Vulnerability Summary for the Week of September 18, 2017
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
High Vulnerabilities Primary CVSS Source & Patch Vendor -- Product Description Published Score Info CVE-2017-10813 CG-WLR300NM Firmware version MISC(link is 1.90 and earlier allows an attacker to external) corega -- execute arbitrary OS commands via 2017-09- JVN(link is
wlr_300_nm_firmware unspecified vectors. 15 7.7 external)
Buffer overflow in CG-WLR300NM CVE-2017-10814 Firmware version 1.90 and earlier MISC(link is allows an attacker to execute external) corega -- arbitrary code via unspecified 2017-09- JVN(link is
wlr_300_nm_firmware vectors. 15 7.7 external)
Untrusted search path vulnerability in "i-filter 6.0 install program" file CVE-2017-10858 version 1.0.8.1 and earlier allows an MISC(link is attacker to gain privileges via a external) Trojan horse DLL in an unspecified 2017-09- JVN(link is
daj -- i-filter_installer directory. 15 9.3 external)
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of CVE-2017-10859 code signing is before 23 Aug 2017 MISC(link is (JST) allows an attacker to gain external) privileges via a Trojan horse DLL in 2017-09- JVN(link is
daj -- i-filter_installer an unspecified directory. 15 9.3 external)
Untrusted search path vulnerability CVE-2017-10860 in "i-filter 6.0 installer" timestamp of MISC(link is code signing is before 23 Aug 2017 external) 2017-09- (JST) allows an attacker to execute BID(link is daj -- i-filter_installer 15 9.3 arbitrary code via a specially crafted external) Primary CVSS Source & Patch Vendor -- Product Description Published Score Info executable file in an unspecified JVN(link is directory. external)
Untrusted search path vulnerability CVE-2017-10855 in FENCE-Explorer for Windows MISC(link is V8.4.1 and earlier allows an attacker external) to gain privileges via a Trojan horse 2017-09- JVN(link is
fujitsu -- fence-explorer DLL in an unspecified directory. 15 9.3 external)
Multiple SQL injection CVE-2015-4073 vulnerabilities in the Helpdesk Pro MISC(link is plugin before 1.4.0 for Joomla! allow external) remote attackers to execute arbitrary FULLDISC SQL commands via the (1) BID(link is ticket_code or (2) email parameter or external) (3) remote authenticated users to EXPLOIT- helpdesk_pro_project -- execute arbitrary SQL commands via 2017-09- DB(link is
helpdesk_pro the filter_order parameter. 20 7.5 external)
CVE-2017-14531 BID(link is ImageMagick 7.0.7-0 has a memory external) exhaustion issue in ReadSUNImage 2017-09- CONFIRM(link
imagemagick -- imagemagick in coders/sun.c. 17 7.1 is external)
CVE-2017-14532 BID(link is ImageMagick 7.0.7-0 has a NULL external) Pointer Dereference in 2017-09- CONFIRM(link
imagemagick -- imagemagick TIFFIgnoreTags in coders/tiff.c. 17 7.5 is external)
ImageMagick 7.0.7-0 Q16 has a CVE-2017-14624 NULL Pointer Dereference BID(link is vulnerability in the function external) PostscriptDelegateMessage in 2017-09- CONFIRM(link
imagemagick -- imagemagick coders/ps.c. 21 7.5 is external)
CVE-2017-14625 ImageMagick 7.0.7-0 Q16 has a BID(link is NULL Pointer Dereference external) vulnerability in the function 2017-09- CONFIRM(link
imagemagick -- imagemagick sixel_output_create in coders/sixel.c. 21 7.5 is external)
CVE-2017-14626 BID(link is 2017-09- ImageMagick 7.0.7-0 Q16 has a external) imagemagick -- imagemagick 21 7.5 NULL Pointer Dereference CONFIRM(link Primary CVSS Source & Patch Vendor -- Product Description Published Score Info vulnerability in the function is external) sixel_decode in coders/sixel.c. CONFIRM(link is external)
CVE-2017-14497 CONFIRM MLIST BID(link is external) SECTRACK(link The tpacket_rcv function in is external) net/packet/af_packet.c in the Linux CONFIRM(link kernel before 4.13 mishandles vnet is external) headers, which might allow local CONFIRM(link users to cause a denial of service is external) (buffer overflow, and disk and CONFIRM(link memory corruption) or possibly have is external) unspecified other impact via crafted 2017-09- CONFIRM(link
linux -- linux_kernel system calls. 15 7.2 is external)
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an CVE-2017-14512 editforum action, a different 2017-09- MISC(link is
nexusphp_project -- nexusphp vulnerability than CVE-2017-12981. 17 7.5 external)
Wi-Fi STATION L-02F Software version V10g and earlier allows CVE-2017-10845 remote attackers to access the device JVN(link is with administrative privileges and external) nttdocomo -- wi-fi_station_l- perform unintended operations 2017-09- MISC(link is
02f_firmware through a backdoor account. 15 10.0 external)
CVE-2015-4681 FULLDISC BUGTRAQ(link is external) BID(link is external) Polycom RealPresence Resource MISC(link is Manager (aka RPRM) before 8.4 external) allows local users to have CONFIRM(link polycom -- unspecified impact via vectors 2017-09- is external) realpresence_resource_manager related to weak passwords. 19 7.2 EXPLOIT- Primary CVSS Source & Patch Vendor -- Product Description Published Score Info DB(link is external)
CVE-2015-4683 MISC(link is external) FULLDISC BUGTRAQ(link is external) Polycom RealPresence Resource BID(link is Manager (aka RPRM) before 8.4 external) allows attackers to obtain sensitive CONFIRM(link information and potentially gain is external) privileges by leveraging use of EXPLOIT- polycom -- session identifiers as parameters with 2017-09- DB(link is
realpresence_resource_manager HTTP GET requests. 19 7.5 external)
Medium Vulnerabilities CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info Cisco Cloud Web Security before 3.0.1.7 allows remote CVE-2015- attackers to bypass intended filtering protection 0689 cisco -- mechanisms by leveraging improper handling of HTTP 2017- CISCO(link
cloud_web_security methods, aka Bug ID CSCut69743. 09-19 5.0 is external)
In Poppler 0.59.0, a NULL Pointer Dereference exists CVE-2017- in the XRef::parseEntry() function in XRef.cc via a 2017- 14517
freedesktop -- poppler crafted PDF document. 09-17 4.3 CONFIRM
In Poppler 0.59.0, a floating point exception exists in CVE-2017- the isImageInterpolationRequired() function in 2017- 14518
freedesktop -- poppler Splash.cc via a crafted PDF document. 09-17 6.8 CONFIRM
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, CVE-2017- Gfx::opShowText, and Gfx::doShowText calls (aka a 2017- 14519
freedesktop -- poppler Gfx.cc infinite loop). 09-17 5.0 CONFIRM CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may CVE-2017- lead to a potential attack when handling malicious PDF 2017- 14520
freedesktop -- poppler files. 09-17 6.8 CONFIRM
The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName CVE-2017- vector entries, which allows remote attackers to cause a 14529 denial of service (heap-based buffer over-read and CONFIRM application crash) via a crafted PE file, related to the 2017- CONFIRM
gnu -- binutils bfd_getl16 function. 09-17 4.3 CONFIRM
CVE-2015- 1527 BID(link is external) CONFIRM( link is Integer overflow in IAudioPolicyService.cpp in external) Android allows local users to gain privileges via a 2017- MISC(link
google -- android crafted application, aka Android Bug ID 19261727. 09-15 4.6 is external)
CVE-2017- 14504 CONFIRM BID(link is external) CONFIRM( link is ReadPNMImage in coders/pnm.c in GraphicsMagick external) 1.3.26 does not ensure the correct number of colors for CONFIRM( graphicsmagick -- the XV 332 format, leading to a NULL Pointer 2017- link is
graphicsmagick Dereference. 09-17 4.3 external)
CVE-2015- 4074 MISC(link is external) Directory traversal vulnerability in the Helpdesk Pro FULLDISC plugin before 1.4.0 for Joomla! allows remote attackers BID(link is helpdesk_pro_project - to read arbitrary files via a .. (dot dot) in the filename 2017- external)
- helpdesk_pro parameter in a ticket.download_attachment task. 09-20 5.0 EXPLOIT- CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info DB(link is external)
CVE-2015- 4075 MISC(link is external) FULLDISC BID(link is external) The Helpdesk Pro plugin before 1.4.0 for Joomla! EXPLOIT- helpdesk_pro_project - allows remote attackers to write to arbitrary .ini files via 2017- DB(link is
- helpdesk_pro a crafted language.save task. 09-20 6.8 external)
Huawei P8 before GRA-CL00C92B210, before GRA- CVE-2015- L09C432B200, before GRA-TL00C01B210, and before 8224 GRA-UL00C00B210 allows remote attackers to obtain CONFIRM( user equipment (aka UE) measurements of signal 2017- link is
huawei -- p8_firmware strengths. 09-20 4.3 external)
CVE-2014- 6106 BID(link is Cross-site request forgery (CSRF) vulnerability in IBM external) Security Identity Manager 5.1, 6.0, and 7.0 allows XF(link is remote attackers to hijack the authentication of users for external) ibm -- requests that can cause cross-site scripting attacks, web CONFIRM( security_identity_mana cache poisoning, or other unspecified impacts via 2017- link is
ger unknown vectors. 09-18 6.8 external)
DrawGetStrokeDashArray in wand/drawing-wand.c in CVE-2017- ImageMagick 7.0.7-1 mishandles certain NULL arrays, 14505 which allows attackers to perform Denial of Service BID(link is (NULL pointer dereference and application crash in external) AcquireQuantumMemory within CONFIRM( imagemagick -- MagickCore/memory.c) by providing a crafted Image 2017- link is
imagemagick File as input. 09-17 4.3 external)
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about CVE-2017- whether LibTIFF TIFFGetField return values imply that 14528 imagemagick -- 2017- data validation has occurred, which allows remote MISC imagemagick 09-17 4.3 attackers to cause a denial of service (use-after-free BID(link is CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info after an invalid call to TIFFSetField, and application external) crash) via a crafted file. MISC
CVE-2017- 14533 BID(link is external) CONFIRM( imagemagick -- ImageMagick 7.0.6-6 has a memory leak in 2017- link is
imagemagick ReadMATImage in coders/mat.c. 09-17 4.3 external)
CVE-2017- 14607 In ImageMagick 7.0.7-4 Q16, an out of bounds read BID(link is flaw related to ReadTIFFImage has been reported in external) coders/tiff.c. An attacker could possibly exploit this CONFIRM( imagemagick -- flaw to disclose potentially sensitive memory or cause 2017- link is
imagemagick an application crash. 09-20 5.8 external)
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via CVE-2017- a crafted .svg file, related to "Data from Faulting 14539 Address controls Branch Selection starting at 2017- MISC(link
irfanview -- irfanview image00000000_00400000+0x000000000011d767." 09-18 4.6 is external)
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via CVE-2017- a crafted .svg file, related to "Data from Faulting 14540 Address controls Branch Selection starting at 2017- MISC(link
irfanview -- irfanview CADIMAGE+0x000000000001f23e." 09-18 4.6 is external)
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting CVE-2017- Address controls Branch Selection starting at 14578 ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000 2017- MISC(link
irfanview -- irfanview 000004b4." 09-18 4.6 is external)
CVE-2015- 5608 BID(link is Open redirect vulnerability in Joomla! CMS 3.0.0 2017- external)
joomla -- joomla! through 3.4.1. 09-20 5.8 CONFIRM CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info An out-of-bounds read flaw exists in parse_file_info in CVE-2017- archive_read_support_format_iso9660.c in libarchive 14501 3.3.2 when extracting a specially crafted iso9660 iso MISC file, related to 2017- MISC(link
libarchive -- libarchive archive_read_format_iso9660_read_header. 09-17 4.3 is external)
CVE-2017- 14502 read_header in archive_read_support_format_rar.c in MISC libarchive 3.3.2 suffers from an off-by-one error for MISC UTF-16 names in RAR archives, leading to an out-of- 2017- MISC(link
libarchive -- libarchive bounds read in archive_read_format_rar_read_header. 09-17 5.0 is external)
