SB17-128: Vulnerability Summary for the Week of May 1, 2017

Original release date: May 08, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
iodata — wn-g300r3_firmware WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. 2017-04-28 9.0 CVE-2017-2141
JVN
MISC
iodata — wn-g300r3_firmware Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 10.0 CVE-2017-2142
JVN
MISC
ipa — appgoat Hands-on Vulnerability Learning Tool “AppGoat” for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. 2017-04-28 7.5 CVE-2017-2101
JVN
BID

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
booking_calendar_project — booking_calendar Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter. 2017-04-28 5.0 CVE-2017-2150
JVN
MISC
booking_calendar_project — booking_calendar Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2151
JVN
MISC
buffalo_inc — wnc01wh_firmware WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 5.2 CVE-2017-2152
JVN
cubecart — cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. 2017-04-28 4.0 CVE-2017-2090
JVN
BID
MISC
cubecart — cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. 2017-04-28 4.0 CVE-2017-2098
JVN
BID
MISC
cubecart — cubecart Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors. 2017-04-28 4.0 CVE-2017-2117
JVN
BID
MISC
cybozu — garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. 2017-04-28 4.0 CVE-2017-2091
JVN
BID
MISC
cybozu — garoon Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. 2017-04-28 4.3 CVE-2017-2093
JVN
BID
MISC
cybozu — garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the “MultiReport” function to alter or delete information via unspecified vectors. 2017-04-28 4.0 CVE-2017-2094
JVN
BID
MISC
cybozu — garoon Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. 2017-04-28 4.0 CVE-2017-2095
JVN
BID
MISC
cybozu — office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain “customapp” information via unspecified vectors. 2017-04-28 4.0 CVE-2017-2115
JVN
BID
MISC
cybozu — office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete “customapp” templates via unspecified vectors. 2017-04-28 4.0 CVE-2017-2116
JVN
BID
MISC
gaku — tablacus_explorer Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. 2017-04-28 6.8 CVE-2017-2140
JVN
MISC
i.con_corporation — hoozin_viewer Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage. 2017-04-28 6.8 CVE-2017-2155
JVN
MISC
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669. 2017-04-28 6.8 CVE-2017-1194
CONFIRM
BID
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8343
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8344
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8345
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8346
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8347
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8348
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8349
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8350
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8351
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8352
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8353
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8354
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8355
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8356
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. 2017-04-30 4.3 CVE-2017-8357
CONFIRM
information-technology_promotion_agency — introduction_to_safe_website_operation Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. 2017-04-28 6.8 CVE-2017-2128
JVN
BID
ipa — appgoat Hands-on Vulnerability Learning Tool “AppGoat” for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors. 2017-04-28 6.8 CVE-2017-2099
JVN
BID
ipa — appgoat Hands-on Vulnerability Learning Tool “AppGoat” for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors. 2017-04-28 6.8 CVE-2017-2100
JVN
BID
ipa — appgoat Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool “AppGoat” for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-04-28 6.8 CVE-2017-2102
JVN
BID
justsystems — hanako Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 6.8 CVE-2017-2154
JVN
MISC
libarchive — libarchive The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. 2017-04-30 4.3 CVE-2016-10349
MISC
libarchive — libarchive The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. 2017-04-30 4.3 CVE-2016-10350
MISC
libsndfile_project — libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. 2017-04-30 4.3 CVE-2017-8361
MISC
libsndfile_project — libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file. 2017-04-30 4.3 CVE-2017-8362
MISC
libsndfile_project — libsndfile The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. 2017-04-30 4.3 CVE-2017-8363
MISC
libsndfile_project — libsndfile The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file. 2017-04-30 4.3 CVE-2017-8365
MISC
netgear — prosafe_plus_configuration_utility ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. 2017-04-28 4.3 CVE-2017-2137
JVN
MISC
olive_design — olive_blog Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. 2017-04-28 4.3 CVE-2016-7839
JVN
BID
olive_design — olive_blog Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. 2017-04-28 4.3 CVE-2016-7840
JVN
BID
olive_design — olive_diary_dx Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. 2017-04-28 4.3 CVE-2016-7841
JVN
BID
onethird — onethird_cms Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven’s Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php. 2017-04-28 4.3 CVE-2017-2123
JVN
BID
MISC
onethird — onethird_cms Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven’s Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php. 2017-04-28 4.3 CVE-2017-2124
JVN
MISC
securebrain — phishwall_client_for_internet_explorer Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-04-28 6.8 CVE-2017-2130
JVN
MISC
BID
uchida_yoko_co._ltd — assetbase Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2134
JVN
BID
wbce — wbce_cms Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2118
JVN
BID
MISC
wbce — wbce_cms Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. 2017-04-28 5.0 CVE-2017-2119
JVN
BID
MISC
wbce — wbce_cms SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. 2017-04-28 6.0 CVE-2017-2120
JVN
BID
MISC
wp_statistics — wp_statistics Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2135
JVN
MISC
wp_statistics — wp_statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. 2017-04-28 4.3 CVE-2017-2136
JVN
BID
MISC
wp_statistics — wp_statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 4.3 CVE-2017-2147
JVN
BID
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cybozu — garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2092
JVN
BID
MISC
cybozu — office Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2114
JVN
BID
MISC
iodata — wn-ac1167gr_firmware Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2148
JVN
MISC
BID
yourownprogrammer — yop_poll Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 3.5 CVE-2017-2127
JVN
BID

