device 2017- calculM(link is to recover. 08-30 ated external) CVE- 2017- A vulnerability has been identified 12735 in Siemens LOGO! devices. An BID(link attacker who performs a Man-in- is the-Middle attack between the not external) LOGO! BM and other devices could yet CONFIR siemens -- logo!_devices potentially decrypt and modify 2017- calculM(link is network traffic. 08-30 ated external) A vulnerability has been identified CVE- in Siemens LOGO! devices before not 2017- V1.81.2. An attacker with network yet 12734 siemens -- logo!_devices access to the integrated web server 2017- calculBID(link on port 80/tcp could obtain the 08-30 ated is CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info session ID of an active user session. external) A user must be logged in to the web CONFIR interface. Siemens recommends to M(link is use the integrated webserver on port external) 80/tcp only in trusted networks. SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to CVE- obtain sensitive information, gain 2017- unauthorized access, or have 12873 unspecified other impacts by CONFIR leveraging incorrect persistent not M(link is NameID generation when an yet external) simplesamlphp -- simplesamlphp Identity Provider (IdP) is 2017- calculCONFIR misconfigured. 09-01 ated M The InfoCard module 1.0 for SimpleSAMLphp allows attackers CVE- to spoof XML messages by not 2017- leveraging an incorrect check of yet 12874 simplesamlphp -- simplesamlphp return values in signature validation 2017- calculCONFIR utilities. 09-01 ated M The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an CVE- authentication source defined in not 2017- config/authsources.php via vectors yet 12869 simplesamlphp -- simplesamlphp related to improper validation of 2017- calculCONFIR user input. 09-01 ated M The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php CVE- in SimpleSAMLphp 1.14.x through 2017- 1.14.11 makes it easier for context- 12871 dependent attackers to bypass the CONFIR encryption protection mechanism by not M(link is leveraging use of the first 16 bytes yet external) simplesamlphp -- simplesamlphp of the secret key as the initialization 2017- calculCONFIR vector (IV). 09-01 ated M The secureCompare method in CVE- lib/SimpleSAML/Utils/Crypto.php not 2017- in SimpleSAMLphp 1.14.13 and yet 12868 simplesamlphp -- simplesamlphp earlier, when used with PHP before 2017- calculCONFIR 5.6, allows attackers to conduct 09-01 ated M(link is CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info session fixation attacks or possibly external) bypass authentication by leveraging CONFIR missing character conversions M before an XOR operation. The SimpleSAML_Auth_TimeLimitedT oken class in SimpleSAMLphp 1.14.14 and earlier allows attackers CVE- with access to a secret token to not 2017- extend its validity period by yet 12867 simplesamlphp -- simplesamlphp manipulating the prepended time 2017- calculCONFIR offset. 08-29 ated M SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the- middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods CVE- in the SimpleSAML/Utils/Crypto not 2017- class to protect session identifiers in yet 12870 simplesamlphp -- simplesamlphp replies to non-HTTPS service 2017- calculCONFIR providers. 09-01 ated M The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to CVE- conduct timing side-channel attacks not 2017- by leveraging use of the standard yet 12872 simplesamlphp -- simplesamlphp comparison operator to compare 2017- calculCONFIR secret material against user input. 09-01 ated M CVE- 2014- 8675 MISC(lin k is Soplanning 1.32 and earlier external) generates static links for sharing FULLDIS ICAL calendars with embedded C login information, which allows BID(link remote attackers to obtain a calendar not is owner's password via a brute-force yet external) soplanning -- soplanning attack on the embedded password 2017- calculEXPLOIT hash. 08-31 ated -DB(link CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info is external) CVE- 2014- 8676 MISC(lin k is external) FULLDIS C BID(link Directory traversal vulnerability in is the file_get_contents function in external) SOPlanning 1.32 and earlier allows not EXPLOIT remote attackers to determine the yet -DB(link soplanning -- soplanning existence of arbitrary files via a .. 