16/5/2017 Vulnerability Summary for the Week of May 8, 2017 Bulletin (SB17135) Vulnerability Summary for the Week of May 8, 2017
Original release date: May 15, 2017 | Last revised: May 16, 2017
The USCERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (USCERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 10.0
Medium Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 6.9
Low Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 3.9
Entries may include additional information provided by organizations and efforts sponsored by USCERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of USCERT analysis.
High Vulnerabilities
Primary Description Published CVSS Source & Vendor Product Score Patch Info
ibm websphere_cast_iron_solution IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, 20170505 9.0 CVE20169691 caused by an XML External Entity Injection (XXE) error when processing XML data. A CONFIRM remote attacker could exploit this vulnerability to expose highly sensitive information or BID consume all available memory resources. IBM XForce ID: 119515.
ibm websphere_cast_iron_solution IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service 20170505 7.8 CVE20169692 Interaction attack, caused by improper validation of usersupplied input. A remote attacker CONFIRM could exploit this vulnerability to induce the application to perform serverside DNS lookups BID or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X Force ID: 119516.
Back to top
Medium Vulnerabilities
Primary Description Published CVSS Source & Vendor Product Score Patch Info
genixcms genixcms forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote 20170508 6.4 CVE20178827 attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User MISC Password Reset attacks via a series of requests.
ibm marketing_platform IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored crosssite scripting, caused by 20170505 4.3 CVE20160255 improper validation of usersupplied input. A remote attacker could exploit this vulnerability CONFIRM to inject malicious script into a Web page which would be executed in a victim's Web BID browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookiebased authentication credentials. IBM XForce ID: 110564.
imagemagick imagemagick In ImageMagick 7.0.56, the ReadBMPImage function in bmp.c:1379 allows attackers to 20170508 4.3 CVE20178830 cause a denial of service (memory leak) via a crafted file. CONFIRM
Back to top
Low Vulnerabilities
Primary Description Published CVSS Source & Vendor Product Score Patch Info
There were no low vulnerabilities recorded this week.
Back to top
Severity Not Yet Assigned https://www.uscert.gov/ncas/bulletins/SB17135 1/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
adobe experience_manager_forms Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an 20170509 not yet CVE2017 information disclosure vulnerability resulting from abuse of the pre calculated 3067 population service in AEM Forms. BID CONFIRM
adobe flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable 20170509 not yet CVE2017 memory corruption vulnerability in the ConvolutionFilter class. Successful calculated 3070 exploitation could lead to arbitrary code execution. BID CONFIRM
adobe flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable 20170509 not yet CVE2017 memory corruption vulnerability in the BlendMode class. Successful calculated 3069 exploitation could lead to arbitrary code execution. BID CONFIRM
adobe flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable 20170509 not yet CVE2017 memory corruption vulnerability in the BitmapData class. Successful calculated 3072 exploitation could lead to arbitrary code execution. BID CONFIRM
adobe flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable 20170509 not yet CVE2017 use after free vulnerability when masking display objects. Successful calculated 3071 exploitation could lead to arbitrary code execution. BID CONFIRM
adobe flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable 20170509 not yet CVE2017 memory corruption vulnerability in the Graphics class. Successful calculated 3074 exploitation could lead to arbitrary code execution. BID CONFIRM
adobe flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable 20170509 not yet CVE2017 use after free vulnerability when handling multiple mask properties of calculated 3073 display objects, aka memory corruption. Successful exploitation could BID lead to arbitrary code execution. CONFIRM
adobe flash_player Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable 20170509 not yet CVE2017 memory corruption vulnerability in the Advanced Video Coding engine. calculated 3068 Successful exploitation could lead to arbitrary code execution. BID CONFIRM
adodb adodb Crosssite scripting vulnerability in ADOdb versions prior to 5.20.6 allows 20170512 not yet CVE2016 remote attackers to inject arbitrary web script or HTML via unspecified calculated 4855 vectors. JVN CONFIRM
advantech b+b_smartworx_mesr901 A Use of ClientSide Authentication issue was discovered in Advantech 20170505 not yet CVE2017 B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web calculated 7909 interface uses JavaScript to check client authentication and redirect BID unauthorized users. Attackers may intercept requests and bypass MISC authentication to access restricted web pages.
advantech webaccess An Absolute Path Traversal issue was discovered in Advantech 20170505 not yet CVE2017 WebAccess Version 8.1 and prior. The absolute path traversal vulnerability calculated 7929 has been identified, which may allow an attacker to traverse the file BID system to access restricted files or directories. MISC
allendisk id_parameter Allen Disk 1.6 has XSS in the id parameter to downfile.php. 20170508 not yet CVE2017 calculated 8832 CONFIRM
allendisk setpass.php Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a 20170508 not yet CVE2017 password. calculated 8848 MISC
ambari ambari In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the 20170512 not yet CVE2017 Ambari Hive View may be able to gain unauthorized read access to files calculated 5654 on the host where the Ambari server executes. CONFIRM CONFIRM
artifexghostscript mark_line_tr The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows 20170512 not yet CVE2017 remote attackers to cause a denial of service (outofbounds read) via a calculated 8908 crafted PostScript document. MISC
asus_rtac_rtn firmware ASUS RTAC* and RTN* devices with firmware before 3.0.0.4.380.7378 20170510 not yet CVE2017 allow JSONP Information Disclosure such as a network map. calculated 5892 MISC MISC
https://www.uscert.gov/ncas/bulletins/SB17135 2/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
asus_rtac_rtn firmware ASUS RTAC* and RTN* devices with firmware before 3.0.0.4.380.7378 20170510 not yet CVE2017 have Login Page CSRF and Save Settings CSRF. calculated 5891 MISC MISC
asus_rtac_rtn asus_rt_ac_rt_n ASUS RTAC* and RTN* devices with firmware before 3.0.0.4.380.7378 20170510 not yet CVE2017 allow remote authenticated users to discover the WiFi password via calculated 8878 WPS_info.xml. MISC
asus_rtac_rtn asus_rt_ac_rt_n ASUS RTAC* and RTN* devices with firmware through 3.0.0.4.380.7378 20170510 not yet CVE2017 allow JSONP Information Disclosure such as the SSID. calculated 8877 MISC
atlassian hipchat Acceptance of invalid/selfsigned TLS certificates in Atlassian HipChat 20170505 not yet CVE2017 before 3.16.2 for iOS allows a maninthemiddle and/or physically calculated 8058 proximate attacker to silently intercept information sent during the login BID API call. MISC
basercms basercms Crosssite request forgery (CSRF) vulnerability in baserCMS version 20170512 not yet CVE2016 3.0.10 and earlier allows remote attackers to hijack the authentication of calculated 4878 administrators via unspecified vectors. CONFIRM JVN
basercms basercms Crosssite request forgery (CSRF) vulnerability in baserCMS version 20170512 not yet CVE2016 3.0.10 and earlier allows remote attackers to hijack the authentication of calculated 4882 administrators via unspecified vectors. CONFIRM JVN
basercms basercms Crosssite scripting vulnerability in baserCMS version 3.0.10 and earlier 20170512 not yet CVE2016 allows remote attackers to inject arbitrary web script or HTML via calculated 4883 unspecified vectors. CONFIRM JVN
basercms plugin_blog Crosssite request forgery (CSRF) vulnerability in baserCMS plugin Blog 20170512 not yet CVE2016 version 3.0.10 and earlier allows remote attackers to hijack the calculated 4884 authentication of administrators via unspecified vectors. CONFIRM JVN
basercms plugin_blog Crosssite request forgery (CSRF) vulnerability in baserCMS plugin Blog 20170512 not yet CVE2016 version 3.0.10 and earlier allows remote attackers to hijack the calculated 4881 authentication of administrators via unspecified vectors. CONFIRM JVN
basercms plugin_blog Crosssite scripting vulnerability in baserCMS plugin Blog version 3.0.10 20170512 not yet CVE2016 and earlier allows remote authenticated attackers to inject arbitrary web calculated 4880 script or HTML via unspecified vectors. CONFIRM JVN
basercms plugin_feed Crosssite request forgery (CSRF) vulnerability in baserCMS plugin Feed 20170512 not yet CVE2016 version 3.0.10 and earlier allows remote attackers to hijack the calculated 4885 authentication of administrators via unspecified vectors. CONFIRM JVN
basercms plugin_mail Crosssite request forgery (CSRF) vulnerability in baserCMS plugin Mail 20170512 not yet CVE2016 version 3.0.10 and earlier allows remote attackers to hijack the calculated 4879 authentication of administrators via unspecified vectors. CONFIRM JVN
basercms plugin_mail Crosssite request forgery (CSRF) vulnerability in baserCMS plugin Mail 20170512 not yet CVE2016 version 3.0.10 and earlier allows remote attackers to hijack the calculated 4886 authentication of administrators via unspecified vectors. CONFIRM JVN
basercms plugin_mail Crosssite scripting vulnerability in baserCMS plugin Mail version 3.0.10 20170512 not yet CVE2016 and earlier allows remote authenticated attackers to inject arbitrary web calculated 4877 script or HTML via unspecified vectors. CONFIRM JVN
basercms plugin_uploader Crosssite request forgery (CSRF) vulnerability in baserCMS plugin 20170512 not yet CVE2016 Uploader version 3.0.10 and earlier allows remote attackers to hijack the calculated 4887 authentication of administrators via unspecified vectors. CONFIRM JVN
basercms basercms Crosssite request forgery (CSRF) vulnerability in baserCMS version 20170512 not yet CVE2016 3.0.10 and earlier allows remote attackers to hijack the authentication of calculated 4876 administrators to execute arbitrary PHP code via unspecified vectors. MISC JVN
https://www.uscert.gov/ncas/bulletins/SB17135 3/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
blackberry management_console A stored cross site scripting vulnerability in the Management Console of 20170510 not yet CVE2017 BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all calculated 3894 versions of BES12, allows attackers to execute actions in the context of a CONFIRM Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
blf_tech_llc visualview_hmi An Uncontrolled Search Path Element issue was discovered in BLFTech 20170508 not yet CVE2017 LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search calculated 6051 path element vulnerability has been identified, which may allow an BID attacker to run a malicious DLL file within the search path resulting in MISC execution of arbitrary code.
brocadefibrechannelsan os_(fos) A privilege escalation vulnerability in Brocade Fibre Channel SAN products 20170508 not yet CVE2016 running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and calculated 8202 v8.0.1b could allow an authenticated attacker to elevate the privileges of BID user accounts accessing the system via command line interface. With CONFIRM affected versions, nonroot users can gain root access with a combination CONFIRM of shell commands and parameters.
