SB17-086: Vulnerability Summary for the Week of March 20, 2017

Original release date: March 27, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
canonical — ubuntu_linux The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to “throwing of exceptions.” 2017-03-20 7.5 CVE-2014-9841
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
CONFIRM
canonical — ubuntu_linux The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. 2017-03-20 7.5 CVE-2014-9843
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
CONFIRM
canonical — ubuntu_linux Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. 2017-03-20 7.5 CVE-2014-9846
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
CONFIRM
canonical — ubuntu_linux The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. 2017-03-20 7.5 CVE-2014-9847
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
CONFIRM
cerberus — cerberus_ftp_server Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command. 2017-03-17 7.5 CVE-2017-6880
EXPLOIT-DB
chef_manage_project — chef_manage The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5. 2017-03-17 7.5 CVE-2017-7174
CONFIRM
erlang — erlang/otp An issue was discovered in Erlang/OTP 18.x. Erlang’s generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to. 2017-03-18 7.5 CVE-2016-10253
MISC
gnu — binutils ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. 2017-03-21 7.5 CVE-2014-9939
MISC
CONFIRM
CONFIRM
gnu — screen GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions. 2017-03-20 7.2 CVE-2017-5618
CONFIRM
CONFIRM
CONFIRM
MLIST
BID
MLIST
ibm — power_hardware_management_console IBM Power Hardware Management Console (HMC) 3.3.2 and 4.1 could allow a local user to escalate their privileges to gain root access. IBM Reference #: 1998459. 2017-03-20 7.2 CVE-2017-1134
CONFIRM
BID
ibm — websphere_mq IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672. 2017-03-20 7.8 CVE-2017-1145
CONFIRM
BID
imagemagick — imagemagick distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. 2017-03-17 7.5 CVE-2014-9852
SUSE
SUSE
SUSE
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick Memory leak in the NewXMLTree function in magick/xml-tree.c in ImageMagick before 6.9.4-7 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML file. 2017-03-23 7.1 CVE-2016-10047
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file. 2017-03-23 7.1 CVE-2016-10058
MLIST
BID
CONFIRM
CONFIRM
juniper — junos_space Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. 2017-03-20 7.5 CVE-2016-4926
BID
CONFIRM
juniper — junos_space Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. 2017-03-20 9.0 CVE-2016-4929
BID
CONFIRM
kinsey — infor-lawson Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. 2017-03-20 7.5 CVE-2017-6550
MISC
FULLDISC
BID
EXPLOIT-DB
linux — linux_kernel The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. 2017-03-20 7.2 CVE-2017-7187
BID
MISC
MISC
netiq — access_governance_suite A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. 2017-03-23 9.0 CVE-2016-1597
CONFIRM
netiq — access_manager iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials. 2017-03-23 7.5 CVE-2016-5757
CONFIRM
oneplus — oxygenos An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the ‘fastboot oem boot_mode {rf/wlan/ftm/normal} command’ in contradiction to the threat model of Android where the bootloader MUST NOT allow any security-sensitive operation to be run unless the bootloader is unlocked. 2017-03-19 7.2 CVE-2017-5623
BID
MISC
openinfosecfoundation — suricata The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. 2017-03-20 7.5 CVE-2015-8954
CONFIRM
CONFIRM
CONFIRM
pluck-cms — pluck Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. 2017-03-17 7.5 CVE-2014-8708
MISC
MISC
qdpm — qdpm Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. 2017-03-17 7.5 CVE-2015-3884
MISC
MISC
wondercms — wondercms Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. 2017-03-17 7.5 CVE-2014-8704
MISC
wondercms — wondercms PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. 2017-03-17 7.5 CVE-2014-8705
MISC
MISC
xrdp — xrdp xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. 2017-03-17 7.5 CVE-2017-6967
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — tomcat The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. 2017-03-20 6.8 CVE-2016-6816
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apng2gif_project — apng2gif An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the load_apng function and the imagesize variable. 2017-03-17 5.0 CVE-2017-6960
MISC
apng2gif_project — apng2gif An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value (within the PNG file) to determine the amount of memory to allocate. 2017-03-17 4.3 CVE-2017-6961
MISC
apng2gif_project — apng2gif An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12. 2017-03-17 5.0 CVE-2017-6962
MISC
artifex — ghostscript The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. 2017-03-21 4.3 CVE-2017-7207
CONFIRM
BID
CONFIRM
audiofile — audiofile The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-03-20 4.3 CVE-2017-6829
MLIST
MISC
MISC
MISC
audiofile — audiofile Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-03-20 4.3 CVE-2017-6830
MLIST
MISC
MISC
MISC
audiofile — audiofile Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-03-20 4.3 CVE-2017-6831
MLIST
MISC
MISC
MISC
audiofile — audiofile Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-03-20 4.3 CVE-2017-6832
MLIST
MISC
MISC
MISC
audiofile — audiofile The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. 2017-03-20 4.3 CVE-2017-6833
MLIST
MISC
MISC
MISC
audiofile — audiofile Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-03-20 4.3 CVE-2017-6834
MLIST
MISC
MISC
MISC
audiofile — audiofile The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file. 2017-03-20 4.3 CVE-2017-6835
MLIST
MISC
MISC
MISC
audiofile — audiofile Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-03-20 4.3 CVE-2017-6836
MLIST
MISC
MISC
MISC
audiofile — audiofile WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients. 2017-03-20 4.3 CVE-2017-6837
MLIST
MISC
MISC
MISC
audiofile — audiofile Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-03-20 4.3 CVE-2017-6838
MLIST
MISC
MISC
MISC
audiofile — audiofile Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. 2017-03-20 4.3 CVE-2017-6839
MLIST
MISC
MISC
MISC
buddypress — buddypress_plugin An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions. 2017-03-17 4.0 CVE-2017-6954
CONFIRM
CONFIRM
ca — unified_infrastructure_management The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors. 2017-03-20 5.0 CVE-2016-9165
BID
MISC
CONFIRM
canonical — ubuntu_linux Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. 2017-03-20 5.0 CVE-2014-9842
SUSE
SUSE
SUSE
SUSE
MLIST
CONFIRM
CONFIRM
canonical — ubuntu_linux The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. 2017-03-20 4.3 CVE-2014-9844
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
CONFIRM
canonical — ubuntu_linux The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. 2017-03-20 4.3 CVE-2014-9845
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