CVE-2017- libarchive 3.3.2 suffers from an out-of-bounds read 14503 within lha_read_data_none() in MISC archive_read_support_format_lha.c when extracting a 2017- MISC(link
libarchive -- libarchive specially crafted lha archive, related to lha_crc16. 09-17 4.3 is external)
CVE-2017- 12168 CONFIRM CONFIRM The access_pmu_evcntr function in CONFIRM( arch/arm64/kvm/sys_regs.c in the Linux kernel before link is 4.8.11 allows privileged KVM guest OS users to cause external) a denial of service (assertion failure and host OS crash) CONFIRM( by accessing the Performance Monitors Cycle Count 2017- link is
linux -- linux_kernel Register (PMCCNTR). 09-20 4.9 external)
CVE-2017- The iscsi_if_rx function in 14489 drivers/scsi/scsi_transport_iscsi.c in the Linux kernel CONFIRM( through 4.13.2 allows local users to cause a denial of link is service (panic) by leveraging incorrect length 2017- external)
linux -- linux_kernel validation. 09-15 4.9 CONFIRM
CVE-2014- 9758 MISC(link is external) magento -- e- Cross-site scripting (XSS) vulnerability in Magento E- 2017- MLIST(link
commerce Commerce Platform 1.9.0.1. 09-20 4.3 is external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any CVE-2017- ini format file via the f_filename parameter in a 14513 fingerprintdo action to 2017- MISC(link
metinfo -- metinfo admin/app/physical/physical.php. 09-17 5.0 is external)
CVE-2017- 12156 BID(link is Moodle 3.x has XSS in the contact form on the "non- 2017- external)
moodle -- moodle respondents" page in non-anonymous feedback. 09-18 4.3 CONFIRM
CVE-2017- Cross Site Scripting (XSS) exists in NexusPHP 14534 nexusphp_project -- 1.5.beta5.20120707 via the PATH_INFO to 2017- MISC(link
nexusphp location.php, related to PHP_SELF. 09-18 4.3 is external)
CVE-2017- 10846 Wi-Fi STATION L-02F Software version V10b and JVN(link is nttdocomo -- wi- earlier allows remote attackers to bypass access external) fi_station_l- restrictions to obtain information on device settings via 2017- MISC(link
02f_firmware unspecified vectors. 09-15 5.0 is external)
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package CVE-2017- name. This threat model may be relevant in the latest 9333 versions of third-party products that bundle OpenWebif, MISC(link i.e., set-top box products. The issue of Trojan horse is external) openwebif_project -- packages does NOT have security implications in cases 2017- MISC(link
openwebif where the attacker has full OpenWebif access. 09-17 6.8 is external)
CVE-2015- 4682 Polycom RealPresence Resource Manager (aka RPRM) MISC(link polycom -- before 8.4 allows remote authenticated users to obtain is external) realpresence_resource_ the installation path via an HTTP POST request to 2017- FULLDISC manager PlcmRmWeb/JConfigManager. 09-19 4.0 BUGTRAQ CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info (link is external) BID(link is external) CONFIRM( link is external) EXPLOIT- DB(link is external)
CVE-2015- 4684 MISC(link is external) FULLDISC Multiple directory traversal vulnerabilities in Polycom BUGTRAQ RealPresence Resource Manager (aka RPRM) before (link is 8.4 allow (1) remote authenticated users to read external) arbitrary files via a .. (dot dot) in the Modifier BID(link is parameter to PlcmRmWeb/FileDownload; or remote external) authenticated administrators to upload arbitrary files via CONFIRM( the (2) Filename or (3) SE_FNAME parameter to link is PlcmRmWeb/FileUpload or to read and remove external) polycom -- arbitrary files via the (4) filePathName parameter in an EXPLOIT- realpresence_resource_ importSipUriReservations SOAP request to 2017- DB(link is
manager PlcmRmWeb/JUserManager. 09-19 5.5 external)
CVE-2015- 4685 MISC(link is external) FULLDISC BUGTRAQ (link is external) BID(link is Polycom RealPresence Resource Manager (aka RPRM) external) before 8.4 allows local users with access to the plcm CONFIRM( polycom -- account to gain privileges via a script in link is realpresence_resource_ /var/polycom/cma/upgrade/scripts, related to a sudo 2017- external) manager misconfiguration. 09-19 4.4 EXPLOIT- CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info DB(link is external)
CVE-2017- Pragyan CMS v3.0 is vulnerable to an Error-Based SQL 14600 pragyan_cms_project -- injection in cms/admin.lib.php via $_GET['del_black'], 2017- MISC(link
pragyan_cms resulting in Information Disclosure. 09-19 4.0 is external)
CVE-2017- Pragyan CMS v3.0 is vulnerable to a Boolean-based 14601 pragyan_cms_project -- SQL injection in cms/admin.lib.php via 2017- MISC(link
pragyan_cms $_GET['forwhat'], resulting in Information Disclosure. 09-19 4.0 is external)
CVE-2015- 3432 BID(link is Multiple cross-site scripting (XSS) vulnerabilities in external) Pydio (formerly AjaXplorer) before 6.0.7 allow remote CONFIRM( attackers to inject arbitrary web script or HTML via 2017- link is
pydio -- pydio unspecified vectors, aka "Pydio XSS Vulnerabilities." 09-19 4.3 external)
CVE-2017- 14498 MISC(link SilverStripe CMS before 3.6.1 has XSS via an SVG is external) document that is mishandled by (1) the Insert Media MISC option in the content editor or (2) an admin/assets/add MISC(link pathname, as demonstrated by the is external) silverstripe -- admin/pages/edit/EditorToolbar/MediaForm/field/Asset 2017- MISC(link
silverstripe UploadField/upload URI, aka issue SS-2017-017. 09-15 4.3 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .epub file, related to a "Read Access Violation on Block CVE-2017- Data Move starting at 14542 stdutility -- STDUEPubFile!DllUnregisterServer+0x000000000001 2017- MISC(link
stdu_viewer 0262." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from CVE-2017- Faulting Address controls Branch Selection starting at 14543 stdutility -- STDUEPubFile!DllUnregisterServer+0x000000000003 2017- MISC(link
stdu_viewer 9335." 09-18 4.6 is external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address is used as one or more arguments in a CVE-2017- subsequent Function Call starting at 14544 stdutility -- STDUEPubFile!DllUnregisterServer+0x000000000003 2017- MISC(link
stdu_viewer fff1." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from CVE-2017- Faulting Address controls Branch Selection starting at 14545 stdutility -- STDUEPubFile!DllUnregisterServer+0x000000000001 2017- MISC(link
stdu_viewer 0332." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code CVE-2017- (0xe06d7363) starting at 14546 stdutility -- wow64!Wow64NotifyDebugger+0x000000000000001d 2017- MISC(link
stdu_viewer ." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a "Read CVE-2017- Access Violation starting at 14547 stdutility -- STDUMOBIFile!DllUnregisterServer+0x00000000000 2017- MISC(link
stdu_viewer 2efc0." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted CVE-2017- .djvu file, related to a "User Mode Write AV starting at 14548 stdutility -- STDUDjVuFile!DllUnregisterServer+0x000000000000 2017- MISC(link
stdu_viewer 854d." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted CVE-2017- .djvu file, related to a "Heap Corruption starting at 14549 stdutility -- wow64!Wow64NotifyDebugger+0x000000000000001d 2017- MISC(link
stdu_viewer ." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to cause a stdutility -- 2017- denial of service or possibly have unspecified other CVE-2017- stdu_viewer 09-18 4.6 impact via a crafted .djvu file, related to a "Possible 14550 CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info Stack Corruption starting at MISC(link STDUDjVuFile!DllUnregisterServer+0x000000000000 is external) e8b8."
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from CVE-2017- Faulting Address controls Branch Selection starting at 14551 stdutility -- STDUDjVuFile!DllUnregisterServer+0x000000000000 2017- MISC(link
stdu_viewer d9f2." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted CVE-2017- .djvu file, related to a "User Mode Write AV starting at 14552 stdutility -- STDUDjVuFile!DllUnregisterServer+0x000000000000 2017- MISC(link
stdu_viewer d9a9." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted CVE-2017- .djvu file, related to a "User Mode Write AV starting at 14553 stdutility -- STDUDjVuFile!DllUnregisterServer+0x000000000000 2017- MISC(link
stdu_viewer 85f5." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible CVE-2017- Stack Corruption starting at 14554 stdutility -- STDUDjVuFile!DllUnregisterServer+0x000000000000 2017- MISC(link
stdu_viewer d908." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a CVE-2017- subsequent Function Call starting at 14555 stdutility -- STDUDjVuFile!DllUnregisterServer+0x000000000000 2017- MISC(link
stdu_viewer ec6e." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted CVE-2017- .djvu file, related to a "User Mode Write AV starting at 14556 stdutility -- STDUDjVuFile!DllUnregisterServer+0x000000000000 2017- MISC(link
stdu_viewer da27." 09-18 4.6 is external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted CVE-2017- .djvu file, related to a "User Mode Write AV starting at 14557 stdutility -- STDUDjVuFile!DllUnregisterServer+0x000000000000 2017- MISC(link
stdu_viewer dd3f." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted CVE-2017- .djvu file, related to a "User Mode Write AV starting at 14558 stdutility -- STDUDjVuFile!DllUnregisterServer+0x000000000001 2017- MISC(link
stdu_viewer 8cc2." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block CVE-2017- Data Move starting at 14559 stdutility -- STDUXPSFile!DllUnregisterServer+0x0000000000005 2017- MISC(link
stdu_viewer af2." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from CVE-2017- Faulting Address controls Branch Selection starting at 14560 stdutility -- STDUXPSFile!DllUnregisterServer+0x0000000000005 2017- MISC(link
stdu_viewer bd2." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d CVE-2017- called from 14561 stdutility -- STDUXPSFile!DllUnregisterServer+0x0000000000025 2017- MISC(link
stdu_viewer 638." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code CVE-2017- (0xe06d7363) starting at 14562 stdutility -- wow64!Wow64NotifyDebugger+0x000000000000001d 2017- MISC(link
stdu_viewer ." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute stdutility -- 2017- arbitrary code or cause a denial of service via a crafted CVE-2017- stdu_viewer 09-18 4.6 .xps file, related to a "Read Access Violation on Block 14563 CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info Data Move starting at MISC(link STDUXPSFile!DllUnregisterServer+0x0000000000005 is external) 311."
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from CVE-2017- Faulting Address controls Branch Selection starting at 14564 stdutility -- STDUXPSFile!DllUnregisterServer+0x0000000000028 2017- MISC(link
stdu_viewer 657." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible CVE-2017- Stack Corruption starting at Unknown Symbol @ 14565 stdutility -- 0x00000000038f2fbf called from 2017- MISC(link
stdu_viewer image00000000_00400000+0x0000000000240065." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted CVE-2017- .xps file, related to a "User Mode Write AV starting at 14566 stdutility -- Unknown Symbol @ 0x00000000039d76c4 called from 2017- MISC(link
stdu_viewer Unknown Symbol @ 0x0000000000049d2c." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d CVE-2017- called from 14567 stdutility -- STDUXPSFile!DllUnregisterServer+0x000000000002e 2017- MISC(link
stdu_viewer 77b." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x000000000297024c CVE-2017- called from 14568 stdutility -- STDUXPSFile!DllUnregisterServer+0x0000000000025 2017- MISC(link
stdu_viewer 630." 09-18 4.6 is external)
CVE-2017- STDU Viewer 1.6.375 allows attackers to cause a 14569 denial of service or possibly have unspecified other stdutility -- 2017- MISC(link impact via a crafted .xps file, related to a "Read Access stdu_viewer 09-18 4.6 is external) Violation starting at CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info STDUXPSFile!DllUnregisterServer+0x0000000000005 bd5."