brocadenetiron brocade_netiron Improper checks for unusual or exceptional conditions in Brocade NetIron 20170508 not yet CVE2016 05.8.00 and later releases up to and including 06.1.00, when the calculated 8209 Management Module is continuously scanned on port 22, may allow CONFIRM attackers to cause a denial of service (crash and reload) of the management module.
caclientautomation The OS Installation Management component in CA Client Automation 20170505 not yet CVE2017 os_installation_management_compone r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable calculated 8391 nt local file during operating system installation, which allows local users to BID obtain sensitive information by reading this file after operating system CONFIRM installation.
certec edv_gmbh_atvise_scada A Header Injection issue was discovered in Certec EDV GmbH atvise 20170505 not yet CVE2017 scada prior to Version 3.0. An "improper neutralization of HTTP headers calculated 6031 for scripting syntax" issue has been identified, which may allow remote BID code execution. MISC
certec edv_gmbh_atvise_scada A CrossSite Scripting issue was discovered in Certec EDV GmbH atvise 20170505 not yet CVE2017 scada prior to Version 3.0. This may allow remote code execution. calculated 6029 BID MISC
citrix xenmobile_server Citrix XenMobile Server before 10.5.0.24 allows maninthemiddle 20170505 not yet CVE2016 attackers to trigger HTTP 302 redirections via vectors involving the HTTP calculated 6877 Host header and a cached page. BID MISC
cmsmadesimple ** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote 20170512 not yet CVE2017 admin_editusertag_php authenticated administrators to execute arbitrary PHP code via the code calculated 8912 parameter to admin/editusertag.php, related to the CreateTagFunction and MISC CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug."
conexantsystems mictray64task Conexant Systems mictray64 task, as used on HP Elite, EliteBook, 20170512 not yet CVE2017 ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any calculated 8360 process. In mictray64.exe (mic tray icon) 1.0.0.46, a MISC LowLevelKeyboardProc Windows hook is used to capture keystrokes. MISC This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.
cybervision kaa_iot_platform A Code Injection issue was discovered in CyberVision Kaa IoT Platform, 20170505 not yet CVE2017 Version 0.7.4. An insufficientencapsulation vulnerability has been calculated 7911 identified, which may allow remote code execution. BID MISC
dahua configuration_file A Password in Configuration File issue was discovered in Dahua DHIPC 20170505 not yet CVE2017 HDBW23A0RNZS, DHIPCHDBW13A0SN, DHIPCHDW1XXX, DHIPC calculated 7925 HDW2XXX, DHIPCHDW4XXX, DHIPCHFW1XXX, DHIPCHFW2XXX, MISC DHIPCHFW4XXX, DHSD6CXX, DHNVR1XXX, DHHCVR4XXX, DH BID HCVR5XXX, DHIHCVR51A04HES3, DHIHCVR51A08HES3, and DHI MISC HCVR58A32SS2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.
https://www.uscert.gov/ncas/bulletins/SB17135 4/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
dahua dh_ipc A Use of Password Hash Instead of Password for Authentication issue 20170505 not yet CVE2017 was discovered in Dahua DHIPCHDBW23A0RNZS, DHIPC calculated 7927 HDBW13A0SN, DHIPCHDW1XXX, DHIPCHDW2XXX, DHIPC MISC HDW4XXX, DHIPCHFW1XXX, DHIPCHFW2XXX, DHIPCHFW4XXX, BID DHSD6CXX, DHNVR1XXX, DHHCVR4XXX, DHHCVR5XXX, DHI MISC HCVR51A04HES3, DHIHCVR51A08HES3, and DHIHCVR58A32SS2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.
dolibarr erp_crm Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the 20170510 not yet CVE2017 current password, which makes it easier for physically proximate calculated 8879 attackers to obtain access via an unattended workstation. MISC
dolibarr erp_crm Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which 20170510 not yet CVE2017 makes bruteforce attacks easier. calculated 7888 MISC
dolibarr erp_crm Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall 20170510 not yet CVE2017 parameter. calculated 7887 MISC
dolibarr erp_crm Dolibarr ERP/CRM 4.0.4 has SQL Injection in 20170510 not yet CVE2017 doli/theme/eldy/style.css.php via the lang parameter. calculated 7886 MISC
dropboxlepton dos_lepton_file Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a 20170510 not yet CVE2017 malformed lepton file because the code does not ensure setup of a correct calculated 8891 number of threads. MISC MISC MISC
emc EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 20170508 not yet CVE2017 mainframe_enablers_resourcepak_base 8.1.0 contains a fix for a privilege management vulnerability that could calculated 4982 potentially be exploited by malicious users to compromise the affected CONFIRM system. BID
f5 big_ip In F5 BIGIP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge 20170509 not yet CVE2017 Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and calculated 6137 WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, CONFIRM undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations.
f5 big_ip In F5 BIGIP 12.1.0 through 12.1.2, specific websocket traffic patterns 20170509 not yet CVE2016 may cause a disruption of service for virtual servers configured to use the calculated 9253 websocket profile. CONFIRM
f5 big_ip In F5 BIGIP 12.0.0 through 12.1.2, an authenticated attacker may be able 20170509 not yet CVE2016 to cause an escalation of privileges through a crafted iControl REST calculated 9251 connection. CONFIRM
f5 big_ip In F5 BIGIP APM 12.0.0 through 12.1.2, nonauthenticated users may be 20170509 not yet CVE2016 able to inject JavaScript into a request that will then be rendered and calculated 9257 executed in the context of the Administrative user when the Administrative CONFIRM user is viewing the Access System Logs, allowing the nonauthenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.
f5 big_ip In F5 BIGIP 12.1.0 through 12.1.2, permissions enforced by iControl can 20170509 not yet CVE2016 lag behind the actual permissions assigned to a user if the role_map is not calculated 9256 reloaded between the time the permissions are changed and the time of BID the user's next request. This is a race condition that occurs rarely in CONFIRM normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.
f5 big_ip_apm In F5 BIGIP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user 20170509 not yet CVE2017 with an established access session to the BIGIP APM system may be calculated 0302 able to cause a traffic disruption if the length of the requested URL is less CONFIRM than 16 characters.
f5 big_ip In F5 BIGIP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an 20170510 not yet CVE2016 unauthenticated user with access to the control plane may be able to calculated 9250 delete arbitrary files through an undisclosed mechanism. CONFIRM
fiyocms Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in 20170509 not yet CVE2017 dapur_apps_app_config_controller_bac dapur/apps/app_config/controller/backuper.php via directory traversal in calculated 8853 kuper_php the file parameter during an act=db action. MISC
https://www.uscert.gov/ncas/bulletins/SB17135 5/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
flatcore acp_core_files_browser_php acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via 20170510 not yet CVE2017 directory traversal in the delete parameter to acp/acp.php. The risk might calculated 8868 be limited to requests submitted through CSRF. CONFIRM
flightgear fgcommand_interface In FlightGear before 2017.2.1 , the FGCommand interface allows 20170512 not yet CVE2017 overwriting any file the user has write access to, but not with arbitrary calculated 8921 data: only with the contents of a FlightGear flightplan (XML). A resource CONFIRM such as a malicious thirdparty aircraft could exploit this to damage files belonging to the user. Both this issue and CVE 20169956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx this one exists because of an incomplete fix for CVE 20169956 .
gemalto smartdiag_diagnosis Gemalto SmartDiag Diagnosis Tool v2.5 has a stackbased Buffer 20170508 not yet CVE2017 Overflow with SEH Overwrite via long "Register a new card" input fields. calculated 6953 There may be a risk of local code execution with untrusted input to EXPLOITDB SmartDiag.exe or SymDiag.exe.
gnu c_library The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or 20170507 not yet CVE2017 libc6) 2.25 mishandle failures of buffer deserialization, which allows calculated 8804 remote attackers to cause a denial of service (virtual memory allocation, CONFIRM or memory consumption if an overcommit setting is not used) via a crafted BID UDP packet to port 111, a related issue to CVE 20178779 . CONFIRM CONFIRM CONFIRM
goodix touchscreen_driver An elevation of privilege vulnerability in the Goodix touchscreen driver 20170512 not yet CVE2017 could enable a local malicious application to execute arbitrary code within calculated 0622 the context of the kernel. This issue is rated as High because it first CONFIRM requires compromising a privileged process. Product: Android. Versions: Kernel3.10. Android ID: A 32749036 . References: QCCR# 1098602 .
google android An information disclosure vulnerability in the Synaptics touchscreen driver 20170512 not yet CVE2017 could enable a local malicious application to access data outside of its calculated 0634 permission levels. This issue is rated as Moderate because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID: A 32511682 .
google android A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in 20170512 not yet CVE2017 Mediaserver could enable an attacker to use a specially crafted file to calculated 0635 cause a device hang or reboot. This issue is rated as Low due to details CONFIRM specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. CONFIRM Android ID: A 35467107 .
google android An information disclosure vulnerability in the Qualcomm camera driver 20170512 not yet CVE2017 could enable a local malicious application to access data outside of its calculated 0628 permission levels. This issue is rated as Moderate because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 34230377 . References: QCCR# 1086833 .
google android An information disclosure vulnerability in the Qualcomm camera driver 20170512 not yet CVE2017 could enable a local malicious application to access data outside of its calculated 0631 permission levels. This issue is rated as Moderate because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 35399756 . References: QCCR# 1093232 .
google android An information disclosure vulnerability in the Qualcomm camera driver 20170512 not yet CVE2017 could enable a local malicious application to access data outside of its calculated 0629 permission levels. This issue is rated as Moderate because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 35214296 . References: QCCR# 1086833 .
google android An information disclosure vulnerability in the kernel trace subsystem could 20170512 not yet CVE2017 enable a local malicious application to access data outside of its calculated 0630 permission levels. This issue is rated as Moderate because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 34277115 .
google android An information disclosure vulnerability in the Broadcom WiFi driver could 20170512 not yet CVE2017 enable a local malicious component to access data outside of its calculated 0633 permission levels. This issue is rated as Moderate because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A36000515. References: BRB#117131.
google android An information disclosure vulnerability in the kernel UVC driver could 20170512 not yet CVE2017 enable a local malicious application to access data outside of its calculated 0627 permission levels. This issue is rated as Moderate because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 33300353 .
https://www.uscert.gov/ncas/bulletins/SB17135 6/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
google android The Android Apps Money Forward (prior to v7.18.0), Money Forward for 20170512 not yet CVE2016 The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior calculated 4839 to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money CONFIRM Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for MISC Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO JVN BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.
google android Product: Apache Cordova Android 5.2.2 and earlier. The application calls 20170509 not yet CVE2016 methods of the Log class. Messages passed to these methods (Log.v(), calculated 6799 Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular BID buffers on the device. By default, a maximum of four 16 KB rotated logs MLIST are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
google android The Android Apps Money Forward (prior to v7.18.0), Money Forward for 20170512 not yet CVE2016 The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior calculated 4838 to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money CONFIRM Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for MISC Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO JVN BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application.