CONFIRM
canonical — ubuntu_linux Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). 2017-03-20 5.0 CVE-2014-9848
SUSE
SUSE
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
canonical — ubuntu_linux The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). 2017-03-20 5.0 CVE-2014-9849
SUSE
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
canonical — ubuntu_linux Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). 2017-03-20 5.0 CVE-2014-9850
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
CONFIRM
canonical — ubuntu_linux ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). 2017-03-20 5.0 CVE-2014-9851
SUSE
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
CONFIRM
cisco — adaptive_security_appliance_software A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known Fixed Releases: 99.1(20.1) 99.1(10.2) 98.1(12.7) 98.1(1.49) 97.1(6.58) 97.1(0.134) 96.2(0.109) 9.7(1.1) 9.6(2.99) 9.6(2.8). 2017-03-17 5.0 CVE-2017-3867
BID
CONFIRM
cisco — nx-os An Access-Control Filtering Mechanisms Bypass vulnerability in certain access-control filtering mechanisms on Cisco Nexus 7000 Series Switches could allow an unauthenticated, remote attacker to bypass defined traffic configured within an access control list (ACL) on the affected system. More Information: CSCtz59354. Known Affected Releases: 5.2(4) 6.1(3)S5 6.1(3)S6 6.2(1.121)S0 7.2(1)D1(1) 7.3(0)ZN(0.161) 7.3(1)N1(0.1). Known Fixed Releases: 7.3(0)D1(1) 6.2(2) 6.1(5) 8.3(0)KMT(0.24) 8.3(0)CV(0.337) 7.3(1)N1(1) 7.3(0)ZN(0.210) 7.3(0)ZN(0.177) 7.3(0)ZD(0.194) 7.3(0)TSH(0.99) 7.3(0)SC(0.14) 7.3(0)RSP(0.7) 7.3(0)N1(1) 7.3(0)N1(0.193) 7.3(0)IZN(0.13) 7.3(0)IB(0.102) 7.3(0)GLF(0.44) 7.3(0)D1(0.178) 7.1(0)D1(0.14) 7.0(3)ITI2(1.6) 7.0(3)ISH1(2.13) 7.0(3)IFD6(0.78) 7.0(3)IFD6(0) 7.0(3)IDE6(0.12) 7.0(3)IDE6(0) 7.0(3)I2(1) 7.0(3)I2(0.315) 7.0(1)ZD(0.3) 7.0(0)ZD(0.84) 6.2(1.149)S0 6.2(0.285) 6.1(5.32)S0 6.1(4.97)S0 6.1(2.30)S0. 2017-03-17 5.0 CVE-2017-3875
BID
CONFIRM
cisco — nx-os A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCux46778. Known Affected Releases: 7.0(3)I3(0.170). Known Fixed Releases: 7.0(3)I3(1) 7.0(3)I3(0.257) 7.0(3)I3(0.255) 7.0(3)I2(2e) 7.0(3)F1(1.22) 7.0(3)F1(1). 2017-03-17 5.0 CVE-2017-3878
BID
CONFIRM
cisco — nx-os A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. The attacker could use either a Telnet or an SSH client for the remote login attempt. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCuy25824. Known Affected Releases: 7.0(3)I3(1) 8.3(0)CV(0.342) 8.3(0)CV(0.345). Known Fixed Releases: 8.3(0)CV(0.362) 8.0(1) 7.0(3)IED5(0.19) 7.0(3)IED5(0) 7.0(3)I4(1) 7.0(3)I4(0.8) 7.0(3)I2(2e) 7.0(3)F1(1.22) 7.0(3)F1(1) 7.0(3)F1(0.230). 2017-03-17 5.0 CVE-2017-3879
BID
CONFIRM
cisco — prime_infrastructure An API Credentials Management vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. More Information: CSCuy36192. Known Affected Releases: 3.1(1) 3.1(1). 2017-03-17 5.5 CVE-2017-3869
BID
CONFIRM
cisco — prime_optical A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The attacker must have valid credentials for the device. More Information: CSCvc65257. Known Affected Releases: 10.6(0.1). 2017-03-17 4.0 CVE-2017-3871
BID
CONFIRM
cisco — prime_service_catalog A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc79842 CSCvc79846 CSCvc79855 CSCvc79873 CSCvc79882 CSCvc79891. Known Affected Releases: 11.1.2. 2017-03-17 4.3 CVE-2017-3866
BID
CONFIRM
cisco — telepresence_server_software An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processors that are running a software release prior to Cisco TelePresence Software Release 4.3 and are running in locally managed mode. The vulnerable API was deprecated in Cisco TelePresence Software Release 4.3. More Information: CSCvc37616. 2017-03-17 5.0 CVE-2017-3815
BID
CONFIRM
cisco — unified_communications_manager A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219). 2017-03-17 4.3 CVE-2017-3872
BID
CONFIRM
cisco — unified_communications_manager A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web interface of the affected software. More Information: CSCvb70021. Known Affected Releases: 11.5(1.11007.2). 2017-03-17 4.3 CVE-2017-3877
BID
CONFIRM
cisco — unified_computing_system_director A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0). 2017-03-17 4.3 CVE-2017-3868
BID
CONFIRM
cisco — web_security_appliance A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010. 2017-03-17 5.0 CVE-2017-3870
BID
CONFIRM
cisco — webex_meetings_server An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054. 2017-03-17 4.0 CVE-2017-3811
BID
CONFIRM
cisco — webex_meetings_server An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge. 2017-03-17 6.4 CVE-2017-3880
BID
CONFIRM
cloudflare-scrape_project — cloudflare-scrape An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0. 2017-03-23 6.8 CVE-2017-7235
CONFIRM
CONFIRM
d-link — dir-600m_firmware CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact. 2017-03-22 6.8 CVE-2017-5874
CONFIRM
BID
debian — debian_linux The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. 2017-03-23 4.3 CVE-2016-9556
SUSE
DEBIAN
MLIST
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
deluge — deluge CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. 2017-03-18 6.8 CVE-2017-7178
CONFIRM
MISC
MISC
MISC
BID
CONFIRM
fedoraproject — fedora Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. 2017-03-17 4.3 CVE-2015-4645
FEDORA
FEDORA
BID
CONFIRM
MISC
GENTOO
ffmpeg — ffmpeg Libavcodec in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code. 2017-03-20 6.8 CVE-2012-5361
BID
XF
MS
CONFIRM
gamepanelx — gamepanelx-v3 A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data (a) passed to the “GamePanelX-V3-master/ajax/ajax.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-21 4.3 CVE-2017-7205
BID
CONFIRM
get-simple — getsimple_cms GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/.xml, (2) backups/users/.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. 2017-03-17 5.0 CVE-2014-8722
MISC
MISC
get-simple — getsimple_cms GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message. 2017-03-17 5.0 CVE-2014-8723
MISC
MISC
git_project — git contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. 2017-03-19 6.8 CVE-2014-9938
CONFIRM
MISC
gnu — binutils readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. 2017-03-17 4.3 CVE-2017-6965
CONFIRM
gnu — binutils readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. 2017-03-17 4.3 CVE-2017-6966
CONFIRM
gnu — binutils readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over-read while processing corrupt RL78 binaries. The vulnerability can trigger program crashes. It may lead to an information leak as well. 2017-03-17 6.4 CVE-2017-6969
CONFIRM
gnu — binutils The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash. 2017-03-21 4.3 CVE-2017-7209
BID
CONFIRM
gnu — binutils objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash. 2017-03-21 4.3 CVE-2017-7210
BID
CONFIRM
gnu — binutils GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash. 2017-03-22 5.0 CVE-2017-7223
CONFIRM