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted CVE-2017- .xps file, related to a "User Mode Write AV near NULL 14570 stdutility -- starting at 2017- MISC(link
stdu_viewer wow64!Wow64LdrpInitialize+0x00000000000008e1." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c CVE-2017- called from 14571 stdutility -- STDUXPSFile!DllUnregisterServer+0x0000000000025 2017- MISC(link
stdu_viewer 706." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted CVE-2017- .xps file, related to a "User Mode Write AV starting at 14572 stdutility -- Unknown Symbol @ 0x000000000479049b called from 2017- MISC(link
stdu_viewer Unknown Symbol @ 0x000000000d89645b." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c CVE-2017- called from 14573 stdutility -- STDUXPSFile!DllUnregisterServer+0x0000000000025 2017- MISC(link
stdu_viewer 66a." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute CVE-2017- arbitrary code or cause a denial of service via a crafted 14574 stdutility -- .xps file, related to a "User Mode Write AV starting at 2017- MISC(link
stdu_viewer Unknown Symbol @ 0x0000000004940490." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c CVE-2017- called from 14575 stdutility -- STDUXPSFile!DllUnregisterServer+0x0000000000025 2017- MISC(link
stdu_viewer 66c." 09-18 4.6 is external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other CVE-2017- impact via a crafted .xps file, related to a "Possible 14576 stdutility -- Stack Corruption starting at Unknown Symbol @ 2017- MISC(link
stdu_viewer 0x00000000049f0281." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Control CVE-2017- Flow starting at Unknown Symbol @ 14577 stdutility -- 0x0000000003aa7cef called from Unknown Symbol @ 2017- MISC(link
stdu_viewer 0x0000000004aa024d." 09-18 4.6 is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control CVE-2017- Flow starting at 14579 stdutility -- STDUJBIG2File!DllGetClassObject+0x000000000000 2017- MISC(link
stdu_viewer 5b70." 09-18 4.6 is external)
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to CVE-2017- modules/Emails/DetailView.php. An attacker could 14508 exploit these vulnerabilities by sending a crafted SQL MISC(link request to the affected areas. An exploit could allow the is external) attacker to modify the SQL database. Proper SQL 2017- MISC(link
sugarcrm -- sugarcrm escaping has been added to prevent such exploits. 09-17 6.5 is external)
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has CVE-2017- been identified in the Connectors module allowing 14509 authenticated users to include remotely accessible MISC(link system files via a module=CallRest&url= query string. is external) Proper input validation has been added to mitigate this 2017- MISC(link
sugarcrm -- sugarcrm issue. 09-17 6.5 is external) CV SS Primary Publis Sco Source & Vendor -- Product Description hed re Patch Info An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar CVE-2017- Community Edition 6.5.26). The WebToLeadCapture 14510 functionality is found vulnerable to unauthenticated MISC(link cross-site scripting (XSS) attacks. This attack vector is is external) mitigated by proper validating the redirect URL values 2017- MISC(link
sugarcrm -- sugarcrm being passed along. 09-17 4.3 is external)
CVE-2017- 14514 Directory Traversal on Tenda W15E devices before CONFIRM( tenda -- 15.11.0.14 allows remote attackers to read unencrypted 2017- link is
w15e_firmware files via a crafted URL. 09-17 5.0 external)
CVE-2017- Heap-based Buffer Overflow on Tenda W15E devices 14515 before 15.11.0.14 allows remote attackers to cause a CONFIRM( tenda -- denial of service (temporary HTTP outage and forced 2017- link is
w15e_firmware logout) via unspecified vectors. 09-17 5.0 external)
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of CVE-2017- service via a crafted .jb2 file, related to "Data from 14538 Faulting Address controls subsequent Write Address 2017- MISC(link
xnview -- xnview starting at jbig2dec+0x0000000000008823." 09-18 4.6 is external)
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related CVE-2017- to "Data from Faulting Address controls Branch 14541 Selection starting at 2017- MISC(link
xnview -- xnview CADImage+0x000000000001f23e." 09-18 4.6 is external)
XnView Classic for Windows Version 2.41 allows CVE-2017- attackers to execute arbitrary code or cause a denial of 14580 service via a crafted .jb2 file, related to a "User Mode 2017- MISC(link
xnview -- xnview Write AV starting at jbig2dec+0x000000000000870f." 09-18 4.6 is external)
Low Vulnerabilities CVS Primary Publishe S Source & Patch Vendor -- Product Description d Score Info AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field CVE-2017- to 14597 adminpanel/modules/pro/inc/ajax.p 2017-09- CONFIRM(link
afterlogic -- aurora hp during addition of a domain. 19 3.5 is external)
CVE-2015-4072 MISC(link is Multiple cross-site scripting (XSS) external) vulnerabilities in the Helpdesk Pro FULLDISC plugin before 1.4.0 for Joomla! BID(link is allow remote attackers to inject external) arbitrary web script or HTML via EXPLOIT- helpdesk_pro_project -- vectors related to name and 2017-09- DB(link is
helpdesk_pro message. 20 3.5 external)
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, CVE-2014-6191 6.0.4, and 6.0.5 allows remote CONFIRM(link ibm -- attackers to inject arbitrary web is external) curam_social_program_manageme script or HTML via unspecified 2017-09- BID(link is
nt vectors. IBM X-Force ID: 98568. 19 3.5 external)
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability CVE-2017-4926 that may allow for stored cross-site BID(link is scripting (XSS). An attacker with external) VC user privileges can inject SECTRACK(lin malicious java-scripts which will k is external) get executed when other VC users 2017-09- CONFIRM(link
vmware -- vcenter_server access the page. 15 3.5 is external)
Severity Not Yet Assigned Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2015- 389_directory_server -- 1854 389_directory_server 2017- 389 Directory Server before 1.3.3.10 allows not FEDORA 09-19 attackers to bypass intended access yet BID(link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info restrictions and modify directory entries via a calcul external) crafted ldapmodrdn call. ated REDHAT(l ink is external) CONFIRM (link is external)
CVE-2015- 3431 Pydio (formerly AjaXplorer) before 6.0.7 BID(link is allows remote attackers to execute arbitrary not external) commands via unspecified vectors, aka yet CONFIRM abstrium -- pydio "Pydio OS Command Injection 2017- calcul (link is Vulnerabilities." 09-19 ated external)
CVE-2017- 9798 MISC(link is external) BID(link is Apache httpd allows remote attackers to read external) secret data from process memory if the Limit SECTRAC directive can be set in a user's .htaccess file, K(link is or if httpd.conf has certain external) misconfigurations, aka Optionsbleed. This MISC affects the Apache HTTP Server through MISC 2.2.34 and 2.4.x through 2.4.27. The attacker MISC(link sends an unauthenticated OPTIONS HTTP is external) request when attempting to read secret data. MISC(link This is a use-after-free issue and thus secret is external) data is not always sent, and the specific data MISC depends on many factors including not MISC configuration. Exploitation with .htaccess yet EXPLOIT- apache -- http_server can be blocked with a patch to the 2017- calcul DB(link is ap_limit_section function in server/core.c. 09-18 ated external)
Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an CVE-2017- end-user or another application. There are not 9803 two issues with this functionality (when yet MLIST using SecurityAwareZkACLProvider type of apache -- solr 2017- calcul BID(link is ACL provider e.g. SaslZkACLProvider). 09-18 ated external) Firstly, access to the security configuration Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Solr 6.6.1 onwards.
CVE-2017- 9804 CONFIRM (link is external) In Apache Struts 2.3.7 through 2.3.33 and 2.5 BID(link is through 2.5.12, if an application allows external) entering a URL in a form field and built-in SECTRAC URLValidator is used, it is possible to K(link is prepare a special URL which will be used to external) overload server process when performing not CONFIRM validation of the URL. NOTE: this yet CISCO(lin apache -- struts2 vulnerability exists because of an incomplete 2017- calcul k is fix for S2-047 / CVE-2017-7672. 09-20 ated external)
CVE-2017- 9805 BID(link is external) SECTRAC K(link is external) CONFIRM CONFIRM (link is external) CONFIRM The REST Plugin in Apache Struts 2.1.2 CONFIRM through 2.3.x before 2.3.34 and 2.5.x before CISCO(lin 2.5.13 uses an XStreamHandler with an k is instance of XStream for deserialization not external) without any type filtering, which can lead to yet EXPLOIT- apache -- struts2 Remote Code Execution when deserializing 2017- calcul DB(link is XML payloads. 09-15 ated external) apache -- struts2 2017- In the Convention plugin in Apache Struts not CVE-2016- 09-20 2.3.20 through 2.3.30, it is possible to yet 6795 Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info prepare a special URL which will be used for calcul BID(link is path traversal and execution of arbitrary code ated external) on server side. CONFIRM
CVE-2017- 12611 CONFIRM (link is external) BID(link is external) In Apache Struts 2.0.1 through 2.3.33 and 2.5 not CONFIRM through 2.5.10, using an unintentional yet (link is apache -- struts2 expression in a Freemarker tag instead of 2017- calcul external) string literals can lead to a RCE attack. 09-20 ated CONFIRM
CVE-2017- 9793 CONFIRM (link is external) BID(link is external) SECTRAC The REST Plugin in Apache Struts 2.3.7 K(link is through 2.3.33 and 2.5 through 2.5.12 is external) using an outdated XStream library which is not CONFIRM vulnerable and allow perform a DoS attack yet CISCO(lin apache -- struts2 using malicious request with specially 2017- calcul k is crafted XML payload. 09-20 ated external)
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form CVE-2016- field and the built-in URLValidator is used, it not 8738 is possible to prepare a special URL which yet BID(link is apache -- struts2 will be used to overload server process when 2017- calcul external) performing validation of the URL. 09-20 ated CONFIRM
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs CVE-2017- enabled (e.g. via setting the readonly 12615 not initialisation parameter of the Default to BID(link is yet false) it was possible to upload a JSP file to external) apache -- tomcat 2017- calcul the server via a specially crafted request. SECTRAC 09-19 ated This JSP could then be requested and any K(link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info code it contained would be executed by the external) server. MLIST
CVE-2017- 12616 When using a VirtualDirContext with BID(link is Apache Tomcat 7.0.0 to 7.0.80 it was external) possible to bypass security constraints and/or not SECTRAC view the source code of JSPs for resources yet K(link is apache -- tomcat served by the VirtualDirContext using a 2017- calcul external) specially crafted request. 09-19 ated MLIST
The BL1 FWU SMC handling code in ARM CVE-2017- Trusted Firmware before 1.4 might allow 9607 attackers to write arbitrary data to secure CONFIRM memory, bypass the bl1_plat_mem_check (link is protection mechanism, cause a denial of not external) service, or possibly have unspecified other yet CONFIRM arm -- trusted_firmware impact via a crafted AArch32 image, which 2017- calcul (link is triggers an integer overflow. 09-20 ated external)
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps CVE-2017- file, related to "Data from Faulting Address 14685 controls Branch Selection starting at MISC(link mupdf+0x000000000016aa61" on Windows. is external) This occurs because not MISC(link xps_load_links_in_glyphs in xps/xps-link.c yet is external) artifex -- mupdf does not verify that an xps font could be 2017- calcul MISC(link loaded. 09-22 ated is external)
Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of CVE-2017- service via a crafted .xps file, related to a 14686 "User Mode Write AV near NULL starting at MISC(link wow64!Wow64NotifyDebugger+0x0000000 is external) 00000001d" on Windows. This occurs not MISC(link because read_zip_dir_imp in fitz/unzip.c yet is external) artifex -- mupdf does not check whether size fields in a ZIP 2017- calcul MISC(link entry are negative numbers. 09-22 ated is external)
Artifex MuPDF 1.11 allows attackers to CVE-2017- cause a denial of service or possibly have 14687 artifex -- mupdf 2017- unspecified other impact via a crafted .xps not MISC(link 09-22 file, related to "Data from Faulting Address yet is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info controls Branch Selection starting at calcul MISC(link mupdf+0x000000000016cb4f" on Windows. ated is external) This occurs because of mishandling of XML MISC(link tag name comparisons. is external)
member/Orderinfo.asp in ASP4CMS not CVE-2017- AspCMS 2.7.2 allows remote authenticated yet 14653 asp4cms -- aspcms users to read arbitrary order information via a 2017- calcul MISC(link modified OrderNo parameter. 09-22 ated is external)
CVE-2017- not 6315 Astaro Security Gateway (aka ASG) 7 allows yet EXPLOIT- astaro -- security_gateway remote attackers to execute arbitrary code via 2017- calcul DB(link is a crafted request to index.plx. 09-19 ated external)
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging not access to this non-root account for PID file yet CVE-2017- bareos -- bareos modification before a root script executes a 2017- calcul 14610 "kill `cat /pathname`" command. 09-20 ated MISC
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to not CVE-2017- the repeater click on a malicious link that yet 8771 be126 -- wifi_repeater will log into the telnet and will infect the 2017- calcul MISC(link device with malicious code. 09-20 ated is external)
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: not CVE-2017- 1. Read the entire file system; 2. Write to the yet 8772 be126 -- wifi_repeater file system; or 3. Execute any code that 2017- calcul MISC(link attacker desires (malicious or not). 09-20 ated is external)
There is LFD (local file disclosure) on not CVE-2017- BE126 WIFI repeater 1.0 devices that allows yet 8770 be126 -- wifi_repeater attackers to read the entire filesystem on the 2017- calcul MISC(link device via a crafted getpage parameter. 09-20 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info EXPLOIT- DB(link is external)
A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes not an out-of-bounds write, which leads to yet CVE-2017- remote denial of service or possibly code 2017- calcul 14644 bento4 -- bento4 execution. 09-21 ated MISC
CVE-2017- The AP4_HdlrAtom class in 14643 Core/Ap4HdlrAtom.cpp in Bento4 version MISC 1.5.0-617 uses an incorrect character data not MISC(link type, leading to a heap-based buffer over- yet is external) read and application crash in 2017- calcul MISC(link bento4 -- bento4 AP4_BytesToUInt32BE in Core/Ap4Utils.h. 09-21 ated is external)
A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version not 1.5.0-617. The vulnerability causes an yet CVE-2017- application crash, which leads to remote 2017- calcul 14645 bento4 -- bento4 denial of service. 09-21 ated MISC
A NULL pointer dereference was discovered CVE-2017- in the AP4_HdlrAtom class in Bento4 14642 version 1.5.0-617. The vulnerability causes a MISC segmentation fault and application crash in not MISC(link AP4_StdcFileByteStream::ReadPartial in yet is external) System/StdC/Ap4StdCFileByteStream.cpp, 2017- calcul MISC(link bento4 -- bento4 which leads to remote denial of service. 09-21 ated is external)
A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0- not 617. The vulnerability causes an out-of- yet CVE-2017- bento4 -- bento4 bounds write, which leads to remote denial of 2017- calcul 14647 service or possibly code execution. 09-21 ated MISC
not The AP4_AvccAtom and AP4_HvccAtom CVE-2017- yet classes in Bento4 version 1.5.0-617 do not 14646 bento4 -- bento4 2017- calcul properly validate data sizes, leading to a MISC 09-21 ated heap-based buffer over-read and application MISC(link Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info crash in AP4_DataBuffer::SetData in is external) Core/Ap4DataBuffer.cpp. MISC(link is external)