google android An elevation of privilege vulnerability in the kernel Qualcomm power driver 20170512 not yet CVE2017 could enable a local malicious application to execute arbitrary code within calculated 0604 the context of the kernel. This issue is rated as Critical due to the CONFIRM possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A35392981. References: QCCR#826589.
google android Airwatch Inbox for Android contains a vulnerability that may allow a rooted 20170510 not yet CVE2017 device to decrypt the local data used by the application. Successful calculated 4896 exploitation of this issue may result in an unauthorized disclosure of BID confidential data. CONFIRM
google android In function msm_pcm_playback_close() in all Android releases from CAF 20170512 not yet CVE2017 using the Linux kernel, prtd is assigned substream>runtime calculated 8246 >private_data. Later, prtd is freed. However, prtd is not sanitized and set CONFIRM to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream>runtime>private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.
google android An elevation of privilege vulnerability in the kernel trace subsystem could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0605 context of the kernel. This issue is rated as Critical due to the possibility CONFIRM of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 35399704 . References: QCCR# 1048480 .
google android An elevation of privilege vulnerability in the Qualcomm sound driver could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0607 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID: A 35400551 . References: QCCR# 1085928 .
google android A denial of service vulnerability in libstagefright in Mediaserver could 20170512 not yet CVE2017 enable an attacker to use a specially crafted file to cause a device hang or calculated 0603 reboot. This issue is rated as Moderate because it requires an uncommon CONFIRM device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, CONFIRM 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 35763994 .
google android A remote denial of service vulnerability in libstagefright in Mediaserver 20170512 not yet CVE2017 could enable an attacker to use a specially crafted file to cause a device calculated 0600 hang or reboot. This issue is rated as High severity due to the possibility CONFIRM of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, CONFIRM 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 35269635 .
https://www.uscert.gov/ncas/bulletins/SB17135 7/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
google android In all Android releases from CAF using the Linux kernel, while processing 20170512 not yet CVE2017 a voice SVC request which is nonstandard by specifying a payload size calculated 8245 that will overflow its own declared size, an out of bounds memory copy CONFIRM occurs.
google android A remote denial of service vulnerability in libhevc in Mediaserver could 20170512 not yet CVE2017 enable an attacker to use a specially crafted file to cause a device hang or calculated 0599 reboot. This issue is rated as High severity due to the possibility of remote CONFIRM denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. CONFIRM Android ID: A 34672748 .
google android An information disclosure vulnerability in the Framework APIs could 20170512 not yet CVE2017 enable a local malicious application to bypass operating system calculated 0598 protections that isolate application data from other applications. This issue CONFIRM is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 34128677 .
google android An information disclosure vulnerability in Bluetooth could allow a local 20170512 not yet CVE2017 malicious application to bypass operating system protections that isolate calculated 0602 application data from other applications. This issue is rated as Moderate CONFIRM due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 34946955 .
google android An Elevation of Privilege vulnerability in Bluetooth could potentially enable 20170512 not yet CVE2017 a local malicious application to accept harmful files shared via bluetooth calculated 0601 without user permission. This issue is rated as Moderate due to local CONFIRM bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A 35258579 .
google android An elevation of privilege vulnerability in 20170512 not yet CVE2017 codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver calculated 0594 could enable a local malicious application to execute arbitrary code within CONFIRM the context of a privileged process. This issue is rated as High because it CONFIRM could be used to gain local access to elevated capabilities, which are not normally accessible to a thirdparty application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 34617444 .
google android An elevation of privilege vulnerability in libstagefright in Mediaserver could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0596 context of a privileged process. This issue is rated as High because it CONFIRM could be used to gain local access to elevated capabilities, which are not CONFIRM normally accessible to a thirdparty application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A 34749392 .
google android An elevation of privilege vulnerability in libstagefright in Mediaserver could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0595 context of a privileged process. This issue is rated as High because it CONFIRM could be used to gain local access to elevated capabilities, which are not CONFIRM normally accessible to a thirdparty application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A 34705519 .
google android A remote code execution vulnerability in libavc in Mediaserver could 20170512 not yet CVE2017 enable an attacker using a specially crafted file to cause memory calculated 0591 corruption during media file and data processing. This issue is rated as CONFIRM Critical due to the possibility of remote code execution within the context CONFIRM of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 34097672 .
google android An elevation of privilege vulnerability in the Framework APIs could enable 20170512 not yet CVE2017 a local malicious application to obtain access to custom permissions. This calculated 0593 issue is rated as High because it is a general bypass for operating system CONFIRM protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 34114230 .
google android A remote code execution vulnerability in id3/ID3.cpp in libstagefright in 20170512 not yet CVE2017 Mediaserver could enable an attacker using a specially crafted file to calculated 0588 cause memory corruption during media file and data processing. This CONFIRM issue is rated as Critical due to the possibility of remote code execution CONFIRM within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 34618607 .
google android A remote code execution vulnerability in FLACExtractor.cpp in 20170512 not yet CVE2017 libstagefright in Mediaserver could enable an attacker using a specially calculated 0592 crafted file to cause memory corruption during media file and data CONFIRM processing. This issue is rated as Critical due to the possibility of remote CONFIRM code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 34970788 .
https://www.uscert.gov/ncas/bulletins/SB17135 8/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
google android A remote code execution vulnerability in libhevc in Mediaserver could 20170512 not yet CVE2017 enable an attacker using a specially crafted file to cause memory calculated 0590 corruption during media file and data processing. This issue is rated as CONFIRM Critical due to the possibility of remote code execution within the context CONFIRM of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 35039946 .
google android An elevation of privilege vulnerability in Audioserver could enable a local 20170512 not yet CVE2017 malicious application to execute arbitrary code within the context of a calculated 0597 privileged process. This issue is rated as High because it could be used to CONFIRM gain local access to elevated capabilities, which are not normally accessible to a thirdparty application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 34749571 .
google android A remote code execution vulnerability in libhevc in Mediaserver could 20170512 not yet CVE2017 enable an attacker using a specially crafted file to cause memory calculated 0589 corruption during media file and data processing. This issue is rated as CONFIRM Critical due to the possibility of remote code execution within the context CONFIRM of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 34897036 .
google android A remote code execution vulnerability in libmpeg2 in Mediaserver could 20170512 not yet CVE2017 enable an attacker using a specially crafted file to cause memory calculated 0587 corruption during media file and data processing. This issue is rated as CONFIRM Critical due to the possibility of remote code execution within the context CONFIRM of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A 35219737 .
google android Airwatch Agent for Android contains a vulnerability that may allow a 20170510 not yet CVE2017 device to bypass root detection. Successful exploitation of this issue may calculated 4895 result in an enrolled device having unrestricted access over local Airwatch BID security controls and data. CONFIRM
google android In core_info_read and inst_info_read in all Android releases from CAF 20170512 not yet CVE2017 using the Linux kernel, variable "dbg_buf", "dbg_buf>curr" and "dbg_buf calculated 8244 >filled_size" could be modified by different threads at the same time, but CONFIRM they are not protected with mutex or locks. Buffer overflow is possible on race conditions. "buffer>curr" itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write).
google android An information disclosure vulnerability in FileBased Encryption could 20170512 not yet CVE2017 enable a local malicious attacker to bypass operating system protections calculated 0493 for the lock screen. This issue is rated as Moderate due to the possibility CONFIRM of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A 32793550 .
h2o h2o H2O versions 2.0.3 and earlier and 2.1.0beta2 and earlier allows remote 20170512 not yet CVE2016 attackers to cause a denialofservice (DoS) via format string specifiers in calculated 4864 a template file via fastcgi, mruby, proxy, redirect or reproxy. CONFIRM JVN
hikvision ds2cd2xx2f_i A Password in Configuration File issue was discovered in Hikvision DS 20170505 not yet CVE2017 2CD2xx2FI Series V5.2.0 build 140721 to V5.4.0 build 160530, DS calculated 7923 2CD2xx0FI Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS MISC 2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS BID 2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS MISC 2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.
hikvision ds2cd2xx2f_i An Improper Authentication issue was discovered in Hikvision DS 20170505 not yet CVE2017 2CD2xx2FI Series V5.2.0 build 140721 to V5.4.0 build 160530, DS calculated 7921 2CD2xx0FI Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS MISC 2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS BID 2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS MISC 2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
htc bootloader An elevation of privilege vulnerability in the HTC bootloader could enable a 20170512 not yet CVE2017 local malicious application to execute arbitrary code within the context of calculated 0623 the bootloader. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID: A 32512358 .
https://www.uscert.gov/ncas/bulletins/SB17135 9/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
ibmtivolistoragemanager IBM Tivoli Storage Manager 5.5, 6.16.4, and 7.1 stores password 20170505 not yet CVE2016 ibm_tivoli_storage_manager information in a log file that could be read by a local user when a set calculated 8916 password command is issued. IBM XForce ID: 118472. CONFIRM BID
ibm cognos_analytics IBM Cognos Analytics 11.0 is vulnerable to crosssite scripting. This 20170510 not yet CVE2016 vulnerability allows users to embed arbitrary JavaScript code in the Web calculated 3032 UI thus altering the intended functionality potentially leading to credentials CONFIRM disclosure within a trusted session. IBM XForce ID: 114516.
ibm interact IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to crosssite scripting. 20170510 not yet CVE2016 This vulnerability allows users to embed arbitrary JavaScript code in the calculated 5888 Web UI thus altering the intended functionality potentially leading to CONFIRM credentials disclosure within a trusted session. IBM XForce ID: 115084.
ibm interact IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to crosssite request 20170510 not yet CVE2016 forgery which could allow an attacker to execute malicious and calculated 5889 unauthorized actions transmitted from a user that the website trusts. IBM CONFIRM XForce ID: 115085.
ibm rational_quality_manager IBM Rational Quality Manager is vulnerable to crosssite scripting. This 20170510 not yet CVE2016 vulnerability allows users to embed arbitrary JavaScript code in the Web calculated 6035 UI thus altering the intended functionality potentially leading to credentials CONFIRM disclosure within a trusted session. IBM XForce ID: 116896.
ibm rational_team_concert IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A 20170510 not yet CVE2016 remote attacker with project administrator privileges could send a project calculated 6037 that contains malicious HTML code, which when the project is viewed, CONFIRM would be executed in the victim's Web browser within the security context of the hosting site. IBM XForce ID: 116918.