gnu — binutils The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash. 2017-03-22 4.3 CVE-2017-7224
CONFIRM
gnu — binutils The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash. 2017-03-22 5.0 CVE-2017-7225
CONFIRM
gnu — binutils The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well. 2017-03-22 6.4 CVE-2017-7226
CONFIRM
gnu — binutils GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of ‘’ termination of a name field in ldlex.l. 2017-03-22 5.0 CVE-2017-7227
CONFIRM
gnu — glibc Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. 2017-03-20 6.8 CVE-2015-8983
MLIST
BID
CONFIRM
CONFIRM
MLIST
gnu — glibc The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read. 2017-03-20 4.3 CVE-2015-8984
MLIST
MLIST
BID
CONFIRM
CONFIRM
MLIST
gnu — glibc The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. 2017-03-20 4.3 CVE-2015-8985
MLIST
BID
CONFIRM
google — android The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140. 2017-03-20 6.9 CVE-2016-5857
SECTRACK
MISC
huawei — document_security_management The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button. 2017-03-20 4.0 CVE-2016-2406
CONFIRM
ibm — algo_one IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could allow a user to gain access to another user’s reports using a specially crafted HTTP request. IBM Reference #: 1999754. 2017-03-20 4.0 CVE-2017-1155
CONFIRM
BID
ibm — rational_rhapsody_design_manager IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. 2017-03-20 4.0 CVE-2016-8973
CONFIRM
BID
ibm — websphere_application_server IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293. 2017-03-20 6.8 CVE-2017-1151
CONFIRM
BID
imagemagick — imagemagick Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. 2017-03-22 6.8 CVE-2014-9832
MLIST
MLIST
imagemagick — imagemagick Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. 2017-03-22 6.8 CVE-2014-9833
MLIST
MLIST
imagemagick — imagemagick Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. 2017-03-22 6.8 CVE-2014-9834
MLIST
MLIST
imagemagick — imagemagick Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. 2017-03-22 6.8 CVE-2014-9835
MLIST
MLIST
imagemagick — imagemagick ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. 2017-03-22 4.3 CVE-2014-9836
MLIST
MLIST
imagemagick — imagemagick magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). 2017-03-22 4.3 CVE-2014-9838
MLIST
imagemagick — imagemagick magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). 2017-03-22 5.0 CVE-2014-9839
MLIST
MLIST
imagemagick — imagemagick ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. 2017-03-22 4.3 CVE-2014-9840
MLIST
MLIST
imagemagick — imagemagick Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. 2017-03-17 4.3 CVE-2014-9853
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
imagemagick — imagemagick coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the “identification of image.” 2017-03-17 5.0 CVE-2014-9854
CONFIRM
SUSE
SUSE
SUSE
SUSE
MLIST
UBUNTU
CONFIRM
CONFIRM
imagemagick — imagemagick Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile. 2017-03-23 4.3 CVE-2014-9915
MLIST
CONFIRM
imagemagick — imagemagick Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file. 2017-03-23 4.3 CVE-2016-10046
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. 2017-03-23 6.8 CVE-2016-10049
MLIST
BID
CONFIRM
CONFIRM
MISC
imagemagick — imagemagick Buffer overflow in the WriteProfile function in coders/jpeg.c in ImageMagick before 6.9.5-6 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. 2017-03-23 6.8 CVE-2016-10052
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick The WriteTIFFImage function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. 2017-03-23 4.3 CVE-2016-10053
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick Buffer overflow in the WriteMAPImage function in coders/map.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. 2017-03-23 6.8 CVE-2016-10054
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. 2017-03-23 6.8 CVE-2016-10055
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. 2017-03-23 6.8 CVE-2016-10056
MLIST
BID
BID
CONFIRM
CONFIRM
imagemagick — imagemagick Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. 2017-03-23 6.8 CVE-2016-10057
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. 2017-03-23 6.8 CVE-2016-10059
SUSE
MLIST
BID
CONFIRM
CONFIRM
imdbphp_project — imdbphp A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data (name) passed to the “imdbphp-master/demo/search.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-21 4.3 CVE-2017-7204
BID
CONFIRM
jasper_project — jasper The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. 2017-03-23 4.3 CVE-2016-8885
MLIST
MLIST
MLIST
BID
MISC
CONFIRM
FEDORA
FEDORA
juniper — junos_space Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices. 2017-03-20 6.8 CVE-2016-4927
BID
CONFIRM
juniper — junos_space Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. 2017-03-20 6.8 CVE-2016-4928
BID
CONFIRM
juniper — junos_space Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. 2017-03-20 4.3 CVE-2016-4930
BID
CONFIRM
juniper — junos_space XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service. 2017-03-20 4.0 CVE-2016-4931
BID
CONFIRM
libav — libav The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. 2017-03-21 5.8 CVE-2017-7206
BID
CONFIRM
libav — libav The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file. 2017-03-21 5.8 CVE-2017-7208
BID
CONFIRM
libtiff — libtiff LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. 2017-03-17 4.3 CVE-2015-7313
MLIST
BID
CONFIRM
GENTOO
mantisbt — mantisbt A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT’s CSP settings permit it) by modifying ‘window_title’ in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php). 2017-03-22 4.3 CVE-2017-7222
CONFIRM
CONFIRM
mantisbt — mantisbt_source_integration_plugin An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT’s CSP settings permit it) by crafting any valid parameter. 2017-03-17 4.3 CVE-2017-6958
CONFIRM
meteocontrol — weblog A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB’log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function. 2017-03-21 6.8 CVE-2016-4504
MISC
misp — misp Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. 2017-03-21 4.3 CVE-2017-7215
MISC
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
mobatek — mobaxterm Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. 2017-03-20 5.0 CVE-2017-6805
MISC
MISC
FULLDISC
BID
EXPLOIT-DB
netiq — access_manager The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. 2017-03-23 6.5 CVE-2016-5750
CONFIRM
netiq — access_manager An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials. 2017-03-23 4.3 CVE-2016-5751
CONFIRM
netiq — access_manager The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 was handling unsigned SAML requests incorrectly, leaking results to a potentially malicious “Assertion Consumer Service URL” instead of the original requester. 2017-03-23 5.0 CVE-2016-5752
CONFIRM
netiq — access_manager Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2. 2017-03-23 5.0 CVE-2016-5754