2017- calculis (dot dot) in a URL path parameter. 08-31 ated external) CVE- 2014- 8677 The installation process for MISC(lin SOPlanning 1.32 and earlier allows k is remote authenticated users with a external) prepared database, and access to an FULLDIS existing database with a crafted C name, or permissions to create BID(link arbitrary databases, or if PHP before is 5.2 is being used, the configuration external) database is down, and not EXPLOIT smarty/templates_c is not writable yet -DB(link soplanning -- soplanning to execute arbitrary php code via a 2017- calculis crafted database name. 08-31 ated external) Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, CVE- under certain circumstances, exploit 2017- this vulnerability to escalate their not 13674 symantec -- privileges on the system and execute yet CONFIR proxyclient_3.4_for_windows arbitrary code with LocalSystem 2017- calculM(link is privileges. 09-01 ated external) Multiple untrusted search path 2017- not CVE- synology -- cloud_station_backup vulnerabilities in the installer in 08-30 yet 2017- CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info Synology Cloud Station Backup calcul11157 before 4.2.5-4396 on Windows ated CONFIR allow local attackers to execute M(link is arbitrary code and conduct DLL external) hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute CVE- arbitrary code and conduct DLL 2017- hijacking attacks via a Trojan horse not 11158 synology -- cloud_station_drive (1) shfolder.dll, (2) ntmarta.dll, (3) yet CONFIR secur32.dll or (4) dwmapi.dll file in 2017- calculM(link is the current working directory. 08-31 ated external) CVE- 2015- 5700 MLIST(li nk is external) MISC CONFIR M(link is external) mktexlsr revision 22855 through not CONFIR revision 36625 as packaged in yet M texlive -- mktexlsr texlive allows local users to write to 2017- calculCONFIR arbitrary files via a symlink attack. 08-25 ated M CVE- ThinkPad USB 3.0 Ethernet Adapter 2017- (part number 4X90E51405) driver, 3746 various versions, was found to BID(link contain a privilege escalation is vulnerability that could allow a local not external) thinkpad -- user to execute arbitrary code with yet CONFIR usb_3.0_ethernet_adapter_driver administrative or system level 2017- calculM(link is privileges. 08-28 ated external) typo3 -- typo3 Improper Authentication 2017- not CVE- vulnerability in the "LDAP / SSO 08-28 yet 2015- CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info Authentication" (ig_ldap_sso_auth) calcul1401 extension 2.0.0 for TYPO3. ated MLIST(li nk is external) MLIST(li nk is external) BID(link is external) CVE- Buffer overflow in the web server 2017- service in VX Search Enterprise not 13708 10.0.14 allows remote attackers to yet MISC(lin vx_search -- vx_search_enterprise execute arbitrary code via a crafted 2017- calculk is GET request. 08-31 ated external) CVE- 2017- Cross-site scripting vulnerability in 10837 BackupGuard prior to version 1.1.47 not JVN(link allows an attacker to inject arbitrary yet is wordpress -- backupguard web script or HTML via unspecified 2017- calculexternal) vectors. 08-28 ated MISC CVE- 2015- 7517 MISC Multiple SQL injection BID(link vulnerabilities in the Double Opt-In is for Download plugin before 2.0.9 external) for WordPress allow remote MISC(lin attackers to execute arbitrary SQL k is commands via the ver parameter to not external) wordpress -- double_opt- (1) class-doifd-download.php or (2) yet MISC(lin in_for_download class-doifd-landing-page.php in 2017- calculk is public/includes/. 08-29 ated external) CVE- 2014- 9513 Insecure use of temporary files in not MLIST(li xbindkeys-config -- xbindkeys- xbindkeys-config 0.1.3-2 allows yet nk is config remote attackers to execute arbitrary 2017- calculexternal) code. 08-28 ated BID(link CVS Source & Primary Publi S Patch Vendor -- Product Description shed Score Info is external) XF(link is external) Untrusted search path vulnerability CVE- in ZTE Datacard MF19 0V1.0.0B04 2015- allows local users to gain privilege not 0974 zte_datacard_mf19 -- by modifying the 'Ucell Internet' yet MISC(lin zte_datacard_mf19 directory to reference a malicious 2017- calculk is mms_dll_r.dll or mediaplayerdll.dll. 08-28 ated external) Back to top