ibm team_concert IBM Team Concert (RTC) is vulnerable to a denial of service, caused by 20170510 not yet CVE2017 an XML External Entity Injection (XXE) error when processing XML data. calculated 1103 A remote attacker could exploit this vulnerability to expose highly CONFIRM sensitive information or consume all available memory resources. IBM X Force ID: 120665.
ibm websphere_application_server IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker 20170510 not yet CVE2017 than expected security. A remote attacker could exploit this weakness to calculated 1137 obtain sensitive information and gain unauthorized access to the admin CONFIRM console. IBM XForce ID: 121549.
ibm websphere_portal IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to 20170505 not yet CVE2017 conduct phishing attacks, using an open redirect attack. By persuading a calculated 1156 victim to visit a speciallycrafted Web site, a remote attacker could exploit CONFIRM this vulnerability to spoof the URL displayed to redirect a user to a BID malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM XForce. ID: 122592
installer Untrusted search path vulnerability in Installer for PrimeDrive Desktop 20170512 not yet CVE2017 primedrive_desktop_application Application version 1.4.4 and earlier allows remote attackers to execute calculated 2167 arbitrary code via a specially crafted executable file in an unspecified MISC directory. JVN
invisionpowerservices Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a 20170511 not yet CVE2017 community_suite composite of Stored XSS and Information Disclosure issues in the calculated 8899 attachments feature found in User CP. This can be triggered by any MISC Invision Power Board user and can be used to gain access to MISC moderator/admin accounts. The primary cause is the ability to upload an MISC SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.
invisionpowerservices Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has 20170511 not yet CVE2017 community_suite stored XSS in the Announcements, allowing privilege escalation from an calculated 8898 Invision Power Board moderator to an admin. An attack uses the MISC announce_content parameter in an MISC index.php?/modcp/announcements/&action=create request. This is related MISC to the "<> Source" option.
invisionpowerservices Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has 20170511 not yet CVE2017 community_suite preauth reflected XSS in the IPS UTF8 Converter v1.1.18: calculated 8897 admin/convertutf8/index.php?controller= is the attack vector. This UTF8 MISC Converter vulnerability can easily be used to make a malicious MISC announcement affecting any Invision Power Board user who views the MISC announcement.
keycloak node_js_adapter It was found that the Keycloak Node.js adapter 2.5 3.0 did not handle 20170512 not yet CVE2017 invalid tokens correctly. An attacker could use this flaw to bypass calculated 7474 authentication and gain access to restricted information, or to possibly CONFIRM conduct further attacks.
https://www.uscert.gov/ncas/bulletins/SB17135 10/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
libetpan mime_handling_component A null dereference vulnerability has been found in the MIME handling 20170508 not yet CVE2017 component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A calculated 8825 crash can occur in lowlevel/imf/mailimf.c during a failed parse of a Cc CONFIRM header containing multiple email addresses. CONFIRM CONFIRM
libtiff The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in 20170510 not yet CVE2016 tiffwritedirectorytagcheckedrational LibTIFF 4.0.6 allows remote attackers to cause a denial of service calculated 10371 (assertion failure and application exit) via a crafted TIFF file. CONFIRM CONFIRM
libxml2 html_parser_c The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 20170510 not yet CVE2017 allows attackers to cause a denial of service (buffer overread) or calculated 8872 information disclosure. MISC
libzpaq bufread::get()_function The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 20170508 not yet CVE2017 allows remote attackers to cause a denial of service (dividebyzero error calculated 8842 and application crash) via a crafted archive. MISC MISC
libzpaq bufread::get()_function The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 20170508 not yet CVE2017 allows remote attackers to cause a denial of service (NULL pointer calculated 8847 dereference and application crash) via a crafted archive. MISC MISC
libzpaq join_pthread_function The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows 20170508 not yet CVE2017 remote attackers to cause a denial of service (NULL pointer dereference calculated 8843 and application crash) via a crafted archive. MISC MISC
libzrip read_1g The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote 20170508 not yet CVE2017 attackers to cause a denial of service (heapbased buffer overflow and calculated 8844 application crash) or possibly have unspecified other impact via a crafted MISC archive. MISC
lintian lintian Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to 20170508 not yet CVE2017 trigger code execution by requesting a review of a source package with a calculated 8829 crafted YAML file. CONFIRM
linux kernel The omninet_open function in drivers/usb/serial/omninet.c in the Linux 20170512 not yet CVE2017 kernel before 4.10.4 allows local users to cause a denial of service (tty calculated 8925 exhaustion) by leveraging reference count mishandling. CONFIRM CONFIRM CONFIRM
linux kernel The KEYS subsystem in the Linux kernel before 4.10.13 allows local 20170511 not yet CVE2017 users to cause a denial of service (memory consumption) via a series of calculated 7472 KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring CONFIRM calls. CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
linux kernel The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in 20170510 not yet CVE2017 the Linux kernel through 4.10.15 allows attackers to cause a denial of calculated 8890 service (double free) or possibly have unspecified other impact by CONFIRM leveraging use of the accept system call. CONFIRM
linux kernel The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the 20170512 not yet CVE2017 Linux kernel before 4.10.4 allows local users to obtain sensitive calculated 8924 information (in the dmesg ringbuffer and syslog) from uninitialized kernel CONFIRM memory by using a crafted USB device (posing as an io_ti USB serial CONFIRM device) to trigger an integer underflow. CONFIRM
lzolx_d_ch lzolx_decompress The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in 20170508 not yet CVE2017 lrzip 0.631, allows remote attackers to cause a denial of service (invalid calculated 8845 memory read and application crash) via a crafted archive. MISC MISC
mautic mautic Multiple crosssite request forgery (CSRF) vulnerabilities in Mautic 1.4.1 20170510 not yet CVE2017 allow remote attackers to hijack the authentication of users for requests calculated 8874 that (1) delete email campaigns or (2) delete contacts. MISC
mediatek camera_driver An elevation of privilege vulnerability in the Qualcomm camera driver 20170512 not yet CVE2017 could enable a local malicious application to execute arbitrary code within calculated 0621 the context of the kernel. This issue is rated as High because it first CONFIRM requires compromising a privileged process. Product: Android. Versions: Kernel3.10. Android ID: A35399703. References: QCCR#831322.
https://www.uscert.gov/ncas/bulletins/SB17135 11/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
mediatek command_queue_driver An elevation of privilege vulnerability in the MediaTek command queue 20170512 not yet CVE2017 driver could enable a local malicious application to execute arbitrary code calculated 0618 within the context of the kernel. This issue is rated as High because it first CONFIRM requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A 35100728 . References: MALPS 03161536 .
mediatek pin_controller_driver An elevation of privilege vulnerability in the Qualcomm pin controller driver 20170512 not yet CVE2017 could enable a local malicious application to execute arbitrary code within calculated 0619 the context of the kernel. This issue is rated as High because it first CONFIRM requires compromising a privileged process. Product: Android. Versions: Kernel3.10. Android ID: A35401152. References: QCCR#826566.
mediatek power_driver An elevation of privilege vulnerability in the MediaTek power driver could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0615 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: N/A. Android ID: A 34259126 . References: MALPS 03150278 .
mediatek system_management An elevation of privilege vulnerability in the MediaTek system 20170512 not yet CVE2017 management interrupt driver could enable a local malicious application to calculated 0616 execute arbitrary code within the context of the kernel. This issue is rated CONFIRM as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A 34470286 . References: MALPS 03149160 .
mediatek video_driver An elevation of privilege vulnerability in the MediaTek video driver could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0617 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: N/A. Android ID: A 34471002 . References: MALPS 03149173 .
mediatek command_queue_driver An information disclosure vulnerability in the MediaTek command queue 20170512 not yet CVE2017 driver could enable a local malicious application to access data outside of calculated 0625 its permission levels. This issue is rated as High because it could be used CONFIRM to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A 35142799 . References: MALPS 03161531 .
mediatek thermal_driver An elevation of privilege vulnerability in the MediaTek thermal driver could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10280 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: N/A. Android ID: A 28175767 . References: MALPS 02696445 .
mediatek thermal_driver An elevation of privilege vulnerability in the MediaTek thermal driver could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10281 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: N/A. Android ID: A 28175647 . References: MALPS 02696475 .
mediatek thermal_driver An elevation of privilege vulnerability in the MediaTek thermal driver could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10282 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: N/A. Android ID: A 33939045 . References: MALPS 03149189 .
mediatek touchscreen An elevation of privilege vulnerability in the MediaTek touchscreen driver 20170512 not yet CVE2016 could enable a local malicious application to execute arbitrary code within calculated 10274 the context of the kernel. This issue is rated as Critical due to the CONFIRM possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A 30202412 . References: MALPS 02897901 .
microsoft .net_framework Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 20170512 not yet CVE2017 allow an attacker to bypass Enhanced Security Usage taggings when they calculated 0248 present a certificate that is invalid for a specific use, aka ".NET Security CONFIRM Feature Bypass Vulnerability."
microsoft activex An information disclosure vulnerability exists in the way some ActiveX 20170512 not yet CVE2017 objects are instantiated, aka "Microsoft ActiveX Information Disclosure calculated 0242 Vulnerability." CONFIRM
microsoft asp_net A denial of service vulnerability exists when the ASP.NET Core fails to 20170512 not yet CVE2017 properly validate web requests. calculated 0247 MISC
microsoft asp_net A spoofing vulnerability exists when the ASP.NET Core fails to properly 20170512 not yet CVE2017 sanitize web requests. calculated 0256 MISC
https://www.uscert.gov/ncas/bulletins/SB17135 12/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
microsoft asp_net An elevation of privilege vulnerability exists when the ASP.NET Core fails 20170512 not yet CVE2017 to properly sanitize web requests. calculated 0249 MISC
microsoft browsers A spoofing vulnerability exists when Microsoft browsers render 20170512 not yet CVE2017 SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability." calculated 0231 CONFIRM
microsoft edge A remote code execution vulnerability exists in Microsoft Edge in the way 20170512 not yet CVE2017 that the Chakra JavaScript engine renders when handling objects in calculated 0235 memory, aka "Scripting Engine Memory Corruption Vulnerability." This CONFIRM CVE ID is unique from CVE 20170224 , CVE 20170228 , CVE 2017 0229 , CVE 20170230 , CVE 20170234 , CVE 20170236 , and CVE 20170238 .
microsoft edge A vulnerability exists when Microsoft Edge improperly accesses objects in 20170512 not yet CVE2017 memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE calculated 0221 ID is unique from CVE 20170227 and CVE 20170240 . CONFIRM
microsoft edge A remote code execution vulnerability exists in Microsoft Edge in the way 20170512 not yet CVE2017 that the Chakra JavaScript engine renders when handling objects in calculated 0234 memory, aka "Scripting Engine Memory Corruption Vulnerability." This CONFIRM CVE ID is unique from CVE 20170224 , CVE 20170228 , CVE 2017 0229 , CVE 20170230 , CVE 20170235 , CVE 20170236 , and CVE 20170238 .