CONFIRM
netiq — access_manager NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the “high encryption” setting. 2017-03-23 4.3 CVE-2016-5755
CONFIRM
netiq — access_manager Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp. 2017-03-23 4.3 CVE-2016-5756
CONFIRM
netiq — access_manager A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. 2017-03-23 6.8 CVE-2016-5758
BID
CONFIRM
novell — groupwise A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user’s browser session by getting the user to click on a specially crafted link. This could lead to session compromise or other browser-based attacks. 2017-03-23 4.3 CVE-2016-9169
CONFIRM
novell — leap saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. 2017-03-20 5.0 CVE-2017-6318
MLIST
MLIST
SUSE
BID
CONFIRM
MLIST
opendaylight — l2switch hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka “topology spoofing.” 2017-03-20 5.0 CVE-2015-1610
MISC
BID
CONFIRM
openinfosecfoundation — suricata Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. 2017-03-18 5.0 CVE-2017-7177
BID
CONFIRM
CONFIRM
openstack — nova An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens. 2017-03-21 5.0 CVE-2017-7214
BID
CONFIRM
opensuse_project — leap Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. 2017-03-23 5.0 CVE-2016-10048
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
opensuse_project — leap Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. 2017-03-23 6.8 CVE-2016-10050
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
opensuse_project — leap Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. 2017-03-23 6.8 CVE-2016-10051
SUSE
SUSE
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
palo_alto_networks — terminal_services_agent Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors. 2017-03-20 5.0 CVE-2017-6356
CONFIRM
BID
pcre — pcre libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. 2017-03-19 5.0 CVE-2017-7186
BID
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
pluck-cms — pluck Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing “PHPSESSIS” to an array; (2) adding non-aplhanumeric chars to “PHPSESSID”; (3) changing the image parameter to array; or (4) changing the image parameter to a string, which reveals the installation path in an error message. 2017-03-17 5.0 CVE-2014-8706
MISC
MISC
pluck-cms — pluck Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the “edit HTML source” option. 2017-03-17 4.0 CVE-2014-8707
MISC
MISC
qdpm — qdpm Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml. 2017-03-17 5.0 CVE-2015-3881
MISC
MISC
qdpm — qdpm qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message. 2017-03-17 5.0 CVE-2015-3882
MISC
MISC
qdpm — qdpm Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) “Name of application” on index.php/configuration; (3) a new project name on index.php/projects; (4) the task name on index.php/tasks; (5) ticket name on index.php/tickets; (6) discussion name on index.php/discussions; (7) report name on index.php/projectReports; or (8) event name on index.php/scheduler/personal. 2017-03-17 4.3 CVE-2015-3883
MISC
MISC
qemu — qemu Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping. 2017-03-20 5.0 CVE-2017-6058
CONFIRM
MLIST
BID
SECTRACK
CONFIRM
MLIST
sitecore — experience_platform Cross-Site Scripting (XSS) in “/sitecore/client/Applications/List Manager/Taskpages/Contact list” in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2. 2017-03-19 4.3 CVE-2016-8855
MISC
EXPLOIT-DB
slims — slims7_cendana Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the ‘slims7_cendana-master/template/default/detail_template.php’ and ‘slims7_cendana-master/template/default-rtl/detail_template.php’ URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-21 4.3 CVE-2017-7202
BID
CONFIRM
solarwinds — ftp_voyager Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. 2017-03-20 6.8 CVE-2017-6803
MISC
MISC
BID
EXPLOIT-DB
teleogistic — invite_anyone_plugin An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack. 2017-03-17 5.0 CVE-2017-6955
BID
CONFIRM
CONFIRM
typo3 — typo3 TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields. 2017-03-17 5.0 CVE-2017-6370
MISC
usbpcap_project — usbpcap The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference. 2017-03-20 4.6 CVE-2017-6178
MISC
BID
EXPLOIT-DB
virglrenderer_project — virglrenderer Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands. 2017-03-20 4.9 CVE-2016-10214
MLIST
BID
CONFIRM
MLIST
wondercms — wondercms Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. 2017-03-17 5.0 CVE-2014-8701
MISC
MISC
wondercms — wondercms Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. 2017-03-17 5.0 CVE-2014-8702
MISC
MISC
wondercms — wondercms Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. 2017-03-17 4.3 CVE-2014-8703
MISC
MISC
zoneminder — zoneminder A Cross-Site Scripting (XSS) was discovered in ZoneMinder 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the “ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-21 4.3 CVE-2017-7203
BID
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — unified_communications_manager A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. More Information: CSCvb70033. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.507) 11.0(1.23900.5) 11.0(1.23900.3) 10.5(2.15900.2). 2017-03-17 3.5 CVE-2017-3874
BID
CONFIRM
ibm — content_navigator IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999736. 2017-03-20 3.5 CVE-2017-1146
CONFIRM
BID
ibm — rational_collaborative_lifecycle_management An undisclosed vulnerability in the CLM applications in IBM Jazz Team Server may allow unauthorized access to user credentials. IBM Reference #: 1999965. 2017-03-20 2.1 CVE-2016-2981
CONFIRM
MISC
ibm — rational_rhapsody_design_manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960. 2017-03-20 3.5 CVE-2016-9694
CONFIRM
BID
ibm — rational_rhapsody_design_manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM Reference #: 1999960. 2017-03-20 3.5 CVE-2016-9696
CONFIRM
BID
ibm — rational_rhapsody_design_manager An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 could allow an attacker to perform a JSON Hijacking Attack. A JSON Hijacking Attack may expose to an attacker information passed between the server and the browser. IBM Reference #: 1999960. 2017-03-20 2.1 CVE-2016-9697
CONFIRM
BID
netiq — access_manager External Entity Processing (XXE) vulnerability in the “risk score” application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users. 2017-03-23 2.1 CVE-2016-5748
CONFIRM
netiq — access_manager NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack. 2017-03-23 2.1 CVE-2016-5749
CONFIRM
opensuse_project — leap The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check. 2017-03-20 3.5 CVE-2017-5930
SUSE
MLIST
MLIST
BID
CONFIRM
CONFIRM
MLIST
qemu — qemu The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer. 2017-03-20 2.1 CVE-2017-5987
CONFIRM
MLIST
BID
CONFIRM
MLIST
virglrenderer_project — virglrenderer The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index. 2017-03-20 2.1 CVE-2017-5956
MLIST
BID
CONFIRM
MLIST