CVE-2017- A NULL pointer dereference was discovered 14640 in AP4_AtomSampleTable::GetSample in MISC Core/Ap4AtomSampleTable.cpp in Bento4 not MISC(link version 1.5.0-617. The vulnerability causes a yet is external) bento4 -- bento4 segmentation fault and application crash, 2017- calcul MISC(link which leads to remote denial of service. 09-21 ated is external)
CVE-2017- AP4_AtomFactory::CreateAtomFromStream 14638 in Core/Ap4AtomFactory.cpp in Bento4 MISC version 1.5.0-617 has missing NULL checks, not MISC(link leading to a NULL pointer dereference, yet is external) bento4 -- bento4 segmentation fault, and application crash in 2017- calcul MISC(link AP4_Atom::SetType in Core/Ap4Atom.h. 09-21 ated is external)
CVE-2017- A NULL pointer dereference was discovered 14641 in the AP4_DataAtom class in MISC MetaData/Ap4MetaData.cpp in Bento4 not MISC(link version 1.5.0-617. The vulnerability causes a yet is external) bento4 -- bento4 segmentation fault and application crash, 2017- calcul MISC(link which leads to remote denial of service. 09-21 ated is external)
AP4_VisualSampleEntry::ReadFields in CVE-2017- Core/Ap4SampleEntry.cpp in Bento4 1.5.0- 14639 617 uses incorrect character data types, MISC which causes a stack-based buffer underflow not MISC(link and out-of-bounds write, leading to denial of yet is external) bento4 -- bento4 service (application crash) or possibly 2017- calcul MISC(link unspecified other impact. 09-21 ated is external)
A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability not causes an out-of-bounds write, which leads yet CVE-2017- bladeenc -- bladeenc to remote denial of service or possibly code 2017- calcul 14648 execution. 09-21 ated MISC
CVE-2017- ca -- identity_manager 2017- CA Identity Manager r12.6 to r12.6 SP8, not 9393 09-22 14.0, and 14.1 allows remote attackers to yet BID(link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info potentially identify passwords of locked calcul external) accounts through an exhaustive search. ated CONFIRM (link is external)
CVE-2015- 8559 MLIST(lin k is not external) The knife bootstrap command in chef leaks yet CONFIRM chef_software -- chef the validator.pem private RSA key to 2017- calcul (link is /var/log/messages. 09-21 ated external)
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first CVE-2017- fixed release of Cisco AsyncOS Software for 12215 Cisco Email Security Appliances, both BID(link is virtual and hardware appliances, if the external) software is configured to apply a message SECTRAC filter or content filter to incoming email K(link is attachments. The vulnerability is not limited not external) to any specific rules or actions for a message yet CONFIRM cisco -- email_securit_appliance filter or content filter. Cisco Bug IDs: 2017- calcul (link is CSCvd29354. 09-21 ated external)
A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a CVE-2017- DLL preloading attack, potentially causing a 12252 partial impact to device availability, BID(link is confidentiality, and integrity. The not external) vulnerability is due to the application loading cisco -- yet CONFIRM a malicious copy of a specific, nondefined findit_network_discovery_utility 2017- calcul (link is DLL file instead of the DLL file it was 09-21 ated external) expecting. An attacker could exploit this Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCve89785.
A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed CVE-2017- Switches, Small Business 500 Series 6720 Stackable Managed Switches, 350 Series BID(link is cisco -- Managed Switches, 350X Series Stackable not external) small_business_managed_switch Managed Switches, 550X Series Stackable yet CONFIRM es Managed Switches, ESW2 Series Advanced 2017- calcul (link is Switches. Cisco Bug IDs: CSCvb48377. 09-21 ated external)
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service CVE-2017- (DoS) condition. The vulnerability is due to 12219 the inability to handle many large IP BID(link is fragments for reassembly in a short duration. external) An attacker could exploit this vulnerability SECTRAC by sending a crafted stream of IP fragments K(link is cisco -- to the targeted device. An exploit could allow not external) small_business_spa_series_phonethe attacker to cause a DoS condition when yet CONFIRM s the device unexpectedly reloads. Cisco Bug 2017- calcul (link is IDs: CSCve82586. 09-21 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell CVE-2017- access. The vulnerability is due to 12255 insufficient input validation of commands BID(link is entered in the CLI, aka a Restricted Shell external) Break Vulnerability. An attacker could SECTRAC exploit this vulnerability by entering a K(link is specific command with crafted arguments. not external) An exploit could allow the attacker to gain yet CONFIRM cisco -- ucs_central_software shell access to the underlying system. Cisco 2017- calcul (link is Bug IDs: CSCve70762. 09-21 ated external)
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by CVE-2017- authenticating to the OAMP and sending a 12214 crafted HTTP request. A successful exploit BID(link is could allow the attacker to gain administrator external) privileges. The attacker must successfully SECTRAC authenticate to the system to exploit this K(link is vulnerability. This vulnerability affects Cisco not external) cisco -- Unified Customer Voice Portal (CVP) yet CONFIRM unified_customer_voice_portal running software release 10.5, 11.0, or 11.5. 2017- calcul (link is Cisco Bug IDs: CSCve92752. 09-21 ated external)
A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a CVE-2017- Document Object Model (DOM)-based 12254 cross-site scripting attack. The vulnerability BID(link is is due to insufficient input validation of some external) parameters passed to the web server. An SECTRAC attacker could exploit this vulnerability by cisco -- K(link is convincing the user to access a malicious unified_intelligence_center_soft not external) link or by intercepting the user request and ware yet CONFIRM injecting the malicious code. An exploit 2017- calcul (link is could allow the attacker to execute arbitrary 09-21 ated external) code in the context of the affected site or Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve76848, CSCve76856.
CVE-2017- A vulnerability in the Cisco Unified 12253 Intelligence Center could allow an BID(link is unauthenticated, remote attacker to execute external) unwanted actions. The vulnerability is due to SECTRAC a lack of cross-site request forgery (CSRF) K(link is cisco -- protection. An attacker could exploit this not external) unified_intelligence_center_soft vulnerability by tricking the user of a web yet CONFIRM ware application into executing an adverse action. 2017- calcul (link is Cisco Bug IDs: CSCve76872. 09-21 ated external)
A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected software. CVE-2017- An attacker could exploit this vulnerability 12248 by persuading a user to click a malicious link BID(link is or by intercepting a user request and external) injecting malicious code into the request. A SECTRAC successful exploit could allow the attacker to K(link is cisco -- execute arbitrary script code in the context of not external) unified_intelligence_center_soft the affected site or allow the attacker to yet CONFIRM ware access sensitive browser-based information. 2017- calcul (link is Cisco Bug IDs: CSCve76835. 09-21 ated external)
A vulnerability in the HTTP web interface CVE-2017- for Cisco Wide Area Application Services 12250 (WAAS) could allow an unauthenticated, BID(link is remote attacker to cause an HTTP external) Application Optimization (AO) related SECTRAC process to restart, causing a partial denial of K(link is service (DoS) condition. The vulnerability is not external) due to lack of input validation of user- cisco -- yet CONFIRM supplied input parameters within an HTTP wide_area_application_services 2017- calcul (link is request. An attacker could exploit this 09-21 ated external) vulnerability by sending a crafted HTTP Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info request through the targeted device. An exploit could allow the attacker to cause a DoS condition due to a process unexpectedly restarting. The WAAS could drop traffic during the brief time the process is restarting. Cisco Bug IDs: CSCvc63048.
CVE-2014- 8686 MISC(link is external) MISC(link is external) CodeIgniter before 2.2.0 makes it easier for CONFIRM attackers to decode session cookies by not (link is leveraging fallback to a custom XOR-based yet external) codeigniter -- codeigniter encryption scheme when the Mcrypt 2017- calcul MISC(link extension for PHP is not available. 09-19 ated is external)
CVE-2014- 8684 MISC(link is external) CodeIgniter before 3.0 and Kohana 3.2.3 and FULLDIS earlier and 3.3.x through 3.3.2 make it easier C for remote attackers to spoof session cookies CONFIRM and consequently conduct PHP object not (link is codeigniter_and_kohana -- injection attacks by leveraging use of yet external) codeigniter_and_kohana standard string comparison operators to 2017- calcul MISC(link compare cryptographic hashes. 09-19 ated is external)
CVE-2015- 1865 BID(link is not external) yet CONFIRM coreutils -- coreutils fts.c in coreutils 8.4 allows local users to 2017- calcul (link is delete arbitrary files. 09-20 ated external)
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to not CVE-2017- execute arbitrary code via the (1) author yet 14627 (inside the INFORMATION tag), (2) name cyberlink -- cyberlink_labelprint 2017- calcul MISC(link (inside the INFORMATION tag), (3) artist 09-23 ated is external) (inside the TRACK tag), or (4) default Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info (inside the TEXT tag) parameter in an lpp project file.
CVE-2015- 1187 MISC(link is external) MISC(link is external) FULLDIS C CONFIRM (link is external) The ping tool in multiple D-Link and not BID(link is d-link_and_trendnet -- d- TRENDnet devices allow remote attackers to yet external) link_and_trendnet execute arbitrary code via the ping_addr 2017- calcul MISC(link parameter to ping.ccp. 09-21 ated is external)
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to CVE-2017- /webservices/download/index.php, and then 14706 reading the iToken field in the reply. This MISC(link affects DenyAll i-Suite LTS 5.5.0 through is external) 5.5.12, i-Suite 5.6, Web Application Firewall not MISC(link 5.7, and Web Application Firewall 6.x before yet is external) denyall -- waf 6.4.1, with On Premises or AWS/Azure 2017- calcul MISC(link cloud deployments. 09-22 ated is external)
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken CVE-2017- authentication parameter is required but can 14705 be obtained by exploiting CVE-2017-14706. MISC(link This affects DenyAll i-Suite LTS 5.5.0 is external) through 5.5.12, i-Suite 5.6, Web Application not MISC(link Firewall 5.7, and Web Application Firewall yet is external) denyall -- waf 6.x before 6.4.1, with On Premises or 2017- calcul MISC(link AWS/Azure cloud deployments. 09-22 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2015- 3420 FEDORA FEDORA FEDORA MLIST(lin k is external) MLIST(lin k is external) BID(link is external) The ssl-proxy-openssl.c function in Dovecot CONFIRM before 2.2.17, when SSLv3 is disabled, allow not (link is remote attackers to cause a denial of service yet external) dovecot -- dovecot (login process crash) via vectors related to 2017- calcul MLIST handshake failures. 09-19 ated MLIST
CVE-2014- 8174 CONFIRM not (link is eDeploy makes it easier for remote attackers yet external) edeploy -- edeploy to execute arbitrary code by leveraging use 2017- calcul MISC(link of HTTP to download files. 09-19 ated is external)
CVE-2015- 1866 MLIST(lin k is external) BID(link is not external) Cross-site scripting (XSS) vulnerability in yet CONFIRM ember.js -- ember.js Ember.js 1.10.x before 1.10.1 and 1.11.x 2017- calcul (link is before 1.11.2. 09-20 ated external)
In EMC ViPR SRM, Storage M&R, VNX CVE-2017- M&R, and M&R (Watch4Net) for SAS 8007 Solution Packs, the Webservice Gateway is CONFIRM not affected by a directory traversal BID(link is yet vulnerability. Attackers with knowledge of external) emc -- vipr_srm 2017- calcul Webservice Gateway credentials could SECTRAC 09-21 ated potentially exploit this vulnerability to access K(link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info unauthorized information, and modify or external) delete data, by supplying specially crafted SECTRAC strings in input parameters of the web service K(link is call. external)
In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the CVE-2017- Alerting and/or Compliance components can 8012 be leveraged to create a denial of service CONFIRM (DoS) condition. Attackers with knowledge SECTRAC of JMX agent user credentials could K(link is potentially exploit this vulnerability to create not external) arbitrary files on the affected system and yet SECTRAC emc -- vipr_srm create a DoS condition by leveraging 2017- calcul K(link is inherent JMX protocol capabilities. 09-21 ated external)
not CVE-2017- In EPESI 1.8.2 rev20170830, there is Stored yet 14713 XSS in the Phonecalls Description 2017- calcul MISC(link epesi -- epesi parameter. 09-22 ated is external)
not CVE-2017- In EPESI 1.8.2 rev20170830, there is Stored yet 14712 epesi -- epesi XSS in the Tasks Phonecall Notes Title 2017- calcul MISC(link parameter. 09-22 ated is external)
not CVE-2017- yet 14714 epesi -- epesi In EPESI 1.8.2 rev20170830, there is Stored 2017- calcul MISC(link XSS in the Phonecalls Subject parameter. 09-22 ated is external)
not CVE-2017- yet 14716 epesi -- epesi In EPESI 1.8.2 rev20170830, there is Stored 2017- calcul MISC(link XSS in the Tasks Title parameter. 09-22 ated is external)
not CVE-2017- yet 14717 epesi -- epesi In EPESI 1.8.2 rev20170830, there is Stored 2017- calcul MISC(link XSS in the Tasks Description parameter. 09-22 ated is external) epesi -- epesi In EPESI 1.8.2 rev20170830, there is Stored 2017- not CVE-2017- XSS in the Tasks Alerts Title parameter. 09-22 yet 14715 Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info calcul MISC(link ated is external)
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause CVE-2017- TMM to restart, causing an interruption of not 6147 service when "SSL Forward Proxy" setting is yet CONFIRM f5 -- multiple_products enabled in both the Client and Server SSL 2017- calcul (link is profiles assigned to a BIG-IP Virtual Server. 09-18 ated external)
Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow not CVE-2017- starting at yet 14694 foxit -- foxit_reader tiptsf!CPenInputPanel::FinalRelease+0x0000 2017- calcul MISC(link 00000000002f." 09-22 ated is external)
CVE-2015- 5179 CONFIRM not (link is FreeIPA might display user data improperly yet external) freeipa -- freeipa via vectors involving non-printable 2017- calcul MISC(link characters. 09-20 ated is external)
CVE-2015- 5284 CONFIRM (link is external) CONFIRM (link is external) CONFIRM (link is ipa-kra-install in FreeIPA before 4.2.2 puts not external) the CA agent certificate and private key in yet MLIST(lin freeipa -- freeipa /etc/httpd/alias/kra-agent.pem, which is 2017- calcul k is world readable. 09-21 ated external)
GNOME Nautilus before 3.23.90 allows CVE-2017- gnome -- nautilus 2017- attackers to spoof a file type by using the not 14604 09-20 .desktop file extension, as demonstrated by yet MISC Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info an attack in which a .desktop file's Name calcul MISC field ends in .pdf but this file's Exec field ated MISC(link launches a malicious "sh -c" command. In is external) other words, Nautilus provides no UI MISC(link indication that a file actually has the is external) potentially unsafe .desktop extension; MISC(link instead, the UI only shows the .pdf extension. is external) One (slightly) mitigating factor is that an MISC(link attack requires the .desktop file to have is external) execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.