microsoft edge A remote code execution vulnerability exists in Microsoft Edge in the way 20170512 not yet CVE2017 that the Chakra JavaScript engine renders when handling objects in calculated 0236 memory, aka "Scripting Engine Memory Corruption Vulnerability." This CONFIRM CVE ID is unique from CVE 20170224 , CVE 20170228 , CVE 2017 0229 , CVE 20170230 , CVE 20170234 , CVE 20170235 , and CVE 20170238 .
microsoft edge An elevation of privilege vulnerability exists when Microsoft Edge renders 20170512 not yet CVE2017 a domainless page in the URL, which could allow Microsoft Edge to calculated 0241 perform actions in the context of the Intranet Zone and access CONFIRM functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE 20170233 .
microsoft edge An elevation of privilege vulnerability exists in Microsoft Edge that could 20170512 not yet CVE2017 allow an attacker to escape from the AppContainer sandbox in the calculated 0233 browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CONFIRM CVE ID is unique from CVE 20170241 .
microsoft edge A remote code execution vulnerability exists in Microsoft Edge in the way 20170512 not yet CVE2017 JavaScript engines render when handling objects in memory, aka calculated 0230 "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique CONFIRM from CVE 20170224 , CVE 20170228 , CVE 20170229 , CVE 2017 0234 , CVE 20170235 , CVE 20170236 , and CVE 20170238 .
microsoft edge A remote code execution vulnerability exists in Microsoft Edge in the way 20170512 not yet CVE2017 JavaScript engines render when handling objects in memory, aka calculated 0229 "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique CONFIRM from CVE 20170224 , CVE 20170228 , CVE 20170230 , CVE 2017 0234 , CVE 20170235 , CVE 20170236 , and CVE 20170238 .
microsoft edge A remote code execution vulnerability exists in Microsoft Edge in the way 20170512 not yet CVE2017 affected Microsoft scripting engines render when handling objects in calculated 0266 memory, aka "Microsoft Edge Remote Code Execution Vulnerability." CONFIRM
microsoft edge A remote code execution vulnerability exists in Microsoft Edge in the way 20170512 not yet CVE2017 affected Microsoft scripting engines render when handling objects in calculated 0240 memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE CONFIRM ID is unique from CVE 20170221 and CVE 20170227 .
microsoft edge A remote code execution vulnerability exists in Microsoft Edge in the way 20170512 not yet CVE2017 affected Microsoft scripting engines render when handling objects in calculated 0227 memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE CONFIRM ID is unique from CVE 20170221 and CVE 20170240 .
microsoft explorer A security feature bypass vulnerability exists in Internet Explorer that 20170512 not yet CVE2017 allows for bypassing Mixed Content warnings, aka "Internet Explorer calculated 0064 Security Feature Bypass Vulnerability." CONFIRM
microsoft explorer A remote code execution vulnerability exists when Internet Explorer 20170512 not yet CVE2017 improperly accesses objects in memory, aka "Internet Explorer Memory calculated 0222 Corruption Vulnerability." This CVE ID is unique from CVE 20170226 . CONFIRM
microsoft explorer A remote code execution vulnerability exists when Internet Explorer 20170512 not yet CVE2017 improperly accesses objects in memory, aka "Internet Explorer Memory calculated 0226 Corruption Vulnerability." This CVE ID is unique from CVE 20170222 . CONFIRM https://www.uscert.gov/ncas/bulletins/SB17135 13/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
microsoft javascript_engines A remote code execution vulnerability exists in the way JavaScript 20170512 not yet CVE2017 engines render when handling objects in memory in Microsoft Edge, aka calculated 0224 "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique CONFIRM from CVE 20170228 , CVE 20170229 , CVE 20170230 , CVE 2017 0234 , CVE 20170235 , CVE 20170236 , and CVE 20170238 .
microsoft javascript_engines A remote code execution vulnerability exists in Microsoft browsers in the 20170512 not yet CVE2017 way JavaScript engines render when handling objects in memory, aka calculated 0228 "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique CONFIRM from CVE 20170224 , CVE 20170229 , CVE 20170230 , CVE 2017 0234 , CVE 20170235 , CVE 20170236 , and CVE 20170238 .
microsoft javascript_engines A remote code execution vulnerability exists in Microsoft browsers in the 20170512 not yet CVE2017 way JavaScript scripting engines handle objects in memory, aka calculated 0238 "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique CONFIRM from CVE 20170224 , CVE 20170228 , CVE 20170229 , CVE 2017 0230 , CVE 20170234 , CVE 20170235 , and CVE 20170236 .
microsoft malware_protection_engine The Microsoft Malware Protection Engine running on Microsoft Forefront 20170509 not yet CVE2017 and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 calculated 0290 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, BID Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows MISC Server 2016 does not properly scan a specially crafted file leading to MISC memory corruption, aka "Microsoft Malware Protection Engine Remote CONFIRM Code Execution Vulnerability." CONFIRM MISC
microsoft nvidia_gpu_display_driver All versions of the NVIDIA GPU Display Driver contain a vulnerability in 20170509 not yet CVE2017 the kernel mode layer handler where a NULL pointer dereference caused calculated 0351 by invalid user input may lead to denial of service or potential escalation CONFIRM of privileges.
microsoft nvidia_gpu_display_driver All versions of the NVIDIA GPU Display Driver contain a vulnerability in 20170509 not yet CVE2017 the GPU firmware where incorrect access control may allow CPU access calculated 0352 sensitive GPU control registers, leading to an escalation of privileges CONFIRM
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a calculated 0348 NULL pointer dereference may lead to denial of service or potential CONFIRM escalation of privileges.
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer (nvlddmkm.sys) handler for calculated 0347 DxgkDdiEscape where a value passed from a user to the driver is not CONFIRM correctly validated and used as the index to an array, which may lead to denial of service or potential escalation of privileges.
microsoft nvidia_gpu_display_driver All versions of the NVIDIA GPU Display Driver contain a vulnerability in 20170509 not yet CVE2017 the kernel mode layer handler where a value passed from a user to the calculated 0350 driver is not correctly validated and used in an offset calculation may lead CONFIRM to denial of service or potential escalation of privileges.
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer handler for DxgkDdiEscape where it calculated 0355 may access paged memory while holding a spinlock, leading to a denial of CONFIRM service.
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer (nvlddmkm.sys) handler for calculated 0349 DxgkDdiEscape where a pointer passed from a user to the driver is not CONFIRM correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges.
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer (nvlddmkm.sys) handler for calculated 0345 DxgDdiEscape where user provided input used as an array size is not CONFIRM correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privileges
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer (nvlddmkm.sys) where user can calculated 0343 trigger a race condition due to lack of synchronization in two functions CONFIRM leading to a denial of service or potential escalation of privileges.
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer (nvlddmkm.sys) handler for calculated 0344 DxgDdiEscape may allow users to gain access to arbitrary physical CONFIRM memory, leading to escalation of privileges.
https://www.uscert.gov/ncas/bulletins/SB17135 14/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer (nvlddmkm.sys) handler for calculated 0346 DxgkDdiEscape where the size of an input buffer is not validated, leading CONFIRM to denial of service or potential escalation of privileges.
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer handler for DxgkDdiEscape where a calculated 0354 call to certain function requiring lower IRQL can be made under raised CONFIRM IRQL which may lead to a denial of service.
microsoft nvidia_gpu_display_driver All versions of the NVIDIA GPU Display Driver contain a vulnerability in 20170509 not yet CVE2017 the kernel mode layer handler for DxgDdiEscape where due to improper calculated 0353 locking on certain conditions may lead to a denial of service CONFIRM
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer (nvlddmkm.sys) handler where calculated 0342 incorrect calculation may cause an invalid address access leading to CONFIRM denial of service or potential escalation of privileges.
microsoft nvidia_gpu_display_driver All versions of the NVIDIA Windows GPU Display Driver contain a 20170509 not yet CVE2017 vulnerability in the kernel mode layer (nvlddmkm.sys) handler for calculated 0341 DxgDdiEscape where user provided input can trigger an access to a CONFIRM pointer that has not been initialized which may lead to denial of service or potential escalation of privileges.
microsoft office Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 20170512 not yet CVE2017 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web calculated 0281 Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server CONFIRM 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE 2017 0261 and CVE 20170262 .
microsoft office Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a 20170512 not yet CVE2017 remote code execution vulnerability when the software fails to properly calculated 0261 handle objects in memory, aka "Office Remote Code Execution CONFIRM Vulnerability". This CVE ID is unique from CVE 20170262 and CVE 20170281 .
microsoft office Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a 20170512 not yet CVE2017 remote code execution vulnerability when the software fails to properly calculated 0262 handle objects in memory, aka "Office Remote Code Execution CONFIRM Vulnerability". This CVE ID is unique from CVE 20170261 and CVE 20170281 .
microsoft powerpoint_mac Microsoft PowerPoint for Mac 2011 allows a remote code execution 20170512 not yet CVE2017 vulnerability when the software fails to properly handle objects in memory, calculated 0264 aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is CONFIRM unique from CVE 20170254 and CVE 20170265 .
microsoft powerpoint_mac Microsoft PowerPoint for Mac 2011 allows a remote code execution 20170512 not yet CVE2017 vulnerability when the software fails to properly handle objects in memory, calculated 0265 aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is CONFIRM unique from CVE 20170254 and CVE 20170264 .
microsoft server_message_block The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service 20170512 not yet CVE2017 when an attacker sends specially crafted requests to the server, aka calculated 0280 "Windows SMB Denial of Service Vulnerability". This CVE ID is unique CONFIRM from CVE 20170269 and CVE 20170273 .
microsoft server_message_block The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft 20170512 not yet CVE2017 Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, calculated 0278 Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, CONFIRM 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE 20170272 , CVE 20170277 , and CVE 20170279 .
microsoft server_message_block The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft 20170512 not yet CVE2017 Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, calculated 0277 Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, CONFIRM 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE 20170272 , CVE 20170278 , and CVE 20170279 .
https://www.uscert.gov/ncas/bulletins/SB17135 15/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
microsoft server_message_block Microsoft Server Message Block 1.0 (SMBv1) allows an information 20170512 not yet CVE2017 disclosure vulnerability in the way that Microsoft Windows Server 2008 calculated 0275 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 CONFIRM Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE 20170267 , CVE 20170268 , CVE 20170270 , CVE 20170271 , CVE 20170274 , and CVE 20170276 .