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alcatel-lucent — motive_home_device_manager
 
Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. 2017-03-23 not yet calculated CVE-2015-8687
FULLDISC
alienvault — alienvault
 
Unspecified vulnerability in AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 has unknown impact and attack vectors, aka AlienVault ID ENG-104945. This is different from CVE-2017-6970 and CVE-2017-6971, and less directly relevant. (Additional details are expected to be released in a new public reference.) 2017-03-22 not yet calculated CVE-2017-6972
BID
CONFIRM
CONFIRM
alienvault — alienvault
 
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862. 2017-03-22 not yet calculated CVE-2017-6971
CONFIRM
CONFIRM
CONFIRM
alienvault — alienvault
 
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863. 2017-03-22 not yet calculated CVE-2017-6970
CONFIRM
CONFIRM
CONFIRM
amd — amd_ryzen_processor
 
The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite. 2017-03-24 not yet calculated CVE-2017-7262
MISC
MISC
MISC
MISC
apache — apache_poi
 
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack. 2017-03-24 not yet calculated CVE-2017-5644
CONFIRM
apngdis — apngdis
 
Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename. 2017-03-23 not yet calculated CVE-2017-6191
BID
EXPLOIT-DB
MISC
apparmor — apparmor
 
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle ‘restart’ operations removing AppArmor profiles that aren’t found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what’s done by LXD and Docker, are affected by this flaw in the AppArmor init script logic. 2017-03-24 not yet calculated CVE-2017-6507
CONFIRM
CONFIRM
CONFIRM
CONFIRM
artifex_software — mujs
 
regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation. 2017-03-24 not yet calculated CVE-2016-10132
CONFIRM
MLIST
MLIST
CONFIRM
FEDORA
artifex_software — mujs
 
Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions. 2017-03-24 not yet calculated CVE-2016-10133
CONFIRM
MLIST
MLIST
CONFIRM
FEDORA
avast — security_products
 
Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a “DoubleAgent” attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. 2017-03-21 not yet calculated CVE-2017-5567
MISC
MISC
BID
avg — security_products
 
Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG Internet Security 17.1 (and earlier), and AVG AntiVirus FREE 17.1 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any AVG process via a “DoubleAgent” attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. 2017-03-21 not yet calculated CVE-2017-5566
MISC
MISC
BID
avira — security_products
 
Code injection vulnerability in Avira Total Security Suite 15.0 (and earlier), Optimization Suite 15.0 (and earlier), Internet Security Suite 15.0 (and earlier), and Free Security Suite 15.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avira process via a “DoubleAgent” attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. 2017-03-21 not yet calculated CVE-2017-6417
MISC
MISC
BID
bitdefender — security_products
 
Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a “DoubleAgent” attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. 2017-03-21 not yet calculated CVE-2017-6186
MISC
MISC
BID
cisco — ios_ios_xe_software A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893. 2017-03-17 not yet calculated CVE-2017-3881
BID
CONFIRM
cisco — ios_ios_xe_software
 
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. Cisco Bug IDs: CSCvc42729. 2017-03-21 not yet calculated CVE-2017-3850
BID
CONFIRM
cisco — ios_ios_xe_software
 
A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability occurs during the parsing of a crafted DHCP packet. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that is configured as a DHCP client. A successful exploit could allow the attacker to cause a reload of an affected device, resulting in a DoS condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or IOS XE Software and using a specific DHCP client configuration. Cisco Bug IDs: CSCuu43892. 2017-03-22 not yet calculated CVE-2017-3864
BID
CONFIRM
cisco — ios_ios_xe_software
 
A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078. 2017-03-22 not yet calculated CVE-2017-3857
BID
CONFIRM
cisco — ios_ios_xe_software
 
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. Do not remove the whitelist as a workaround. Cisco Bug IDs: CSCvc42717. 2017-03-21 not yet calculated CVE-2017-3849
BID
CONFIRM
cisco — ios_xe_software
 
A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385. 2017-03-22 not yet calculated CVE-2017-3859
BID
CONFIRM
cisco — ios_xe_software
 
A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. Cisco Bug IDs: CSCup70353. 2017-03-22 not yet calculated CVE-2017-3856
BID
CONFIRM
cisco — ios_xe_software
 
A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of HTTP parameters supplied by the user. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected web page parameter. The user must be authenticated to access the affected parameter. A successful exploit could allow the attacker to execute commands with root privileges. This vulnerability affects Cisco devices running Cisco IOS XE Software Release 16.2.1, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration interface was introduced in the Denali 16.2 Release of Cisco IOS XE Software. The web-based administration interface in earlier releases of Cisco IOS XE Software is not affected by this vulnerability. Cisco Bug IDs: CSCuy83069. 2017-03-22 not yet calculated CVE-2017-3858
BID
CONFIRM
cisco — iox_software A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52317. 2017-03-22 not yet calculated CVE-2017-3852
BID
CONFIRM
cisco — iox_software
 
A Directory Traversal vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted requests to the CAF web interface. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52302. 2017-03-22 not yet calculated CVE-2017-3851
BID
CONFIRM
cisco — iox_software
 
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers: Cisco IR809 and Cisco IR829. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52330. 2017-03-22 not yet calculated CVE-2017-3853
BID
CONFIRM
cloudera — cloudera
 
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as demonstrated by yarn.keytab or ssl-server.xml in /var/run/cloudera-scm-agent/process. 2017-03-23 not yet calculated CVE-2015-2263
CONFIRM
cloudera — cloudera
 
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. 2017-03-23 not yet calculated CVE-2014-0229
CONFIRM
cloudera — cloudera
 
Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. 2017-03-23 not yet calculated CVE-2015-4166
CONFIRM
cloudera — cloudera
 