In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects CVE-2017- an application using this package if these 14623 conditions are met: (1) it relies only on the CONFIRM return error of the Bind function call to (link is determine whether a user is authorized (i.e., a not external) nil return value is interpreted as successful yet CONFIRM go-ldap -- go-ldap authorization) and (2) it is used with an 2017- calcul (link is LDAP server allowing unauthenticated bind. 09-20 ated external)
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not CVE-2015- attempt to detect malicious activation 9232 attempts involving modified names MISC(link beginning with a com.good.gdgma substring. is external) Consequently, an attacker could obtain not MISC(link good_technology -- access to intranet data. This issue is only yet is external) good_fore_enterprise_application relevant in cases where the user has already 2017- calcul MISC(link downloaded a malicious Android application. 09-20 ated is external)
CVE-2017- ReadOneJNGImage in coders/png.c in 14649 GraphicsMagick version 1.3.26 does not not MISC(link graphicsmagick -- properly validate JNG data, leading to a yet is external) graphicsmagick denial of service (assertion failure in 2017- calcul BID(link is magick/pixel_cache.c, and application crash). 09-21 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info MISC MISC(link is external)
An authentication bypass vulnerability on CVE-2017- iBall Baton ADSL2+ Home Router FW_iB- 14244 LR7011A_1.0.2 devices potentially allows EXPLOIT- attackers to directly access administrative not DB(link is router settings by crafting URLs with a .cgi yet external) iball -- baton_adsl2+_router extension, as demonstrated by /info.cgi and 2017- calcul MISC(link /password.cgi. 09-17 ated is external)
CVE-2015- 0162 BID(link is external) XF(link is not external) ibm -- IBM Security SiteProtector System 3.0, 3.1, yet CONFIRM security_siteprotector_system and 3.1.1 allows local users to gain 2017- calcul (link is privileges. 09-20 ated external)
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom CVE-2017- applications using the Horde_Image library 14650 might be affected. This vulnerability affects MISC(link all versions of Horde_Image from 2.0.0 to is external) 2.5.1, and is fixed in 2.5.2. The problem is not MISC(link missing input validation of the index field in yet is external) imagemagick -- imagemagick _raw() during construction of an 2017- calcul MISC(link ImageMagick command line. 09-21 ated is external)
In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which CVE-2017- allows attackers to cause a denial of service not 14684 (memory consumption in yet CONFIRM imagemagick -- imagemagick ResizeMagickMemory in 2017- calcul (link is MagickCore/memory.c) via a crafted file. 09-21 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or not possibly have unspecified other impact via a yet CVE-2017- imagemagick -- imagemagick crafted SVG document, a different 2017- calcul 14682 vulnerability than CVE-2017-10928. 09-21 ated CONFIRM
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as CVE-2017- packaged in Red Hat OpenStack Newton, 7549 where pre-install and security policy scripts BID(link is used insecure temporary files. A local user not external) instack-undercloud -- instack- could exploit this flaw to conduct a yet CONFIRM undercloud symbolic-link attack, allowing them to 2017- calcul (link is overwrite the contents of arbitrary files. 09-21 ated external)
CVE-2015- 4706 MLIST(lin k is external) CONFIRM (link is external) CONFIRM (link is Cross-site scripting (XSS) vulnerability in external) IPython 3.x before 3.2 allows remote not CONFIRM attackers to inject arbitrary web script or yet (link is ipython -- ipython HTML via vectors involving JSON error 2017- calcul external) messages and the /api/contents path. 09-21 ated CONFIRM
CVE-2015- 5607 FEDORA FEDORA MLIST(lin k is not external) yet CONFIRM ipython -- ipython Cross-site request forgery in the REST API 2017- calcul (link is in IPython 2 and 3. 09-20 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CONFIRM (link is external) CONFIRM (link is external)
CVE-2015- 4707 MLIST(lin k is external) CONFIRM (link is external) CONFIRM (link is Cross-site scripting (XSS) vulnerability in external) IPython before 3.2 allows remote attackers to not CONFIRM inject arbitrary web script or HTML via yet (link is ipython -- ipython vectors involving JSON error messages and 2017- calcul external) the /api/notebooks path. 09-20 ated CONFIRM
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address not CVE-2017- controls Branch Selection starting at yet 14693 irfanview -- irfanview DJVU!GetPlugInInfo+0x000000000001c613 2017- calcul MISC(link ." 09-22 ated is external)
CVE-2015- iTerm2 3.x before 3.1.1 allows remote 9231 attackers to discover passwords by reading MISC(link DNS queries. A new (default) feature was is external) added to iTerm2 version 3.0.0 (and MISC(link unreleased 2.9.x versions such as is external) 2.9.20150717) that resulted in a potential MISC(link information disclosure. In an attempt to see is external) whether the text under the cursor (or selected MISC(link text) was a URL, the text would be sent as an is external) unencrypted DNS query. This has the not MISC(link potential to result in passwords and other yet is external) iterm2 -- iterm2 sensitive information being sent in cleartext 2017- calcul MISC(link without the user being aware. 09-20 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info MISC(link is external) MISC(link is external)
CVE-2017- 14595 BID(link is external) In Joomla! before 3.8.0, a logic bug in a SQL not SECTRAC query could lead to the disclosure of article yet K(link is joomla! -- joomla! intro texts when these articles are in the 2017- calcul external) archived state. 09-20 ated CONFIRM
CVE-2017- 14596 BID(link is external) not SECTRAC In Joomla! before 3.8.0, inadequate escaping yet K(link is joomla! -- joomla! in the LDAP authentication plugin can result 2017- calcul external) in a disclosure of a username and password. 09-20 ated CONFIRM
CVE-2015- 0276 MLIST(lin k is not external) yet BID(link is kallithea -- kallithea Cross-site request forgery (CSRF) 2017- calcul external) vulnerability in Kallithea before 0.2. 09-21 ated CONFIRM
CVE-2015- 1864 Multiple cross-site scripting (XSS) MLIST(lin vulnerabilities in the administration pages in k is Kallithea before 0.2.1 allow remote attackers external) to inject arbitrary web script or HTML via not BID(link is the (1) first name or (2) last name user yet external) kallithea -- kallithea details, or the (3) repository, (4) repository 2017- calcul CONFIRM group, or (5) user group description. 09-19 ated CONFIRM
Multiple cross-site scripting (XSS) CVE-2017- vulnerabilities in Kaltura before 13.2.0 allow 14142 kaltura -- kaltura 2017- remote attackers to inject arbitrary web script not CONFIRM 09-19 or HTML via the (1) partnerId or (2) yet (link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info playerVersion parameter to calcul external) server/admin_console/web/tools/bigRedButt ated CONFIRM on.php; the (3) partnerId, (4) playerVersion, (link is (5) secret, (6) entryId, (7) adminUiConfId, or external) (8) uiConfId parameter to MISC(link server/admin_console/web/tools/bigRedButt is external) onPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBro adcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlay er.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHls js.php.