microsoft server_message_block Microsoft Server Message Block 1.0 (SMBv1) allows an information 20170512 not yet CVE2017 disclosure vulnerability in the way that Microsoft Windows Server 2008 calculated 0274 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 CONFIRM Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE 20170267 , CVE 20170268 , CVE 20170270 , CVE 20170271 , CVE 20170275 , and CVE 20170276 .
microsoft server_message_block The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft 20170512 not yet CVE2017 Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, calculated 0279 Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, CONFIRM 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE 20170272 , CVE 20170277 , and CVE 20170278 .
microsoft server_message_block Microsoft Server Message Block 1.0 (SMBv1) allows an information 20170512 not yet CVE2017 disclosure vulnerability in the way that Microsoft Windows Server 2008 calculated 0276 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 CONFIRM Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE 20170267 , CVE 20170268 , CVE 20170270 , CVE 20170271 , CVE 20170274 , and CVE 20170275 .
microsoft server_message_block The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft 20170512 not yet CVE2017 Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, calculated 0272 Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, CONFIRM 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE 20170277 , CVE 20170278 , and CVE 20170279 .
microsoft server_message_block The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service 20170512 not yet CVE2017 when an attacker sends specially crafted requests to the server, aka calculated 0269 "Windows SMB Denial of Service Vulnerability". This CVE ID is unique CONFIRM from CVE 20170273 and CVE 20170280 .
microsoft server_message_block Microsoft Server Message Block 1.0 (SMBv1) allows an information 20170512 not yet CVE2017 disclosure vulnerability in the way that Microsoft Windows Server 2008 calculated 0268 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 CONFIRM Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE 20170267 , CVE 20170270 , CVE 20170271 , CVE 20170274 , CVE 20170275 , and CVE 20170276 .
microsoft server_message_block The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service 20170512 not yet CVE2017 when an attacker sends specially crafted requests to the server, aka calculated 0273 "Windows SMB Denial of Service Vulnerability". This CVE ID is unique CONFIRM from CVE 20170269 and CVE 20170280 .
microsoft server_message_block Microsoft Server Message Block 1.0 (SMBv1) allows an information 20170512 not yet CVE2017 disclosure vulnerability in the way that Microsoft Windows Server 2008 calculated 0270 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 CONFIRM Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE 20170267 , CVE 20170268 , CVE 20170271 , CVE 20170274 , CVE 20170275 , and CVE 20170276 .
microsoft server_message_block Microsoft Server Message Block 1.0 (SMBv1) allows an information 20170512 not yet CVE2017 disclosure vulnerability in the way that Microsoft Windows Server 2008 calculated 0271 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 CONFIRM Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE 20170267 , CVE 20170268 , CVE 20170270 , CVE 20170274 , CVE 20170275 , and CVE 20170276 .
https://www.uscert.gov/ncas/bulletins/SB17135 16/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
microsoft server_message_block Microsoft Server Message Block 1.0 (SMBv1) allows an information 20170512 not yet CVE2017 disclosure vulnerability in the way that Microsoft Windows Server 2008 calculated 0267 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 CONFIRM Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE 20170268 , CVE 20170270 , CVE 20170271 , CVE 20170274 , CVE 20170275 , and CVE 20170276 .
microsoft server The kernelmode drivers in Windows Server 2008 SP2 and R2 SP1, 20170512 not yet CVE2017 Windows 7 SP1 and Windows Server 2012 Gold allow a local calculated 0245 authenticated attacker to execute a specially crafted application to obtain CONFIRM kernel information, aka "Win32k Information Disclosure Vulnerability."
microsoft server The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 20170512 not yet CVE2017 SP1 allows locally authenticated attackers to gain privileges via a crafted calculated 0244 application, or in Windows 7 for x64based systems, cause denial of CONFIRM service, aka "Windows Kernel Elevation of Privilege Vulnerability."
microsoft server The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, 20170512 not yet CVE2017 Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows calculated 0259 Server 2016 allows authenticated attackers to obtain sensitive information CONFIRM via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE 20170175 , CVE 20170220 , and CVE 20170258 .
microsoft server The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, 20170512 not yet CVE2017 Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, calculated 0258 Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows CONFIRM Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE 20170175 , CVE 20170220 , and CVE 20170259 .
microsoft server The Graphics Component in the kernelmode drivers in Windows Server 20170512 not yet CVE2017 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server calculated 0246 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, CONFIRM and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability."
microsoft sharepoint_foundation Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege 20170512 not yet CVE2017 vulnerability when it does not properly sanitize a specially crafted web calculated 0255 request, aka "Microsoft SharePoint XSS Vulnerability". CONFIRM
microsoft Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 20170512 not yet CVE2017 windows_com_aggregate_marshaler SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 calculated 0213 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, CONFIRM and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE 20170214 .
microsoft windows_hyper_v Windows HyperV allows an elevation of privilege vulnerability when 20170512 not yet CVE2017 Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server calculated 0212 2016 fail to properly validate vSMB packet data, aka "Windows HyperV CONFIRM vSMB Elevation of Privilege Vulnerability".
microsoft windows_server The kernelmode drivers in Microsoft Windows Server 2008 SP2 and R2 20170512 not yet CVE2017 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, calculated 0263 Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows CONFIRM Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
microsoft windows_server Windows DNS Server allows a denial of service vulnerability when 20170512 not yet CVE2017 Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 calculated 0171 Gold and R2, and Windows Server 2016 are configured to answer version CONFIRM queries, aka "Windows DNS Server Denial of Service Vulnerability".
microsoft windows_server The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and 20170512 not yet CVE2017 Windows 7 SP1 allows authenticated attackers to obtain sensitive calculated 0175 information via a specially crafted document, aka "Windows Kernel CONFIRM Information Disclosure Vulnerability," a different vulnerability than CVE 20170220 , CVE 20170258 , and CVE 20170259 .
microsoft windows_server The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, 20170512 not yet CVE2017 Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, calculated 0190 Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server CONFIRM 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."
https://www.uscert.gov/ncas/bulletins/SB17135 17/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
microsoft windows_server Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, 20170512 not yet CVE2017 Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, calculated 0214 Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows CONFIRM Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE 20170213 .
microsoft windows_server The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 20170512 not yet CVE2017 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to calculated 0220 obtain sensitive information via a specially crafted document, aka CONFIRM "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE 20170175 , CVE 20170258 , and CVE 2017 0259 .
microsoft windows_server The kernelmode drivers in Windows Server 2008 SP2 and R2 SP1, 20170512 not yet CVE2017 Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, calculated 0077 Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows CONFIRM Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka "Win32k Information Disclosure Vulnerability."
microsoft windows_vista Untrusted search path vulnerability in installers for The Public Certification 20170512 not yet CVE2017 Service for Individuals "The JPKI user's software (for Windows 7 and calculated 2157 later)" Ver3.1 and earlier, The Public Certification Service for Individuals JVN "The JPKI user's software (for Windows Vista)", The Public Certification MISC Service for Individuals "The JPKI user's software" Ver2.6 and earlier that were available until April 27, 2017 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
microsoft word Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office 20170512 not yet CVE2017 Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, calculated 0254 Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, CONFIRM Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE 20170264 and CVE 20170265 .
miniupnp miniupnpc Integer signedness error in MiniUPnP MiniUPnPc v 1.4.20101221 through 20170510 not yet CVE2017 v2.0 allows remote attackers to cause a denial of service or possibly have calculated 8798 unspecified other impact. MISC MISC
motorola bootloader An elevation of privilege vulnerability in the Motorola bootloader could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10277 context of the bootloader. This issue is rated as Critical due to the CONFIRM possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel3.10, Kernel3.18. Android ID: A 33840490 .
mozilla network_security_seervices Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 20170510 not yet CVE2017 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows calculated 5461 remote attackers to cause a denial of service (outofbounds write) or BID possibly have unspecified other impact by leveraging incorrect base64 CONFIRM operations. CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM
multicoreware planeclipandmax() An integer underflow vulnerability exists in pixela.asm, the x86 assembly 20170511 not yet CVE2017 code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used calculated 8906 by the x265_encoder_encode dependency in libbpg and other products. A MISC small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.
nessus nessus Crosssite scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 20170512 not yet CVE2017 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary calculated 2122 web script or HTML via unspecified vectors. JVN CONFIRM
netcloud server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an 20170508 not yet CVE2017 inadequate escaping of error messages leading to XSS vulnerabilities in calculated 0891 multiple components. MISC CONFIRM
https://www.uscert.gov/ncas/bulletins/SB17135 18/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
netcloud server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a 20170508 not yet CVE2017 vulnerable JavaScript library for sanitizing untrusted userinput which calculated 0893 suffered from a XSS vulnerability caused by a behaviour change in Safari MISC 10.1 and 10.2. Note that Nextcloud employs a strict ContentSecurity CONFIRM Policy preventing exploitation of this XSS issue on modern web browsers.
netcloud server Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of 20170508 not yet CVE2017 calendar and addressbook names to other loggedin users. Note that no calculated 0895 actual content of the calendar and addressbook has been disclosed. MISC CONFIRM
netcloud server Nextcloud Server before 11.0.3 is vulnerable to an improper session 20170508 not yet CVE2017 handling allowed an application specific password without permission to calculated 0892 the files access to the users file. MISC CONFIRM
netcloud server Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share 20170508 not yet CVE2017 tokens for public calendars due to a logical error. Thus granting an calculated 0894 attacker potentially access to publicly shared calendars without knowing MISC the share token. CONFIRM
netcloud server Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping 20170508 not yet CVE2017 leading to a XSS vulnerability in the search module. To be exploitable a calculated 0890 user has to write or paste malicious content into the search dialogue. MISC CONFIRM
oneplus one_x An issue was discovered on OnePlus One and X devices. Due to a lenient 20170511 not yet CVE2017 updaterscript on the OnePlus One and X OTA images, the fact that both calculated 8851 products use the same OTA verification keys, and the fact that both MISC products share the same 'ro.build.product' system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by ManintheMiddle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE 201610370 ). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA.
oneplus one_x An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due 20170511 not yet CVE2017 to a lenient updaterscript in the OnePlus OTA images, and the fact that calculated 8850 both ROMs use the same OTA verification keys, attackers can install MISC HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by ManintheMiddle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE 201610370 ). In addition, physical attackers can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Startup' must be off).
oneplus one_x An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. 20170511 not yet CVE2017 OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is calculated 5948 due to a lenient 'updaterscript' in OTAs that does not check that the MISC current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of nowpatched vulnerabilities with access to user data. This vulnerability can be exploited by a ManintheMiddle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE 201610370 ). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Startup' must be off).