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
21st_century_insurance — 21st_century_insurance_app
 
The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5919
MISC
360fly — 4k_cameras 360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program. 2017-05-01 not yet calculated CVE-2017-8403
MISC
7-zip32.dll — 7-zip32.dll
 
Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-04-28 not yet calculated CVE-2017-2107
MISC
JVN
BID
accellioin — accellion_fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding. 2017-05-05 not yet calculated CVE-2017-8760
MISC
accellion — fta_devices
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI. 2017-05-05 not yet calculated CVE-2017-8304
MISC
accellion — fta_devices
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter. 2017-05-05 not yet calculated CVE-2017-8303
MISC
accellion — fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector. 2017-05-05 not yet calculated CVE-2017-8791
MISC
accellion — fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter. 2017-05-05 not yet calculated CVE-2017-8795
MISC
accellion — fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter. 2017-05-05 not yet calculated CVE-2017-8792
MISC
accellion — fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year=’payload SQL injection vector exists. 2017-05-05 not yet calculated CVE-2017-8789
MISC
accellion — fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks. 2017-05-05 not yet calculated CVE-2017-8788
MISC
accellion — fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter. 2017-05-05 not yet calculated CVE-2017-8796
MISC
accellion — fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter “filter” can be used for LDAP Injection. 2017-05-05 not yet calculated CVE-2017-8790
MISC
accellion — fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern. 2017-05-05 not yet calculated CVE-2017-8794
MISC
accellion — fta
 
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy. 2017-05-05 not yet calculated CVE-2017-8793
MISC
access_cx_app — access_cx_app
 
The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-28 not yet calculated CVE-2017-2110
JVN
BID
advantech — b+b_smartworx_mesr901_firmware
 
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages. 2017-05-05 not yet calculated CVE-2017-7909
MISC
advantech — webaccess
 
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors. 2017-05-02 not yet calculated CVE-2016-5810
MISC
MISC
advantech — webaccess
 
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. 2017-05-05 not yet calculated CVE-2017-7929
MISC
allied_telesis — centrecom_ar260s_v2
 
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account. 2017-04-28 not yet calculated CVE-2017-2125
JVN
MISC
BID
america’s_first_federal_credit_union — mobile_banking_app
 
The America’s First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5916
MISC
apache — qpid_proton
 
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject’s Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. 2017-05-02 not yet calculated CVE-2016-4467
MLIST
BID
SECTRACK
atlassian — hipchat
 
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. 2017-05-05 not yet calculated CVE-2017-8080
BID
CONFIRM
CONFIRM
atlassian — hipchat
 
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. 2017-05-05 not yet calculated CVE-2017-8058
MISC
atlassian — sourcetree
 
Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to arbitrary OS command execution with a URL substring of sourcetree://cloneRepo/ext:: or sourcetree://checkoutRef/ext:: followed by the command. The Atlassian ID number is SRCTREE-4632. 2017-05-04 not yet calculated CVE-2017-8768
MISC
MISC
MISC
avahi — avahi
 
avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809. 2017-04-30 not yet calculated CVE-2017-6519
MISC
MISC
axis_communications — network_cameras
 
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. 2017-05-02 not yet calculated CVE-2015-8257
MISC
BID
EXPLOIT-DB
banco_de_costa_rica — bcr_movil_app
 
The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5918
MISC
banco_santander_mexico — sa_puermovil_app
 
The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5911
MISC
bmc — server_automation
 
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. 2017-05-02 not yet calculated CVE-2016-5063
BID
CONFIRM
bose — soundtouch_30
 
The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. 2017-04-30 not yet calculated CVE-2017-6520
MISC
brave — brave
 
Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. 2017-05-03 not yet calculated CVE-2017-8458
MISC
MISC
ca_technologies — CA-client_automation
 
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation. 2017-05-05 not yet calculated CVE-2017-8391
CONFIRM
certec_edv — atvise_scada
 
A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-6029
MISC
certec_edv — atvise_scada
 
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An “improper neutralization of HTTP headers for scripting syntax” issue has been identified, which may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-6031
MISC
cisco — cvr100w_wireless-n_VPN_router
 
A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this vulnerability by sending a connection to the management IP address or domain name of the targeted device. A successful exploit could allow the attacker to bypass the configured remote management ACL. This can occur when the Remote Management configuration parameter is set to Disabled. This vulnerability affects Cisco CVR100W Wireless-N VPN Routers running a firmware image prior to 1.0.1.24. Cisco Bug IDs: CSCvc14457. 2017-05-03 not yet calculated CVE-2017-6620
BID
CONFIRM
cisco — firepower
 