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret CVE-2017- to validate cookie signatures, which allows 14143 remote attackers to bypass an intended CONFIRM protection mechanism and consequently not (link is conduct PHP object injection attacks and yet external) kaltura -- kaltura execute arbitrary PHP code via a crafted 2017- calcul MISC(link userzone cookie. 09-19 ated is external)
CVE-2017- The wiki_decode Developer System Helper 14141 function in the admin panel in Kaltura before CONFIRM 13.2.0 allows remote attackers to conduct not (link is PHP object injection attacks and execute yet external) kaltura -- kaltura arbitrary PHP code via a crafted serialized 2017- calcul MISC(link object. 09-19 ated is external)
The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account not for PID file modification before a root script yet CVE-2017- kannel -- kannel executes a "kill `cat /pathname`" command, 2017- calcul 14609 as demonstrated by bearerbox. 09-20 ated MISC Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2014- 5362 MISC(link is external) The admin interface in Landesk Management BUGTRA Suite 9.6 and earlier allows remote attackers Q(link is to conduct remote file inclusion attacks external) involving ASPX pages from third-party sites BID(link is via the d parameter to (1) not external) landesk -- ldms/sm_actionfrm.asp or (2) yet SECTRAC landesk_management_suite remote/frm_coremainfrm.aspx; or the (3) top 2017- calcul K(link is parameter to remote/frm_splitfrm.aspx. 09-19 ated external)
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an CVE-2017- authenticated user may be able to abuse not 3770 certain web interface functionality to execute yet CONFIRM privileged commands within the underlying 2017- calcul (link is lenovo -- lxca LXCA operating system. 09-22 ated external)
An attacker who obtains access to the CVE-2017- location where the LXCA file system is not 3763 stored may be able to access credentials of yet CONFIRM lenovo -- lxca local LXCA accounts in LXCA versions 2017- calcul (link is earlier than 1.3.2. 09-22 ated external)
libexif through 0.6.21 is vulnerable to out-of- bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length not CVE-2017- computation of the allocated data of an yet 7544 libexif -- libexif ExifMnote entry which can cause denial-of- 2017- calcul MISC(link service or possibly information disclosure. 09-21 ated is external)
CVE-2015- 6673 MLIST(lin k is external) MISC(link is external) MISC not MISC(link yet is external) libpgf -- libpgf Use-after-free vulnerability in Decoder.cpp 2017- calcul MISC(link in libpgf before 6.15.32. 09-20 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info MISC(link is external)
CVE-2017- In LibRaw through 0.18.4, an out of bounds 14608 read flaw related to kodak_65000_load_raw CONFIRM has been reported in dcraw/dcraw.c and (link is internal/dcraw_common.cpp. An attacker not external) could possibly exploit this flaw to disclose yet CONFIRM libraw -- libraw potentially sensitive memory or cause an 2017- calcul (link is application crash. 09-20 ated external)
In libsndfile 1.0.28, a divide-by-zero error not CVE-2017- exists in the function double64_init() in yet 14634 libsndfile -- libsndfile double64.c, which may lead to DoS when 2017- calcul MISC(link playing a crafted audio file. 09-21 ated is external)
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or not CVE-2017- information disclosure, related to yet 14246 libsndfile -- libsndfile mishandling of the NAN and INFINITY 2017- calcul MISC(link floating-point values. 09-21 ated is external)
An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or not CVE-2017- information disclosure, related to yet 14245 libsndfile -- libsndfile mishandling of the NAN and INFINITY 2017- calcul MISC(link floating-point values. 09-21 ated is external)
CVE-2015- 7837 REDHAT(l ink is external) REDHAT(l ink is external) The Linux kernel, as used in Red Hat MLIST(lin Enterprise Linux 7, kernel-rt, and Enterprise k is MRG 2 and when booted with UEFI Secure external) Boot enabled, allows local users to bypass not BID(link is intended securelevel/secureboot restrictions yet external) linux -- linux_kernel by leveraging improper handling of 2017- calcul CONFIRM secure_boot flag across kexec reboot. 09-19 ated (link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info external) CONFIRM (link is external)
CVE-2015- 2927 MLIST(lin k is external) not MISC node 0.3.2 and URONode before 1.0.5r3 yet CONFIRM linux -- linux_kernel allows remote attackers to cause a denial of 2017- calcul (link is service (bandwidth consumption). 09-20 ated external)
CVE-2017- 14340 CONFIRM CONFIRM CONFIRM BID(link is The XFS_IS_REALTIME_INODE macro in external) fs/xfs/xfs_linux.h in the Linux kernel before CONFIRM 4.13.2 does not verify that a filesystem has a (link is realtime device, which allows local users to not external) cause a denial of service (NULL pointer yet CONFIRM linux -- linux_kernel dereference and OOPS) via vectors related to 2017- calcul (link is setting an RHINHERIT flag on a directory. 09-15 ated external)
CVE-2017- 12153 CONFIRM BID(link is external) CONFIRM A security flaw was discovered in the (link is nl80211_set_rekey_data() function in external) net/wireless/nl80211.c in the Linux kernel CONFIRM through 4.13.3. This function does not check (link is whether the required attributes are present in external) a Netlink request. This request can be issued not CONFIRM by a user with the CAP_NET_ADMIN yet CONFIRM linux -- linux_kernel capability and may result in a NULL pointer 2017- calcul (link is dereference and system crash. 09-21 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus not CVE-2017- VisiBroker 8.5. The feasibility of leveraging yet 9283 micro_focus -- visibroker this vulnerability for further attacks was not 2017- calcul MISC(link assessed. 09-21 ated is external)
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap- allocated area, leading to heap corruption in not CVE-2017- Micro Focus VisiBroker 8.5. The feasibility yet 9282 micro_focus -- visibroker of leveraging this vulnerability for further 2017- calcul MISC(link attacks was not assessed. 09-21 ated is external)
An integer overflow (CWE-190) potentially not CVE-2017- causing an out-of-bounds read (CWE-125) yet 9281 micro_focus -- visibroker vulnerability in Micro Focus VisiBroker 8.5 2017- calcul MISC(link can lead to a denial of service. 09-21 ated is external)
Mirasvit Helpdesk MX before 1.5.3 might not CVE-2017- allow remote attackers to execute arbitrary yet 14320 mirasvit -- helpdesk_mx code by leveraging failure to filter uploaded 2017- calcul MISC(link files. 09-21 ated is external)
Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow not CVE-2017- remote attackers to inject arbitrary web script yet 14321 mirasvit -- helpdesk_mx or HTML via the (1) customer name or (2) 2017- calcul MISC(link subject in a ticket. 09-21 ated is external)
An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and RDS Based Boundary Monitors, CVE-2017- External Transmitters, Telepole II, and not 9645 mirion_technologies -- MESH Repeater (Telemetry Enabled yet BID(link is telemetry_enabled_device Devices). Decryption of data is possible at 2017- calcul external) the hardware level. 09-20 ated MISC
not A Use of Hard-Coded Cryptographic Key mirion_technologies -- yet issue was discovered in Mirion Technologies CVE-2017- telemetry_enabled_device 2017- calcul DMC 3000 Transmitter Module, iPam 9649 09-20 ated Transmitter f/DMC 2000, RDS-31 iTX and BID(link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info variants (including RSD31-AM Package), external) DRM-1/2 and variants (including Solar PWR MISC Package), DRM and RDS Based Boundary Monitors, External Transmitters, Telepole II, and MESH Repeater (Telemetry Enabled Devices). An unchangeable, factory-set key is included in the 900 MHz transmitter firmware.
CVE-2017- not 12157 In Moodle 3.x, various course reports allow yet BID(link is moodle -- moodle teachers to view details about users in the 2017- calcul external) groups they can't access. 09-18 ated CONFIRM
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the CVE-2017- Tapatalk plugin before 4.5.8 for MyBB 14652 allows an unauthenticated remote attacker to not MISC(link inject arbitrary SQL commands via an XML- yet is external) my_bb -- tapatalk_plugin RPC encoded document sent as part of the 2017- calcul MISC(link user registration process. 09-21 ated is external)
CVE-2017- The Winring0x32.sys driver in not 14311 NetMechanica NetDecision 5.8.2 allows yet EXPLOIT- netmechanica -- netdecision local users to gain privileges via a crafted 2017- calcul DB(link is 0x9C402088 IOCTL call. 09-19 ated external)
CVE-2014- The Client Filter Admin portal in Netsweeper 9618 before 3.1.10, 4.0.x before 4.0.9, and 4.1.x MISC(link before 4.1.2 allows remote attackers to not is external) bypass authentication and subsequently yet EXPLOIT- netsweeper -- netsweeper create arbitrary profiles via a showdeny 2017- calcul DB(link is action to the default URL. 09-19 ated external)
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager. CVE-2014- php in Netsweeper before 3.1.10, 4.0.x 9619 before 4.0.9, and 4.1.x before 4.1.2 allows MISC(link remote authenticated users with admin not is external) privileges on the Cloud Manager web yet EXPLOIT- console to execute arbitrary PHP code by netsweeper -- netsweeper 2017- calcul DB(link is uploading a file with a double extension, then 09-19 ated external) accessing it via a direct request to the file in Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info webadmin/deny/images/, as demonstrated by secuid0.php.gif.
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote not CVE-2014- attackers to obtain sensitive information by yet 9616 netsweeper -- netsweeper making a request that redirects to the deny 2017- calcul MISC(link page. 09-19 ated is external)
CVE-2014- Netsweeper before 3.1.10, 4.0.x before 4.0.9, 9610 and 4.1.x before 4.1.2 allows remote MISC(link attackers to bypass authentication and not is external) remove IP addresses from the quarantine via yet EXPLOIT- netsweeper -- netsweeper the ip parameter to 2017- calcul DB(link is webadmin/user/quarantine_disable.php. 09-19 ated external)
CVE-2014- 9611 MISC(link Netsweeper before 4.0.5 allows remote not is external) attackers to bypass authentication and create yet EXPLOIT- netsweeper -- netsweeper arbitrary accounts and policies via a request 2017- calcul DB(link is to webadmin/nslam/index.php. 09-19 ated external)
Improper Neutralization of Special Elements used in an OS Command in the podcast CVE-2017- playback function of Podbeuter in 14500 Newsbeuter 0.3 through 2.9 allows remote MISC(link attackers to perform user-assisted code is external) execution by crafting an RSS item with a MISC(link media enclosure (i.e., a podcast file) that is external) includes shell metacharacters in its filename, not MISC(link related to pb_controller.cpp and yet is external) newsbeuter -- newsbeuter queueloader.cpp, a different vulnerability 2017- calcul MISC(link than CVE-2017-12904. 09-17 ated is external)
CVE-2015- 3296 MLIST(lin Multiple cross-site scripting (XSS) k is vulnerabilities in NodeBB before 0.7 allow not external) remote attackers to inject arbitrary web script yet BID(link is nodebb -- nodebb or HTML via vectors related to (1) 2017- calcul external) javascript: or (2) data: URLs. 09-21 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info (link is external)
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for CVE-2017- DxgkDdiEscape where a pointer passed from not 6269 a user to the driver is used without validation yet CONFIRM which may lead to denial of service or 2017- calcul (link is nvidia -- display_driver possible escalation of privileges. 09-22 ated external)
NVIDIA GPU Display Driver contains a CVE-2017- vulnerability in the kernel mode layer not 6266 handler where improper access controls yet CONFIRM nvidia -- display_driver could allow unprivileged users to cause a 2017- calcul (link is denial of service. 09-22 ated external)
NVIDIA GPU Display Driver contains a CVE-2017- vulnerability in the kernel mode layer not 6267 handler where an incorrect initialization of yet CONFIRM nvidia -- display_driver internal objects can cause an infinite loop 2017- calcul (link is which may lead to a denial of service. 09-22 ated external)
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation CVE-2017- where untrusted user input is used as a not 6270 divisor without validation during a yet CONFIRM nvidia -- display_driver calculation which may lead to a potential 2017- calcul (link is divide by zero and denial of service. 09-22 ated external)
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to CVE-2017- the driver is not correctly validated and used not 6272 as the index to an array which may lead to a yet CONFIRM nvidia -- display_driver denial of service or possible escalation of 2017- calcul (link is privileges. 09-22 ated external)
NVIDIA Windows GPU Display Driver CVE-2017- contains a vulnerability in the kernel mode not 6268 layer (nvlddmkm.sys) handler for yet CONFIRM DxgkDdiEscape where a value passed from a nvidia -- display_driver 2017- calcul (link is user to the driver is not correctly validated 09-22 ated external) and used as the index to an array which may Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info lead to denial of service or possible escalation of privileges.