oneplus ota_updater An issue was discovered on OnePlus devices such as the 3T. The 20170511 not yet CVE2016 OnePlus OTA Updater pushes the signedOTA image over HTTP without calculated 10370 TLS. While it does not allow for installation of arbitrary OTAs (due to the MISC digital signature), it unnecessarily increases the attack surface, and allows MISC for remote exploitation of other vulnerabilities such as CVE 20175948 , CVE 20178850 , and CVE 20178851 .
opentexttempobox Crosssite scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 20170510 not yet CVE2017 opentext_tempo_box allows remote attackers to inject arbitrary web script or HTML persistently calculated 8892 via the name of an uploaded image. MISC
panda mobile_security Acceptance of invalid/selfsigned TLS certificates in "Panda Mobile 20170505 not yet CVE2017 Security" 1.1 for iOS allows a maninthemiddle and/or physically calculated 8060 proximate attacker to silently intercept information sent during the login BID API call. MISC
https://www.uscert.gov/ncas/bulletins/SB17135 19/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
postgresql pgrequiressl In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, 20170512 not yet CVE2017 and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL calculated 7485 environment variable was no longer enforcing a SSL/TLS connection to a CONFIRM PostgreSQL server. An active ManintheMiddle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
postgresql postgresql PostgreSQL versions 8.4 9.6 are vulnerable to information leak in 20170512 not yet CVE2017 pg_user_mappings view which discloses foreign server passwords to any calculated 7486 user having USAGE privilege on the associated foreign server. CONFIRM
postgresql postgresql It was found that some selectivity estimation functions in PostgreSQL 20170512 not yet CVE2017 before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, calculated 7484 and 9.6.x before 9.6.3 did not check user privileges before providing CONFIRM information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
qualcomm sound_driver An elevation of privilege vulnerability in the Qualcomm sound driver could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0606 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 34088848 . References: QCCR# 1116015 .
qualcomm wi_fi_driver An elevation of privilege vulnerability in the Qualcomm WiFi driver could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10283 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 32094986 . References: QCCR# 2002052 .
qualcomm adsprpc_driver An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver 20170512 not yet CVE2017 could enable a local malicious application to execute arbitrary code within calculated 0465 the context of the kernel. This issue is rated as High because it first CONFIRM requires compromising a privileged process. Product: Android. Versions: Kernel3.10, Kernel3.18. Android ID: A 34112914 . References: QCCR# 1110747 .
qualcomm bootloader An elevation of privilege vulnerability in the Qualcomm bootloader could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10275 context of the kernel. This issue is rated as Critical due to the possibility CONFIRM of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A 34514954 . References: QCCR# 1009111 .
qualcomm bootloader An elevation of privilege vulnerability in the Qualcomm bootloader could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10276 context of the kernel. This issue is rated as Critical due to the possibility CONFIRM of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A 32952839 . References: QCCR# 1094105 .
qualcomm crypto_driver An elevation of privilege vulnerability in the Qualcomm crypto driver could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10289 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 33899710 . References: QCCR# 1116295 .
qualcomm led_driver An elevation of privilege vulnerability in the Qualcomm LED driver could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10288 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID: A 33863909 . References: QCCR# 1109763 .
qualcomm led_driver An information disclosure vulnerability in the Qualcomm LED driver could 20170512 not yet CVE2016 enable a local malicious application to access data outside of its calculated 10295 permission levels. This issue is rated as Moderate because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID: A 33781694 . References: QCCR# 1109326 .
qualcomm power_driver An information disclosure vulnerability in the Qualcomm power driver could 20170512 not yet CVE2016 enable a local malicious application to access data outside of its calculated 10294 permission levels. This issue is rated as Moderate because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 33621829 . References: QCCR# 1105481 .
https://www.uscert.gov/ncas/bulletins/SB17135 20/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
qualcomm secure_channel_manager An elevation of privilege vulnerability in the Qualcomm Secure Channel 20170512 not yet CVE2017 Manager driver could enable a local malicious application to execute calculated 0620 arbitrary code within the context of the kernel. This issue is rated as High CONFIRM because it first requires compromising a privileged process. Product: Android. Versions: Kernel3.10, Kernel3.18. Android ID: A 35401052 . References: QCCR# 1081711 .
qualcomm secure_execution An elevation of privilege vulnerability in the Qualcomm Secure Execution 20170512 not yet CVE2017 Environment Communicator driver could enable a local malicious calculated 0613 application to execute arbitrary code within the context of the kernel. This CONFIRM issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel3.10, Kernel3.18. Android ID: A 35400457 . References: QCCR# 1086140 .
qualcomm secure_execution An elevation of privilege vulnerability in the Qualcomm Secure Execution 20170512 not yet CVE2017 Environment Communicator driver could enable a local malicious calculated 0614 application to execute arbitrary code within the context of the kernel. This CONFIRM issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel3.10, Kernel3.18. Android ID: A 35399405 . References: QCCR# 1080290 .
qualcomm secure_execution An elevation of privilege vulnerability in the Qualcomm Secure Execution 20170512 not yet CVE2017 Environment Communicator driver could enable a local malicious calculated 0612 application to execute arbitrary code within the context of the kernel. This CONFIRM issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel3.18. Android ID: A 34389303 . References: QCCR# 1061845 .
qualcomm shared_memory_driver An information disclosure vulnerability in the Qualcomm shared memory 20170512 not yet CVE2016 driver could enable a local malicious application to access data outside of calculated 10296 its permission levels. This issue is rated as Moderate because it first CONFIRM requires compromising a privileged process. Product: Android. Versions: Kernel3.10, Kernel3.18. Android ID: A 33845464 . References: QCCR# 1109782 .
qualcomm shared_memory_driver An elevation of privilege vulnerability in the Qualcomm shared memory 20170512 not yet CVE2016 driver could enable a local malicious application to execute arbitrary code calculated 10290 within the context of the kernel. This issue is rated as High because it first CONFIRM requires compromising a privileged process. Product: Android. Versions: Kernel3.10, Kernel3.18. Android ID: A 33898330 . References: QCCR# 1109782 .
qualcomm slimbus_driver An elevation of privilege vulnerability in the Qualcomm Slimbus driver 20170512 not yet CVE2016 could enable a local malicious application to execute arbitrary code within calculated 10291 the context of the kernel. This issue is rated as High because it first CONFIRM requires compromising a privileged process. Product: Android. Versions: Kernel3.10. Android ID: A34030871. References: QCCR#986837.
qualcomm sounddriver An elevation of privilege vulnerability in the Qualcomm sound driver could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0609 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 35399801 . References: QCCR# 1090482 .
qualcomm sounddriver An elevation of privilege vulnerability in the Qualcomm sound driver could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0610 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 35399404 . References: QCCR# 1094852 .
qualcomm sounddriver An elevation of privilege vulnerability in the Qualcomm sound driver could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0611 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 35393841 . References: QCCR# 1084210 .
qualcomm sounddriver An elevation of privilege vulnerability in the Qualcomm sound driver could 20170512 not yet CVE2017 enable a local malicious application to execute arbitrary code within the calculated 0608 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 35400458 . References: QCCR# 1098363 .
qualcomm sound_codec_driver An information disclosure vulnerability in the Qualcomm sound codec 20170512 not yet CVE2017 driver could enable a local malicious application to access data outside of calculated 0632 its permission levels. This issue is rated as Moderate because it first CONFIRM requires compromising a privileged process. Product: Android. Versions: Kernel3.10. Android ID: A35392586. References: QCCR#832915.
https://www.uscert.gov/ncas/bulletins/SB17135 21/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
qualcomm sound_driver An elevation of privilege vulnerability in the Qualcomm sound driver could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10287 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 33784446 . References: QCCR# 1112751 .
qualcomm video_driver An elevation of privilege vulnerability in the Qualcomm video driver could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10286 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID: A 35400904 . References: QCCR# 1090237 .
qualcomm video_driver An elevation of privilege vulnerability in the Qualcomm video driver could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10285 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.18. Android ID: A 33752702 . References: QCCR# 1104899 .
qualcomm video_driver An elevation of privilege vulnerability in the Qualcomm video driver could 20170512 not yet CVE2016 enable a local malicious application to execute arbitrary code within the calculated 10284 context of the kernel. This issue is rated as High because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10, Kernel3.18. Android ID: A 32402303 . References: QCCR# 2000664 .
qualcomm video_driver An information disclosure vulnerability in the Qualcomm video driver could 20170512 not yet CVE2016 enable a local malicious application to access data outside of its calculated 10293 permission levels. This issue is rated as Moderate because it first requires CONFIRM compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A 33352393 . References: QCCR# 1101943 .
qualcomm wifi_driver An information disclosure vulnerability in the Qualcomm crypto engine 20170512 not yet CVE2017 driver could enable a local malicious application to access data outside of calculated 0626 its permission levels. This issue is rated as High because it could be used CONFIRM to access sensitive data without explicit user permission. Product: Android. Versions: Kernel3.10, Kernel3.18. Android ID: A 35393124 . References: QCCR# 1088050 .
qualcomm wifi_driver An information disclosure vulnerability in the Qualcomm WiFi driver could 20170512 not yet CVE2017 enable a local malicious application to access data outside of its calculated 0624 permission levels. This issue is rated as High because it could be used to CONFIRM access sensitive data without explicit user permission. Product: Android. Versions: Kernel3.10, Kernel3.18. Android ID: A 34327795 . References: QCCR# 2005832 .
qualcomm wifi_driver A denial of service vulnerability in the Qualcomm WiFi driver could enable 20170512 not yet CVE2016 a proximate attacker to cause a denial of service in the WiFi subsystem. calculated 10292 This issue is rated as High due to the possibility of remote denial of CONFIRM service. Product: Android. Versions: Kernel3.10, Kernel3.18. Android ID: A 34514463 . References: QCCR# 1065466 .
rockwell automation_controllogix A Resource Exhaustion issue was discovered in Rockwell Automation 20170505 not yet CVE2017 ControlLogix 5580 controllers V28.011, V28.012, and V28.013; calculated 6024 ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers BID V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability MISC may allow an attacker to cause a denial of service condition by sending a series of specific CIPbased commands to the controller.
saa7164usc ssa7164_bus_get The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164 20170508 not yet CVE2017 function bus.c in the Linux kernel through 4.10.14 allows local users to cause a calculated 8831 denial of service (outofbounds array access) or possibly have MISC unspecified other impact by changing a certain sequencenumber value, aka a "double fetch" vulnerability.
sap sapcar SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It 20170510 not yet CVE2017 could be exploited with a crafted CAR archive file received from an calculated 8852 untrusted remote source. The problem is that the length of data written is MISC an arbitrary number found within the file. The vendor response is SAP Security Note 2441560 .