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs. 2017-03-23 not yet calculated CVE-2013-6446
CONFIRM
cloudera — cloudera
 
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). 2017-03-23 not yet calculated CVE-2015-4078
CONFIRM
cms_made_simple — cms_made_simple
 
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_title parameter. Someone must login to conduct the attack. 2017-03-24 not yet calculated CVE-2017-7255
MISC
cms_made_simple — cms_made_simple
 
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_summary parameter. Someone must login to conduct the attack. 2017-03-24 not yet calculated CVE-2017-7256
MISC
cms_made_simple — cms_made_simple
 
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 “Content–>News–>Add Article” feature via the m1_content parameter. Someone must login to conduct the attack. 2017-03-24 not yet calculated CVE-2017-7257
MISC
debian — ubuntu
 
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory. 2017-03-23 not yet calculated CVE-2016-9774
DEBIAN
DEBIAN
MLIST
MLIST
BID
UBUNTU
UBUNTU
CONFIRM
debian — ubuntu
 
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. 2017-03-23 not yet calculated CVE-2016-9775
DEBIAN
DEBIAN
MLIST
MLIST
BID
UBUNTU
UBUNTU
CONFIRM
disk_sorter — disk_sorter_enterprise
 
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request. 2017-03-22 not yet calculated CVE-2017-7230
EXPLOIT-DB
eclipse_iot — eclipse_iot
 
Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a “Change cipher spec” packet without pre-handshake. 2017-03-24 not yet calculated CVE-2017-7243
MISC
MISC
elfutils — elfutils
 
The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure. 2017-03-23 not yet calculated CVE-2016-10255
MLIST
MISC
CONFIRM
MLIST
elfutils — elfutils
 
The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure. 2017-03-23 not yet calculated CVE-2016-10254
MLIST
MISC
MLIST
emc — emc_recoverpoint
 
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system. 2017-03-21 not yet calculated CVE-2016-6650
CONFIRM
BID
eyesofnetwork — eyesofnetwork
 
EyesOfNetwork (“EON”) 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functions.php or the (4) module parameter to module/index.php. 2017-03-24 not yet calculated CVE-2017-6087
MLIST
CONFIRM
f5 — big-ip
 
An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 – 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system’s tm.tcpprogressive db variable value is set to non-default setting “enabled”. The default value for the tm.tcpprogressive db variable is “negotiate”. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. 2017-03-23 not yet calculated CVE-2016-7468
CONFIRM
firebird — firebird
 
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a ‘system’ entrypoint from fbudf.so. 2017-03-24 not yet calculated CVE-2017-6369
CONFIRM
firejail — firejail Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the –shell argument. 2017-03-23 not yet calculated CVE-2017-5207
MLIST
CONFIRM
CONFIRM
CONFIRM
GENTOO
firejail — firejail
 
Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the –allow-debuggers argument. 2017-03-23 not yet calculated CVE-2017-5206
MLIST
MISC
CONFIRM
CONFIRM
GENTOO
gazelle — gazelle
 
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (torrents, size) passed to the ‘Gazelle-master/sections/tools/managers/multiple_freeleech.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-23 not yet calculated CVE-2017-7247
CONFIRM
CONFIRM
gazelle — gazelle
 
Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the ‘Gazelle-master/sections/tools/data/ocelot_info.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-23 not yet calculated CVE-2017-7249
CONFIRM
CONFIRM
gazelle — gazelle
 
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the ‘Gazelle-master/sections/better/transcode.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-23 not yet calculated CVE-2017-7248
CONFIRM
CONFIRM
gazelle — gazelle
 
A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the ‘Gazelle-master/sections/tools/finances/bitcoin_balance.php’ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-23 not yet calculated CVE-2017-7250
CONFIRM
CONFIRM
gentoo — qemu
 
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. 2017-03-24 not yet calculated CVE-2015-8556
MISC
GENTOO
EXPLOIT-DB
gnutls — gnutls
 
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. 2017-03-24 not yet calculated CVE-2017-5334
SUSE
MLIST
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
GENTOO
gnutls — gnutls
 
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate. 2017-03-24 not yet calculated CVE-2017-5336
SUSE
MLIST
MLIST
BID
SECTRACK
MISC
CONFIRM
CONFIRM
GENTOO
gnutls — gnutls
 
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. 2017-03-24 not yet calculated CVE-2017-5337
SUSE
MLIST
MLIST
BID
SECTRACK
MISC
MISC
CONFIRM
CONFIRM
GENTOO
gnutls — gnutls
 
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate. 2017-03-24 not yet calculated CVE-2017-5335
SUSE
MLIST
MLIST
BID
SECTRACK
MISC
CONFIRM
CONFIRM
GENTOO
huawei — ar3200_routers
 
Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet. 2017-03-24 not yet calculated CVE-2016-6206
CONFIRM
BID
huawei — p8_smartphones
 
The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows remote attackers to cause a denial of service (crash) via a crafted application. 2017-03-24 not yet calculated CVE-2015-8678
CONFIRM
imagemagick — imagemagick
 
Multiple memory leaks in the caption and label handling code in ImageMagick allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. 2017-03-24 not yet calculated CVE-2016-10146
MLIST
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy. 2017-03-24 not yet calculated CVE-2016-10145
MLIST
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check. 2017-03-24 not yet calculated CVE-2016-10144
MLIST
MLIST
BID
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. 2017-03-24 not yet calculated CVE-2017-5509
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. 2017-03-24 not yet calculated CVE-2017-5506
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow. 2017-03-24 not yet calculated CVE-2017-5511
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file. 2017-03-24 not yet calculated CVE-2017-5508
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x before 7.0.4-4 allows remote attackers to cause a denial of service (memory consumption) via vectors involving a pixel cache. 2017-03-24 not yet calculated CVE-2017-5507
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick
 
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. 2017-03-24 not yet calculated CVE-2017-5510
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
jasper — jasper The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. 2017-03-23 not yet calculated CVE-2016-9393
MLIST
BID
MISC
CONFIRM
CONFIRM
jasper — jasper The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference). 2017-03-23 not yet calculated CVE-2016-8887
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
FEDORA
FEDORA
jasper — jasper The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. 2017-03-23 not yet calculated CVE-2016-9394
MLIST
BID
MISC
CONFIRM
CONFIRM
jasper — jasper
 
The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. 2017-03-23 not yet calculated CVE-2016-9397
MLIST
BID
MISC
CONFIRM
jasper — jasper
 