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation CVE-2017- where untrusted user input is used as a not 6271 divisor without validation while processing yet CONFIRM nvidia -- display_driver block linear information which may lead to a 2017- calcul (link is potential divide by zero and denial of service. 09-22 ated external)
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a CVE-2017- user to the driver is not correctly validated not 6277 and used as the index to an array which may yet CONFIRM nvidia -- display_driver lead to denial of service or possible 2017- calcul (link is escalation of privileges. 09-22 ated external)
not CVE-2015- yet 3890 openlitespeed -- openlitespeed Use-after-free vulnerability in Open 2017- calcul MISC(link Litespeed before 1.3.10. 09-20 ated is external)
In Open Ticket Request System (OTRS) CVE-2017- 3.3.x before 3.3.18, 4.x before 4.0.25, and not 14635 otrs -- 5.x before 5.0.23, remote authenticated users yet CONFIRM open_ticket_request_system can leverage statistics-write permissions to 2017- calcul (link is gain privileges via code injection. 09-21 ated external)
The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root not CVE-2017- script executes a "kill `cat yet 14681 p3scan -- p3scan /pathname/p3scan.pid`" command, as 2017- calcul MISC(link demonstrated by etc/init.d/p3scan. 09-21 ated is external)
Buffer overflow in the regular expression CVE-2017- not parser in PERL before 5.24.3-RC1 and 12883 yet 5.26.x before 5.26.1-RC1 allows remote CONFIRM perl -- perl 2017- calcul attackers to cause a denial of service (crash) (link is 09-19 ated or leak data from memory via vectors external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info involving use of RExC_parse in the vFAIL BID(link is macro. external) CONFIRM (link is external) CONFIRM CONFIRM CONFIRM
CVE-2017- 12837 BID(link is external) Heap-based buffer overflow in the regular CONFIRM expression compiler in PERL before 5.24.3- (link is RC1 and 5.26.x before 5.26.1-RC1 allows not external) remote attackers to cause a denial of service yet CONFIRM perl -- perl (crash) via a crafted regular expression with 2017- calcul CONFIRM the case-insensitive modifier. 09-19 ated CONFIRM
CVE-2015- 3880 MLIST(lin k is external) BID(link is external) CONFIRM (link is external) CONFIRM (link is external) CONFIRM Open redirect vulnerability in phpBB before (link is 3.0.14 and 3.1.x before 3.1.4 allows remote not external) attackers to redirect users of Google Chrome yet CONFIRM phpbb -- phpbb to arbitrary web sites and conduct phishing 2017- calcul (link is attacks via unspecified vectors. 09-19 ated external)
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote not CVE-2017- attackers to inject arbitrary web script or yet 14619 phpmyfaq -- phpmyfaq HTML via the "Title of your FAQ" field in 2017- calcul MISC(link the Configuration Module. 09-20 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2017- Cross-site scripting (XSS) vulnerability in 14618 inc/PMF/Faq.php in phpMyFAQ through MISC(link 2.9.8 allows remote attackers to inject not is external) arbitrary web script or HTML via the yet EXPLOIT- phpmyfaq -- phpmyfaq Questions field in an "Add New FAQ" 2017- calcul DB(link is action. 09-20 ated external)
In Poppler 0.59.0, a floating point exception not occurs in the ImageStream class in yet CVE-2017- poppler -- poppler Stream.cc, which may lead to a potential 2017- calcul 14617 attack when handling malicious PDF files. 09-20 ated CONFIRM
CVE-2017- not 14621 yet CONFIRM portus -- portus Portus 2.2.0 has XSS via the Team field, 2017- calcul (link is related to typeahead. 09-20 ated external)
CVE-2015- 3887 MLIST(lin k is external) BID(link is external) CONFIRM (link is external) CONFIRM (link is external) Untrusted search path vulnerability in CONFIRM ProxyChains-NG before 4.9 allows local (link is users to gain privileges via a Trojan horse not external) proxychains_ng -- libproxychains4.so library in the current yet CONFIRM proxychains_ng working directory, which is referenced in the 2017- calcul (link is LD_PRELOAD path. 09-21 ated external)
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you CVE-2017- not specify the `ssl_ca` parameter but do not 2299 yet specify the `ssl_certs_dir` parameter, a BID(link is puppetlabs -- apache 2017- calcul default will be provided for the external) 09-15 ated `ssl_certs_dir` that will trust certificates from CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info any of the system-trusted certificate (link is authorities. This did not affect FreeBSD. external)
Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default CVE-2017- configuration. This has security implications not 12170 because of overriding security-related yet CONFIRM pure-ftpd -- pure-ftpd configuration. This issue doesn't affect 2017- calcul (link is upstream version of pure-ftpd. 09-21 ated external)
In the medialibrary component in QNAP CVE-2017- NAS 4.3.3.0229, an un-authenticated, remote not 10700 attacker can execute arbitrary system yet CONFIRM qnap_systems -- nas commands as the root user of the NAS 2017- calcul (link is application. 09-19 ated external)
CVE-2017- 11001 BID(link is In all Qualcomm products with Android not external) releases from CAF using the Linux kernel, yet CONFIRM the length of the MAC address is not checked 2017- calcul (link is qualcomm -- android_releases which may cause out of bounds read. 09-21 ated external)
CVE-2017- 11000 In all Qualcomm products with Android BID(link is releases from CAF using the Linux kernel, in not external) an ISP Camera kernel driver function, an yet CONFIRM incorrect bounds check may potentially lead 2017- calcul (link is qualcomm -- android_releases to an out-of-bounds write. 09-21 ated external)
CVE-2017- In all Qualcomm products with Android 10999 releases from CAF using the Linux kernel, BID(link is concurrent calls into ioctl not external) RMNET_IOCTL_ADD_MUX_CHANNEL yet CONFIRM in ipa wan driver may lead to memory 2017- calcul (link is qualcomm -- android_releases corruption due to missing locks. 09-21 ated external)
CVE-2017- 2017- In all Qualcomm products with Android not 11002 qualcomm -- android_releases 09-21 releases from CAF using the Linux kernel, yet BID(link is Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info while processing a vendor sub-command, a calcul external) buffer over-read can occur. ated CONFIRM (link is external)
CVE-2017- 11040 BID(link is In all Qualcomm products with Android not external) releases from CAF using the Linux kernel, yet CONFIRM when reading from sysfs nodes, one can read 2017- calcul (link is qualcomm -- android_releases more information than it is allowed to. 09-21 ated external)
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and CVE-2017- modified by multiple threads, while it is not 9677 protected with locks. If one thread is running, BID(link is while another thread is setting data, race not external) conditions will happen. If "ddp- yet CONFIRM >params_length" is set to a big number, a 2017- calcul (link is qualcomm -- android_releases buffer overflow will occur. 09-21 ated external)
In all Qualcomm products with Android CVE-2017- releases from CAF using the Linux kernel, 8280 during the wlan calibration data store and BID(link is retrieve operation, there are some potential not external) race conditions which lead to a memory leak yet CONFIRM qualcomm -- android_releases and a buffer overflow during the context 2017- calcul (link is switch. 09-21 ated external)
In all Qualcomm products with Android releases from CAF using the Linux kernel, if CVE-2017- there is more than one thread doing the 8247 device open operation, the device may be BID(link is opened more than once. This would lead to not external) get_pid being called more than once, yet CONFIRM qualcomm -- android_releases however put_pid being called only once in 2017- calcul (link is function "msm_close". 09-21 ated external)
CVE-2017- not 8278 yet In all Qualcomm products with Android BID(link is qualcomm -- android_releases 2017- calcul releases from CAF using the Linux kernel, external) 09-21 ated while reading audio data from an unspecified CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info driver, a buffer overflow or integer overflow (link is could occur. external)
In all Qualcomm products with Android CVE-2017- releases from CAF using the Linux kernel, in 8277 the function msm_dba_register_client, if the BID(link is client registers failed, it would be freed. not external) However the client was not removed from yet CONFIRM qualcomm -- android_releases list. Use-after-free would occur when 2017- calcul (link is traversing the list next time. 09-21 ated external)
In all Qualcomm products with Android releases from CAF using the Linux kernel, CVE-2017- user controlled variables "nr_cmds" and 8250 "nr_bos" number are passed across functions BID(link is without any check. An integer overflow to not external) buffer overflow (with a smaller buffer yet CONFIRM qualcomm -- android_releases allocated) may occur when they are too large 2017- calcul (link is or negative. 09-21 ated external)
CVE-2017- 8281 In all Qualcomm products with Android BID(link is releases from CAF using the Linux kernel, a not external) race condition can allow access to already yet CONFIRM qualcomm -- android_releases freed memory while querying event status 2017- calcul (link is via DCI. 09-21 ated external)
CVE-2017- 9720 BID(link is In all Qualcomm products with Android not external) releases from CAF using the Linux kernel, yet CONFIRM qualcomm -- android_releases due to an off-by-one error in a camera driver, 2017- calcul (link is an out-of-bounds read/write can occur. 09-21 ated external)
CVE-2017- 11041 BID(link is In all Qualcomm products with Android not external) releases from CAF using the Linux kernel, an yet CONFIRM qualcomm -- android_releases output buffer is accessed in one thread and 2017- calcul (link is can be potentially freed in another. 09-21 ated external) qualcomm -- android_releases 2017- In all Qualcomm products with Android not CVE-2017- 09-21 releases from CAF using the Linux kernel, in yet 8251 Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info functions msm_isp_check_stream_cfg_cmd calcul BID(link is & msm_isp_stats_update_cgc_override, ated external) 'stream_cfg_cmd->num_streams' is not CONFIRM checked, and could overflow the array (link is stream_cfg_cmd->stream_handle. external)
In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer CVE-2017- length, which is user input, ends up being 10998 used to validate if the buffer is fully within BID(link is the valid region. If the buffer length is large not external) enough then the address + length operation yet CONFIRM qualcomm -- android_releases could overflow and produce a result far 2017- calcul (link is below the valid region. 09-21 ated external)
CVE-2017- 10997 In all Qualcomm products with Android BID(link is releases from CAF using the Linux kernel, not external) using a debugfs node, a write to a PCIe yet CONFIRM qualcomm -- android_releases register can cause corruption of kernel 2017- calcul (link is memory. 09-21 ated external)
CVE-2017- In all Qualcomm products with Android 9725 releases from CAF using the Linux kernel, BID(link is during DMA allocation, due to wrong data not external) type of size, allocation size gets truncated yet CONFIRM qualcomm -- android_releases which makes allocation succeed when it 2017- calcul (link is should fail. 09-21 ated external)
In all Qualcomm products with Android CVE-2017- releases from CAF using the Linux kernel, 10996 out of bounds access is possible in c_show(), BID(link is due to compat_hwcap_str[] not being NULL- not external) terminated. This error is not fatal, however yet CONFIRM qualcomm -- android_releases the device might crash/reboot with memory 2017- calcul (link is violation/out of bounds access. 09-21 ated external)
In all Qualcomm products with Android CVE-2017- releases from CAF using the Linux kernel, not 9676 potential use after free scenarios and race yet BID(link is qualcomm -- android_releases conditions can occur when accessing global 2017- calcul external) static variables without using a lock. 09-21 ated CONFIRM Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info (link is external)
CVE-2017- In all Qualcomm products with Android 9724 releases from CAF using the Linux kernel, BID(link is user-level permissions can be used to gain not external) access to kernel memory, specifically the yet CONFIRM qualcomm -- android_releases ION cache maintenance code is writing to a 2017- calcul (link is user supplied address. 09-21 ated external)
CVE-2015- 5248 CONFIRM red_hat -- not (link is feedhenry_enterprise_mobile_ap Reflected file download vulnerability in Red yet external) plication_platform Hat Feedhenry Enterprise Mobile 2017- calcul MISC(link Application Platform. 09-20 ated is external)
CVE-2015- 1849 CONFIRM (link is external) CONFIRM (link is external) AdvancedLdapLodinMogule in Red Hat CONFIRM JBoss Enterprise Application Platform (EAP) (link is red_hat -- before 6.4.1 allows attackers to obtain not external) jboss_enterprise_application_plat sensitive information via vectors involving yet CONFIRM form logging the LDAP bind credential password 2017- calcul (link is when TRACE logging is enabled. 09-19 ated external)
An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763- L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, CVE-2017- specially crafted Programmable Controller not 7924 rockwell_automation -- Communication Commands (PCCC) packet yet BID(link is micrologix_1100_controllers to the controller that could potentially cause 2017- calcul external) the controller to enter a DoS condition. 09-20 ated MISC Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2017- 0898 BID(link is external) SECTRAC Ruby before 2.4.2, 2.3.5, and 2.2.8 is K(link is vulnerable to a malicious format string which external) contains a precious specifier (*) with a huge MISC(link minus value. Such situation can lead to a not is external) buffer overrun, resulting in a heap memory yet MISC(link ruby -- ruby corruption or an information disclosure from 2017- calcul is external) the heap. 09-15 ated MISC
CVE-2017- 14033 BID(link is external) SECTRAC The decode method in the OpenSSL::ASN1 K(link is module in Ruby before 2.2.8, 2.3.x before not external) 2.3.5, and 2.4.x through 2.4.1 allows yet CONFIRM ruby -- ruby attackers to cause a denial of service 2017- calcul CONFIRM (interpreter crash) via a crafted string. 09-19 ated CONFIRM
CVE-2017- 10784 BID(link is external) The Basic authentication code in WEBrick SECTRAC library in Ruby before 2.2.8, 2.3.x before K(link is 2.3.5, and 2.4.x through 2.4.1 allows remote not external) attackers to inject terminal emulator escape yet CONFIRM ruby -- ruby sequences into its log and possibly execute 2017- calcul CONFIRM arbitrary commands via a crafted user name. 09-19 ated CONFIRM
not CVE-2017- In sam2p 0.49.3, a heap-based buffer yet 14628 sam2p -- sam2p overflow exists in the pcxLoadImage24 2017- calcul MISC(link function of the file in_pcx.cpp. 09-21 ated is external)
Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, not CVE-2017- ending with an invalid read of size 1 in the yet 14636 Image::Indexed::sortPal function in sam2p -- sam2p 2017- calcul MISC(link image.cpp. However, this also causes 09-22 ated is external) memory corruption because of an attempted Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info write to the invalid d[0xfffffffe] array element.
In sam2p 0.49.3, the in_xpm_reader function not CVE-2017- in in_xpm.cpp has an integer signedness yet 14629 sam2p -- sam2p error, leading to a crash when writing to an 2017- calcul MISC(link out-of-bounds array element. 09-21 ated is external)
not CVE-2017- In sam2p 0.49.3, the pcxLoadRaster function yet 14631 sam2p -- sam2p in in_pcx.cpp has an integer signedness error 2017- calcul MISC(link leading to a heap-based buffer overflow. 09-21 ated is external)
In sam2p 0.49.3, an integer overflow exists not CVE-2017- in the pcxLoadImage24 function of the file yet 14630 sam2p -- sam2p in_pcx.cpp, leading to an invalid write 2017- calcul MISC(link operation. 09-21 ated is external)
In sam2p 0.49.3, there is an invalid read of not CVE-2017- size 2 in the parse_rgb function in yet 14637 sam2p -- sam2p in_xpm.cpp. However, this can also cause a 2017- calcul MISC(link write to an illegal address. 09-22 ated is external)
An issue was discovered in SAP E- Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to CVE-2017- (candidate_hrobject is predictable and 14511 corr_act_guid is improperly validated). MISC(link Furthermore, since an email address can be is external) registered only once, an attacker could not MISC(link prevent other legitimate users from yet is external) sap -- e-recruiting registering. This is SAP Security Note 2017- calcul MISC(link 2507798. 09-17 ated is external)
The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows not CVE-2017- remote attackers to cause a denial of service yet 14581 sap -- netweaver_as_java (service crash) via a crafted request, aka SAP 2017- calcul MISC(link Security Note 2389181. 09-19 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info CVE-2015- 5395 MLIST(lin k is external) CONFIRM (link is external) MISC not MISC yet CONFIRM sogo -- sogo Cross-site request forgery (CSRF) 2017- calcul (link is vulnerability in SOGo before 3.1.0. 09-20 ated external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation not CVE-2017- starting at yet 14688 stdutility -- stdu_viewer STDUDjVuFile!DllUnregisterServer+0x000 2017- calcul MISC(link 000000000d917." 09-22 ated is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address not CVE-2017- controls Branch Selection starting at yet 14691 stdutility -- stdu_viewer ntdll_773a0000!RtlAddAccessAllowedAce+ 2017- calcul MISC(link 0x000000000000027a." 09-22 ated is external)
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent not CVE-2017- Write Address starting at yet 14690 stdutility -- stdu_viewer STDUJBIG2File!DllGetClassObject+0x0000 2017- calcul MISC(link 0000000064e7." 09-22 ated is external)
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have not CVE-2017- unspecified other impact via a crafted .djvu yet 14689 file, related to "Data from Faulting Address stdutility -- stdu_viewer 2017- calcul MISC(link is used as one or more arguments in a 09-22 ated is external) subsequent Function Call starting at Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info STDUDjVuFile!DllUnregisterServer+0x000 000000000328e."