schneiderelectric vampset All versions of VAMPSET software produced by Schneider Electric, prior 20170509 not yet CVE2017 to V2.2.189, are susceptible to a memory corruption vulnerability when a calculated 7967 corrupted vf2 file is used. This vulnerability causes the software to halt or CONFIRM not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system remains operational and VAMPSET responds, it is able to be shut down through its normal closing protocol.
https://www.uscert.gov/ncas/bulletins/SB17135 22/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
siemens simatic_cp Siemens SIMATIC CP 3431 Std, CP 3431 Lean (All versions), SIMATIC 20170510 not yet CVE2017 CP 3431 Adv (All versions), SIMATIC CP 4431 Std, CP 4431 Adv (All calculated 2680 versions before V3.2.17), SIMATIC CP 4431 OPCUA (All versions), BID SIMATIC CP 12431 (All versions), SIMATIC CM 15421 (All versions CONFIRM before V2.0), SIMATIC CP 1542SP1, CP 1542SP1 IRC, and CP 1543SP1 (All versions), SIMATIC CP 15431 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK16xx PN IO (All versions before V2.7), SCALANCE X200 (All versions), SCALANCE X200 IRT (All versions), SCALANCE X300, X408, X414 (All versions), SCALANCE XM400, XR500 (All versions), SCALANCE W700 (All versions before V6.1), SCALANCE M800, S615 (All versions), Softnet PROFINET IO for PCbased Windows systems (All versions), IE/PBLink (All versions before V3.0), IE/ASi Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 / UPS1600 PROFINET (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), PN/PN Coupler (All versions), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EKERTEC 200P PN IO (All versions before V4.4.0 Patch01), EKERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7200 SMART (All versions), SIMATIC S7300 incl. F and T (All versions before V3.X.14), SIMATIC S7400 incl. F and H (All versions), SIMATIC S71200 incl. F (All versions before V4.2.1), SIMATIC S71500 incl. F, T, and TF (All versions before V2.1), SIMATIC S71500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.8 HF4), SINAMICS S110 w. PN (All versions), SINAMICS S120 (All versions before V4.8 HF4), SINAMICS S150 (All versions before V4.8 HF4), SINAMICS V90 w. PN (All versions), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (V4.7 before SP6 HF8 and before V4.5), SINUMERIK 840D sl (V4.7 before SP6 HF8 and before V4.5), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a DenialofService condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 Ethernet) packet.
siemens simatic_s7 Siemens SIMATIC S7300 incl. F and T (All versions before V3.X.14), 20170511 not yet CVE2017 SIMATIC S7400 incl. F and H (All versions), SIMATIC HMI Comfort calculated 2681 Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be BID affected by a DenialofService condition induced by a specially crafted CONFIRM PROFINET DCP (Layer 2 Ethernet) packet sent to an affected product.
siemens simatic A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before 20170511 not yet CVE2017 Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional calculated 6867 (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) BID Professional (V13 before SP2 and V14 before SP1) that could allow an CONFIRM authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.
siemens simatic Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and 20170511 not yet CVE2017 V14 before SP1), SIMATIC STEP 7 (TIA Portal) (V13 all versions before calculated 6865 SP2 and V14 before SP1), SIMATIC STEP 7 V5.X (All versions), STEP 7 BID Micro/WIN SMART (All versions), SMART PC Access V2.0, SIMATIC CONFIRM Automation Tool (All versions), SIMATIC WinCC (All versions), SIMATIC PCS 7 (All versions), SIMATIC NET PCSoftware (All versions), Primary Setup Tool (PST) (All versions), Security Configuration Tool (SCT) (All versions), SINEMA Server (All versions), SINAUT ST7CC (All versions), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SINUMERIK 808D Programming Tool (All versions), SIMATIC WinCC flexible 2008 (All versions) could be affected by a DenialofService condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 Ethernet) packet.
soy cms Crosssite scripting vulnerability in SOY CMS with installer 1.8.12 and 20170512 not yet CVE2017 earlier allows remote attackers to inject arbitrary web script or HTML via calculated 2164 unspecified vectors. JVN
soy cms Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows 20170512 not yet CVE2017 authenticated attackers to read arbitrary files via shop_id. calculated 2163 JVN
splunk enterprise_light Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk 20170512 not yet CVE2016 Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and calculated 4857 Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites JVN and conduct phishing attacks via unspecified vectors. CONFIRM
https://www.uscert.gov/ncas/bulletins/SB17135 23/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
splunk enterprise_light Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk 20170512 not yet CVE2016 Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, calculated 4859 Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to JVN 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to CONFIRM 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
splunk enterprise_light Crosssite scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, 20170512 not yet CVE2016 Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to calculated 4858 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x JVN prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light CONFIRM prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
splunk enterprise_light Crosssite scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 20170512 not yet CVE2016 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator calculated 4856 rights to inject arbitrary web script or HTML via unspecified vectors. JVN CONFIRM
swftools pdf2swf A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows 20170510 not yet CVE2017 remote attackers to cause a denial of service (application crash) or calculated 7698 possibly have unspecified other impact via a malformed PDF document, CONFIRM possibly a consequence of an error in Gfx.cc in Xpdf 3.02.
symphony meta_parameter Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to 20170510 not yet CVE2017 content/content.blueprintssections.php. calculated 8876 MISC
synology dsm_user Directory traversal vulnerability in synophoto_dsm_user, a SUID program, 20170512 not yet CVE2016 as used in Synology Photo Station before 6.5.33226 allows local users to calculated 10330 write to arbitrary files via unspecified vectors. MLIST MISC MISC CONFIRM
synology photo_station Command injection vulnerability in login.php in Synology Photo Station 20170512 not yet CVE2016 before 6.5.33226 allows remote attackers to execute arbitrary code via calculated 10329 shell metacharacters in the crafted 'XForwardedFor' header. MLIST MISC MISC CONFIRM
synology photo_station Directory traversal vulnerability in download.php in Synology Photo Station 20170512 not yet CVE2016 before 6.5.33226 allows remote attackers to read arbitrary files via a full calculated 10331 pathname in the id parameter. MISC CONFIRM
tibco spotfire_server TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 20170509 not yet CVE2017 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics calculated 5527 Platform for AWS Marketplace 7.8.0 and earlier contain multiple CONFIRM vulnerabilities which may allow authorized users to perform SQL injection attacks.
trafficmanagementmicrokernel The Traffic Management Microkernel (TMM) in F5 BIGIP LTM, AAM, 20170511 not yet CVE2016 traffic_anagement_microkernel AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 calculated 7476 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 BID HF10 may suffer from a memory leak while handling certain types of TCP CONFIRM traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet.
ubuntu lightdm LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, 20170512 not yet CVE2017 allows physically proximate attackers to bypass intended AppArmor calculated 8900 restrictions and visit the home directories of arbitrary users by establishing CONFIRM a guest session. CONFIRM CONFIRM
unicodetoutf8() An integer underflow has been identified in the unicode_to_utf8() function 20170512 not yet CVE2017 unicode_to_utf8()_function in tnef 1.4.14. This might lead to invalid write operations, controlled by an calculated 8911 attacker. MISC
unixsocket.c lxterminal unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket 20170508 not yet CVE2016 file, allowing a local user to cause a denial of service (preventing terminal calculated 10369 launch), or possibly have other impact (bypassing terminal access MISC control). MISC MISC
veritasbackupexec In Veritas Backup Exec 2014 before build 14.1.1187.1126 , 15 before build 20170510 not yet CVE2017 veritas_backup_exec 14.2.1180.3160 , and 16 before FP1, there is a useafterfree vulnerability calculated 8895 in multiple agents that can lead to a denial of service or remote code CONFIRM execution. An authenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on. https://www.uscert.gov/ncas/bulletins/SB17135 24/25 16/5/2017 Vulnerability Summary for the Week of May 8, 2017
Primary Description Published CVSS Source & Vendor Product Score Patch Info
veritas netbackup In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and 20170509 not yet CVE2017 earlier, there is unauthenticated file copy and arbitrary remote command calculated 8857 execution using the 'bprd' process. BID CONFIRM
veritas netbackup In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can 20170509 not yet CVE2017 execute arbitrary commands as root. calculated 8859 BID CONFIRM
veritas netbackup In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and 20170509 not yet CVE2017 earlier, there is unauthenticated privileged remote file write using the 'bprd' calculated 8858 process. BID CONFIRM
veritas netbackup In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and 20170509 not yet CVE2017 earlier, there is unauthenticated, arbitrary remote command execution calculated 8856 using the 'bprd' process. BID CONFIRM
wolfssl wolfSSL before 3.10.2 has an outofbounds memory access with loading 20170509 not yet CVE2017 out_of_bounds_memory_access crafted DH parameters, aka a buffer overflow triggered by a malformed calculated 8854 temporary DH file. CONFIRM
wolfssl wc_dhagree wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a 20170509 not yet CVE2017 malformed DH key. calculated 8855 CONFIRM
wordpress clean_login_plugin CSRF in the Clean Login plugin before 1.8 for WordPress allows remote 20170510 not yet CVE2017 attackers to change the login redirect URL or logout redirect URL. calculated 8875 MISC MISC
xen failsafe Xen through 4.6.x on 64bit platforms mishandles a failsafe callback, 20170511 not yet CVE2017 which might allow PV guest OS users to execute arbitrary code on the calculated 8905 host OS, aka XSA215. CONFIRM CONFIRM
xen gnttabop_transfer Xen through 4.8.x mishandles the "contains segment descriptors" property 20170511 not yet CVE2017 during GNTTABOP_transfer (aka guest transfer) operations, which might calculated 8904 allow PV guest OS users to execute arbitrary code on the host OS, aka CONFIRM XSA214. CONFIRM
xen iret_hypercall Xen through 4.8.x on 64bit platforms mishandles page tables after an 20170511 not yet CVE2017 IRET hypercall, which might allow PV guest OS users to execute arbitrary calculated 8903 code on the host OS, aka XSA213. CONFIRM CONFIRM
zencart main_page_parameter Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 20170508 not yet CVE2017 1.6.0 is not an official release but the vendor's README.md file offers a calculated 8833 link to v160.zip with a description of "Download latest indevelopment CONFIRM version from github."
zendstringextend zend/zend_string_h The zend_string_extend function in Zend/zend_string.h in PHP through 20170512 not yet CVE2017 7.1.5 does not prevent changes to string objects that result in a negative calculated 8923 length, which allows remote attackers to cause a denial of service MISC (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
liblrzipso read_stream_function The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows 20170508 not yet CVE2017 remote attackers to cause a denial of service (useafterfree and calculated 8846 application crash) via a crafted archive. MISC MISC
Back to top
This product is provided subject to this Notification and this Privacy & Use policy.
https://www.uscert.gov/ncas/bulletins/SB17135 25/25