The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. 2017-03-23 not yet calculated CVE-2016-9398
SUSE
SUSE
MLIST
BID
MISC
CONFIRM
jasper — jasper
 
The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. 2017-03-23 not yet calculated CVE-2016-9399
MLIST
BID
MISC
CONFIRM
jasper — jasper
 
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file. 2017-03-23 not yet calculated CVE-2016-9557
MLIST
BID
MISC
CONFIRM
CONFIRM
jasper — jasper
 
Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure. 2017-03-23 not yet calculated CVE-2016-9387
MLIST
BID
MISC
CONFIRM
CONFIRM
jasper — jasper
 
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. 2017-03-23 not yet calculated CVE-2016-9388
MLIST
BID
MISC
CONFIRM
CONFIRM
jasper — jasper
 
The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure. 2017-03-23 not yet calculated CVE-2016-8886
MLIST
MLIST
BID
MISC
CONFIRM
FEDORA
FEDORA
jasper — jasper
 
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer. 2017-03-23 not yet calculated CVE-2016-9391
MLIST
BID
MISC
CONFIRM
CONFIRM
jasper — jasper
 
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file. 2017-03-23 not yet calculated CVE-2016-9390
MLIST
BID
MISC
CONFIRM
CONFIRM
jasper — jasper
 
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure). 2017-03-23 not yet calculated CVE-2016-9389
MLIST
BID
MISC
CONFIRM
CONFIRM
jasper — jasper
 
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. 2017-03-23 not yet calculated CVE-2016-9395
SUSE
SUSE
MLIST
BID
MISC
CONFIRM
CONFIRM
jasper — jasper
 
The JPC_NOMINALGAIN function in jpc_t1cod.c in JasPer before 1.900.12 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. 2017-03-23 not yet calculated CVE-2016-9396
MLIST
BID
MISC
CONFIRM
jasper — jasper
 
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file. 2017-03-23 not yet calculated CVE-2016-9392
MLIST
BID
MISC
CONFIRM
CONFIRM
jasper — jasper
 
Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities. 2017-03-23 not yet calculated CVE-2016-9262
MLIST
BID
MISC
CONFIRM
CONFIRM
joomla — kunena_extension
 
In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default.php, crypsis/layouts/message/item/top/default.php, crypsis/layouts/message/item/bottom/default.php, crypsisb3/layouts/message/item/default.php, crypsisb3/layouts/message/item/top/default.php, and crypsisb3/layouts/message/item/bottom/default.php. This is fixed in 5.0.5. 2017-03-22 not yet calculated CVE-2017-5673
MISC
konke — smart_plug_k
 
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain “equipment management authority” via TCP traffic to port 23. 2017-03-23 not yet calculated CVE-2014-7279
EXPLOIT-DB
libdwarf — libdwarf
 
The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). 2017-03-23 not yet calculated CVE-2016-9276
MLIST
BID
MISC
CONFIRM
CONFIRM
libdwarf — libdwarf
 
Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). 2017-03-23 not yet calculated CVE-2016-9275
MLIST
BID
MISC
CONFIRM
CONFIRM
libgit2 — libgit2 The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable. 2017-03-24 not yet calculated CVE-2016-10130
SUSE
SUSE
SUSE
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
libgit2 — libgit2 The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line. 2017-03-24 not yet calculated CVE-2016-10129
SUSE
SUSE
SUSE
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
libgit2 — libgit2
 
Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet. 2017-03-24 not yet calculated CVE-2016-10128
SUSE
SUSE
SUSE
MLIST
MLIST
CONFIRM
CONFIRM
CONFIRM
libming — libming
 
Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. 2017-03-23 not yet calculated CVE-2016-9264
MLIST
BID
MISC
libming — libming
 
listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. 2017-03-23 not yet calculated CVE-2016-9266
MLIST
BID
MISC
libming — libming
 
The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. 2017-03-23 not yet calculated CVE-2016-9265
MLIST
BID
MISC
libtiff — libtiff
 
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to “READ of size 1” and libtiff/tif_fax3.c:413:13. 2017-03-24 not yet calculated CVE-2016-10271
MISC
MISC
libtiff — libtiff
 
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to “READ of size 8” and libtiff/tif_read.c:523:22. 2017-03-24 not yet calculated CVE-2016-10270
MISC
MISC
libtiff — libtiff
 
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to “READ of size 512” and libtiff/tif_unix.c:340:2. 2017-03-24 not yet calculated CVE-2016-10269
MISC
MISC
libtiff — libtiff
 
tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to “READ of size 78490” and libtiff/tif_unix.c:115:23. 2017-03-24 not yet calculated CVE-2016-10268
MISC
MISC
libtiff — libtiff
 
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to “WRITE of size 2048” and libtiff/tif_next.c:64:9. 2017-03-24 not yet calculated CVE-2016-10272
MISC
MISC
libtiff — libtiff
 
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22. 2017-03-24 not yet calculated CVE-2016-10266
MISC
MISC
libtiff — libtiff
 
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8. 2017-03-24 not yet calculated CVE-2016-10267
MISC
MISC
libwmf — libwmf
 
The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure. 2017-03-23 not yet calculated CVE-2016-9011
MLIST
BID
MISC
CONFIRM
linux — linux_kernel
 
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device. 2017-03-24 not yet calculated CVE-2017-7261
MISC
MISC
MISC
linux — linux_kernel
 
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. 2017-03-23 not yet calculated CVE-2017-5897
MLIST
BID
SECTRACK
CONFIRM
linux — linux_kernel
 
The linux-image-* package 4.8.0.41.52 for the Linux kernel on Ubuntu 16.10 allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) via unspecified vectors, as demonstrated during a Pwn2Own competition at CanSecWest 2017. 2017-03-19 not yet calculated CVE-2017-7184
MISC
BID
MISC
MISC
mediawiki — mediawiki
 
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named “javascript:alert(‘XSS!’).” 2017-03-23 not yet calculated CVE-2015-8622
MLIST
MLIST
MLIST
CONFIRM
mediawiki — mediawiki
 
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623. 2017-03-23 not yet calculated CVE-2015-8624
MLIST
MLIST
MLIST
CONFIRM
mediawiki — mediawiki
 
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed. 2017-03-23 not yet calculated CVE-2015-8627
MLIST
MLIST
MLIST
CONFIRM
mediawiki — mediawiki
 
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. 2017-03-23 not yet calculated CVE-2015-8626
MLIST
MLIST
MLIST
CONFIRM
mediawiki — mediawiki
 