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a not CVE-2017- "User Mode Write AV starting at yet 14692 stdutility -- stdu_viewer STDUJBIG2File!DllGetClassObject+0x0000 2017- calcul MISC(link 00000000653b." 09-22 ated is external)
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version not CVE-2017- >1.5.10 allows remote authenticated users to yet 12929 upload arbitrary files leading to Remote 2017- calcul MISC(link tecnovision -- dlx_spot_player4 Command Execution. 09-21 ated is external)
A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows not CVE-2017- remote attackers to log in via SSH and yet 12928 tecnovision -- dlx_spot_player4 escalate privileges to root access with the 2017- calcul MISC(link same credentials. 09-21 ated is external)
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version not CVE-2017- >1.5.10 allows remote unauthenticated users yet 12930 tecnovision -- dlx_spot_player4 to access the web interface as administrator 2017- calcul MISC(link via a crafted password. 09-21 ated is external)
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive CVE-2017- information by leveraging access to the log 0380 files of a hidden service, because not CONFIRM uninitialized stack data is included in an error yet (link is tor_project -- tor message about construction of an 2017- calcul external) introduction point circuit. 09-18 ated CONFIRM
Proxy command injection vulnerabilities in CVE-2017- Trend Micro Mobile Security (Enterprise) not 14081 versions before 9.7 Patch 3 allow remote yet MISC(link attackers to execute arbitrary code on 2017- calcul is external) trend_micro -- mobile_security vulnerable installations. 09-22 ated MISC(link Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info is external) CONFIRM (link is external)
CVE-2017- 14078 MISC(link SQL Injection vulnerabilities in Trend Micro not is external) Mobile Security (Enterprise) versions before yet CONFIRM trend_micro -- mobile_security 9.7 Patch 3 allow remote attackers to execute 2017- calcul (link is arbitrary code on vulnerable installations. 09-22 ated external)
CVE-2017- 14080 Authentication bypass vulnerability in Trend MISC(link Micro Mobile Security (Enterprise) versions not is external) before 9.7 Patch 3 allows attackers to access yet CONFIRM trend_micro -- mobile_security a specific part of the console using a blank 2017- calcul (link is password. 09-22 ated external)
CVE-2017- 14079 MISC(link is external) MISC(link is external) MISC(link is external) MISC(link Unrestricted file uploads in Trend Micro not is external) Mobile Security (Enterprise) versions before yet CONFIRM trend_micro -- mobile_security 9.7 Patch 3 allow remote attackers to execute 2017- calcul (link is arbitrary code on vulnerable installations. 09-22 ated external)
CVE-2017- 11395 MISC(link Command injection vulnerability in Trend is external) Micro Smart Protection Server (Standalone) BID(link is 3.1 and 3.2 server administration UI allows not external) trend_micro -- attackers with authenticated access to yet CONFIRM smart_protection_server execute arbitrary code on vulnerable 2017- calcul (link is installations. 09-22 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info Vulnerability issues with the web service inspection of input parameters in Trend CVE-2017- Micro Web Security Virtual Appliance 6.5 not 11396 trend_micro -- may allow potential attackers who already yet CONFIRM web_security_virtual_appliance have administration rights to the console to 2017- calcul (link is implement remote code injections. 09-22 ated external)
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json CVE-2016- configuration endpoint, permitting man-in- 10511 the-middle attackers the ability to view an not BID(link is application-only OAuth client token and yet external) twitter -- twitter_ios_client potentially enable unreleased Twitter iOS 2017- calcul MISC(link app features. 09-18 ated is external)
CVE-2015- 1329 CONFIRM (link is external) Use-after-free vulnerability in BID(link is oxide::qt::URLRequestDelegatedJob in not external) oxide-qt in Ubuntu 15.04 and 14.04 LTS yet UBUNTU( ubuntu -- ubuntu might allow remote attackers to execute 2017- calcul link is arbitrary code. 09-20 ated external)
An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband CVE-2017- Modem WA3002G4-0021.01 devices allows 14243 attackers to directly access administrative EXPLOIT- settings and obtain cleartext credentials from not DB(link is utstarcom -- wa3002g4_adsl_ HTML source, as demonstrated by info.cgi, yet external) modem upload.cgi, backupsettings.cgi, pppoe.cgi, 2017- calcul MISC(link resetrouter.cgi, and password.cgi. 09-17 ated is external)
CVE-2015- 3419 MLIST(lin vBulletin 5.x through 5.1.6 allows remote k is authenticated users to bypass authorization not external) checks and inject private messages into yet CONFIRM vbulletin_solutions -- vbulletin conversations via vectors related to an input 2017- calcul (link is validation failure. 09-19 ated external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as CVE-2017- value of the user element, the code will be 14615 rendered in the context of any logged in user MISC in the Web UI visiting "Traffic Monitor" not MISC(link sections "Events" and "All." As a side effect, yet is external) watchguard -- fireware no further events will be visible in the Traffic 2017- calcul MISC(link Monitor until the device is restarted. 09-20 ated is external)
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty CVE-2017- member element, the wgagent crashes, 14616 logging out any user with a session opened in not MISC(link the UI. By continuously executing the failed yet is external) watchguard -- fireware login attempts, UI management of the device 2017- calcul MISC(link becomes impossible. 09-20 ated is external)
CVE-2017- 14727 CONFIRM logger.c in the logger plugin in WeeChat not (link is before 1.9.1 allows a crash via strftime yet external) weechat -- weechat date/time specifiers, because a buffer is not 2017- calcul CONFIRM initialized. 09-23 ated CONFIRM
not CVE-2017- Before version 4.8.2, WordPress allowed a yet 14722 Directory Traversal attack in the Customizer 2017- calcul MISC wordpress -- wordpress component via a crafted theme filename. 09-23 ated MISC
not CVE-2017- Before version 4.8.2, WordPress was yet 14718 wordpress -- wordpress susceptible to a Cross-Site Scripting attack in 2017- calcul MISC the link modal via a javascript: or data: URL. 09-23 ated MISC
CVE-2015- not 2826 WordPress Simple Ads Manager plugin yet MISC(link wordpress -- wordpress 2.5.94 and 2.5.96 allows remote attackers to 2017- calcul is external) obtain sensitive information. 09-20 ated FULLDIS Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info C MISC(link is external) BUGTRA Q(link is external) BID(link is external) EXPLOIT- DB(link is external)
CVE-2015- 3299 MLIST(lin Cross-site scripting (XSS) vulnerability in k is the Floating Social Bar plugin before 1.1.7 not external) for WordPress allows remote attackers to yet BID(link is wordpress -- wordpress inject arbitrary web script or HTML via 2017- calcul external) vectors related to original service order. 09-19 ated CONFIRM
Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call CVE-2015- the (1) saveOption, (2) deleteCache, (3) 4089 deleteCssAndJsCache, or (4) not MLIST(lin addCacheTimeout method via the yet k is wordpress -- wordpress wpFastestCachePage parameter in the 2017- calcul external) WpFastestCacheOptions/ page. 09-19 ated CONFIRM
Before version 4.8.2, WordPress was not CVE-2017- vulnerable to a directory traversal attack yet 14719 wordpress -- wordpress during unzip operations in the ZipArchive 2017- calcul MISC and PclZip components. 09-23 ated MISC
not CVE-2017- Before version 4.8.2, WordPress allowed a yet 14720 wordpress -- wordpress Cross-Site scripting attack in the template list 2017- calcul MISC view via a crafted template name. 09-23 ated MISC wordpress -- wordpress 2017- Before version 4.8.2, WordPress was not CVE-2017- 09-23 susceptible to an open redirect attack in wp- yet 14725 Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info admin/edit-tag-form.php and wp-admin/user- calcul MISC edit.php. ated MISC
not CVE-2017- Before version 4.8.2, WordPress was yet 14726 wordpress -- wordpress vulnerable to a cross-site scripting attack via 2017- calcul MISC shortcodes in the TinyMCE visual editor. 09-23 ated MISC
not CVE-2017- Before version 4.8.2, WordPress was yet 14724 wordpress -- wordpress vulnerable to cross-site scripting in oEmbed 2017- calcul MISC discovery. 09-23 ated MISC
CVE-2017- 14723 MISC MISC MISC(link is external) MISC(link is external) Before version 4.8.2, WordPress mishandled MISC(link % characters and additional placeholder not is external) values in $wpdb->prepare, and thus did not yet MISC(link wordpress -- wordpress properly address the possibility of plugins 2017- calcul is external) and themes enabling SQL injection attacks. 09-23 ated MISC
not CVE-2017- Before version 4.8.2, WordPress allowed yet 14721 wordpress -- wordpress Cross-Site scripting in the plugin editor via a 2017- calcul MISC crafted plugin name. 09-23 ated MISC
WP_Admin_UI in the Crony Cronjob CVE-2017- Manager plugin before 0.4.7 for WordPress not 14530 has CSRF via the name parameter in an yet MISC(link wordpress -- wordpress action=manage&do=create operation, as 2017- calcul is external) demonstrated by inserting XSS sequences. 09-17 ated MISC
CVE-2017- WSO2 Data Analytics Server 3.1.0 has XSS 14651 in not MISC(link carbon/resources/add_collection_ajaxprocess yet is external) ws02 -- data_analytics_server or.jsp via the collectionName or parentPath 2017- calcul MISC(link parameter. 09-21 ated is external) Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info In Xiph.Org libvorbis 1.3.5, an out-of- bounds array read vulnerability exists in the not function mapping0_forward() in mapping0.c, yet CVE-2017- which may lead to DoS when operating on a 2017- calcul 14633 xiph.org -- vorbis crafted audio file with vorbis_analysis(). 09-21 ated MISC
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of- not CVE-2017- bounds access and application crash) or yet 14160 xiph.org -- vorbis possibly have unspecified other impact via a 2017- calcul MISC(link crafted mp4 file. 09-21 ated is external)
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function not vorbis_analysis_headerout() in info.c when yet CVE-2017- xiph.org -- vorbis vi->channels<=0, a similar issue to Mozilla 2017- calcul 14632 bug 550184. 09-21 ated MISC
CVE-2017- The DNS packet parser in YADIFA before 14339 2.2.6 does not check for the presence of CONFIRM infinite pointer loops, and thus it is possible not (link is to force it to enter an infinite loop. This can yet external) yadifa -- yadifa cause high CPU usage and makes the server 2017- calcul MISC(link unresponsive. 09-20 ated is external)
CVE-2015- 7347 MISC(link zcms -- not is external) javaserver_pages_content_manag Cross-site scripting (XSS) vulnerability in yet EXPLOIT- ement_system ZCMS JavaServer Pages Content 2017- calcul DB(link is Management System 1.1. 09-20 ated external)
ZKTeco ZKTime Web 2.0.1.12280 allows not CVE-2017- remote attackers to obtain sensitive employee yet 14680 metadata via a direct request for a PDF 2017- calcul MISC zkteco -- zktime_web document. 09-21 ated MISC
not CVE-2017- The ZXR10 1800-2S before v3.00.40 yet 10930 incorrectly restricts access to a resource from zte -- zxr10_1800-2s_routers 2017- calcul MISC(link an unauthorized actor, resulting in ordinary 09-19 ated is external) users being able to download configuration Primary Publis CVSS Source & Vendor -- Product Description hed Score Patch Info files to steal information like administrator accounts and passwords.
The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in not CVE-2017- the ability to download any files and cause yet 10931 zte -- zxr10_1800-2s_routers information leaks such as system 2017- calcul MISC(link configuration. 09-19 ated is external)