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters. 2017-03-23 not yet calculated CVE-2015-8625
MLIST
MLIST
MLIST
CONFIRM
mediawiki — mediawiki
 
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624. 2017-03-23 not yet calculated CVE-2015-8623
MLIST
MLIST
CONFIRM
MLIST
CONFIRM
mediawiki — mediawiki
 
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics. 2017-03-23 not yet calculated CVE-2015-8628
MLIST
MLIST
MLIST
CONFIRM
microsoft — skype
 
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker’s choosing that could execute arbitrary code without the user’s knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process. 2017-03-23 not yet calculated CVE-2017-6517
MISC
FULLDISC
BID
CONFIRM
MISC
MISC
miele_professional — pg_8528_pst10
 
An issue was discovered on Miele Professional PG 8528 PST10 devices. The corresponding embedded webserver “PST10 WebServer” typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. 2017-03-24 not yet calculated CVE-2017-7240
MISC
minissdpd — minissdpd
 
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling. 2017-03-24 not yet calculated CVE-2016-3179
MISC
MLIST
CONFIRM
CONFIRM
minissdpd — minissdpd
 
The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value. 2017-03-24 not yet calculated CVE-2016-3178
MISC
MLIST
CONFIRM
CONFIRM
netiq — idm_servicenow_driver
 
An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users. 2017-03-23 not yet calculated CVE-2016-1603
CONFIRM
netiq — novell_edirectory
 
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. 2017-03-23 not yet calculated CVE-2016-9167
CONFIRM
netiq — novell_edirectory
 
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. 2017-03-23 not yet calculated CVE-2016-5747
CONFIRM
netiq — novell_edirectory
 
A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by remote attackers for clickjacking. 2017-03-23 not yet calculated CVE-2016-9168
CONFIRM
nuxeo — nuxeo_platform
 
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header. 2017-03-24 not yet calculated CVE-2017-5869
MLIST
openstack — glance
 
An SSRF issue was discovered in OpenStack Glance before Newton. The ‘copy_from’ feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as ‘http://localhost:22’. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service. 2017-03-21 not yet calculated CVE-2017-7200
BID
CONFIRM
CONFIRM
CONFIRM
pacemaker — pacemaker
 
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. 2017-03-24 not yet calculated CVE-2016-7797
CONFIRM
SUSE
SUSE
SUSE
REDHAT
MLIST
BID
CONFIRM
pcre — pcre
 
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file. 2017-03-23 not yet calculated CVE-2017-7244
MISC
pcre — pcre
 
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. 2017-03-23 not yet calculated CVE-2017-7246
MISC
pcre — pcre
 
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. 2017-03-23 not yet calculated CVE-2017-7245
MISC
percona — percona_xtrabackup
 
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6394. 2017-03-23 not yet calculated CVE-2016-6225
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
CONFIRM
phpmemcachedadmin — phpmemcachedadmin
 
PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related “serialized data and the last part of the concatenated filename,” which creates a file in webroot. 2017-03-23 not yet calculated CVE-2014-8731
MISC
BUGTRAQ
BUGTRAQ
BID
XF
pitivi — pitivi
 
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. 2017-03-23 not yet calculated CVE-2015-0855
MLIST
CONFIRM
CONFIRM
plone — plone
 
Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method. 2017-03-23 not yet calculated CVE-2017-5524
MLIST
BID
CONFIRM
pngdefry — pngdefry
 
pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the ‘process()’ function of the ‘pngdefry.c’ source file. 2017-03-22 not yet calculated CVE-2017-7231
BID
MISC
pysaml2  — pysaml2 XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAMPL XML request or response. 2017-03-24 not yet calculated CVE-2016-10149
DEBIAN
MLIST
CONFIRM
CONFIRM
MISC
CONFIRM
qnap — qnap_qts
 
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file. 2017-03-23 not yet calculated CVE-2017-5227
BID
SECTRACK
MISC
CONFIRM
CONFIRM
qnap — qnap_qts
 
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors. 2017-03-23 not yet calculated CVE-2017-6359
SECTRACK
CONFIRM
CONFIRM
qnap — qnap_qts
 
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. 2017-03-23 not yet calculated CVE-2017-6361
SECTRACK
CONFIRM
qnap — qnap_qts
 
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors. 2017-03-23 not yet calculated CVE-2017-6360
SECTRACK
CONFIRM
CONFIRM
raspberry_pi — pi_engine
 
A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data (preview) passed to the “pi-develop/www/script/editor/markitup/preview/markdown.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-03-23 not yet calculated CVE-2017-7251
CONFIRM
samsung — multiple_devices
 
The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362. 2017-03-23 not yet calculated CVE-2017-5538
CONFIRM
MLIST
MLIST
BID
samsung — smart_tvs
 
The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack. 2017-03-23 not yet calculated CVE-2015-5729
MISC
MISC
FULLDISC
BID
SECTRACK
SECTRACK
sap_se — sap
 
SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. 2017-03-23 not yet calculated CVE-2017-6950
BID
MISC
slims_7 — slims_7_cendana
 
Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. 2017-03-23 not yet calculated CVE-2017-7242
MISC
solarwinds — lem
 
SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh. 2017-03-24 not yet calculated CVE-2017-5198
MISC
solarwinds — lem
 
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl. 2017-03-24 not yet calculated CVE-2017-5199
MISC
suse — suse_linux
 
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). 2017-03-23 not yet calculated CVE-2016-1602
CONFIRM
tenable — nessus
 
Nessus 6.6.2 – 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue. 2017-03-23 not yet calculated CVE-2017-7199
CONFIRM
trend_micro — security_products
 
Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a “DoubleAgent” attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. 2017-03-21 not yet calculated CVE-2017-5565
MISC
MISC
BID
uclibc-ng — uclibc-ng
 
The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet. 2017-03-24 not yet calculated CVE-2016-2225
CONFIRM
MLIST
MLIST
BID
CONFIRM
uclibc-ng — uclibc-ng
 
The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply. 2017-03-24 not yet calculated CVE-2016-2224
CONFIRM
MLIST
MLIST
BID
CONFIRM
usb_pratirodh — usb_pratirodh
 
USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack. 2017-03-23 not yet calculated CVE-2017-6911
MISC
FULLDISC
BUGTRAQ
BID
usb_pratirodh — usb_pratirodh
 
USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. 2017-03-23 not yet calculated CVE-2017-6895
MISC
FULLDISC
BID
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.