A “Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA with FirePOWER Module Denial of Service” vulnerability in the access control policy of Cisco Firepower System Software could allow an authenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper SSL policy handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. This vulnerability affects Cisco Firepower System Software that is configured with the SSL policy feature. Cisco Bug IDs: CSCvc84361. 2017-05-03 not yet calculated CVE-2017-6625
BID
CONFIRM
cisco — ios
 
A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939. 2017-05-03 not yet calculated CVE-2017-6624
BID
CONFIRM
cisco — unified_contact_center_enterprise
 
A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent’s state changes. Cisco Bug IDs: CSCvc08314. 2017-05-03 not yet calculated CVE-2017-6626
BID
CONFIRM
cisco — unity_connection
 
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118. 2017-05-03 not yet calculated CVE-2017-6629
BID
CONFIRM
cisco — wide_area_application_services
 
A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could stop functioning while the process restarts. The vulnerability is due to a Secure Sockets Layer/Transport Layer Security (SSL/TLS) alert being incorrectly handled when in a specific SSL/TLS connection state. An attacker could exploit this vulnerability by establishing a SMART-SSL connection through the targeted device. The attacker would then send a crafted stream of SSL/TLS traffic. An exploit could allow the attacker to cause a DoS condition where WAN optimization could stop processing traffic for a short period of time. Cisco Bug IDs: CSCvb71133. 2017-05-03 not yet calculated CVE-2017-6628
BID
CONFIRM
citrix — xenmobile_server
 
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. 2017-05-05 not yet calculated CVE-2016-6877
MISC
cloud_foundry — cloud_controller
 
The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. 2017-05-02 not yet calculated CVE-2016-5006
CONFIRM
CONFIRM
craft_cms — craft_cms
 
Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message. 2017-05-01 not yet calculated CVE-2017-8385
CONFIRM
CONFIRM
craft_cms — craft_cms
 
Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. 2017-05-01 not yet calculated CVE-2017-8383
CONFIRM
CONFIRM
craft_cms — craft_cms
 
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052. 2017-05-01 not yet calculated CVE-2017-8384
CONFIRM
CONFIRM
cybervision — kaa_iot_platform
 
A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution. 2017-05-05 not yet calculated CVE-2017-7911
MISC
cybozu — kunai
 
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. 2017-04-28 not yet calculated CVE-2017-2109
JVN
BID
MISC
cybozu — remote_service_manager
 
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. 2017-04-28 not yet calculated CVE-2016-7815
JVN
BID
MISC
dahua — multiple_devices
 
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. 2017-05-05 not yet calculated CVE-2017-7925
MISC
MISC
dahua — multiple_devices
 
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password. 2017-05-05 not yet calculated CVE-2017-7927
MISC
MISC
dollar_bank — dollar_bank_mobile_app
 
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5905
MISC
dot_it — banque_zitouna_app
 
The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5914
MISC
electronic_funds_source — mobile_driver_source_app
 
The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5909
MISC
emc — data_dominion
 
EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. 2017-05-04 not yet calculated CVE-2017-4983
CONFIRM
BID
emirates_nbd_bank — pjsc_emirates_nbd_ksa_app
 
The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5915
MISC
ether_software — multiple_products Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username. 2017-04-30 not yet calculated CVE-2017-8367
MISC
EXPLOIT-DB
ettercap_project — ettercap
 
The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter. 2017-04-30 not yet calculated CVE-2017-8366
MISC
everyday_health — diabetes_in_check_app
 
The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5906
MISC
f5 — multiple_products
 
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow. 2017-05-01 not yet calculated CVE-2017-6128
CONFIRM
forex.com — forextrader_app
 
The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5912
MISC
forex.com — tradeking_forex_app
 
The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5913
MISC
foxit_software — foxit_reader_phantompdf Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. 2017-05-03 not yet calculated CVE-2017-8454
MISC
MISC
foxit_software — foxit_reader_phantompdf
 
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. 2017-05-03 not yet calculated CVE-2017-8453
MISC
MISC
foxit_software — foxit_reader_phantompdf
 
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document. 2017-05-03 not yet calculated CVE-2017-8455
MISC
MISC
foxit_software — foxit_reader
 
Acceptance of invalid/self-signed TLS certificates in “Foxit PDF – PDF reader, editor, form, signature” before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. 2017-05-05 not yet calculated CVE-2017-8059
MISC
franklin_fueling_systems — ts-550_evo

 

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload. 2017-05-01 not yet calculated CVE-2017-6565
MISC
MISC
franklin_fueling_systems — ts-550_evo
 
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks. 2017-05-01 not yet calculated CVE-2017-6564
MISC
MISC
genixcms — genixcms
 
GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element. 2017-05-03 not yet calculated CVE-2017-8762
MISC
genixcms — genixcms
 
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. 2017-05-01 not yet calculated CVE-2017-8377
MISC
genixcms — genixcms
 
GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. 2017-05-01 not yet calculated CVE-2017-8376
MISC
genixcms — genixcms
 
GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element. 2017-05-04 not yet calculated CVE-2017-8780
MISC
genixcms — genixcms
 
GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request. 2017-05-01 not yet calculated CVE-2017-8388
MISC
getsimple — getsimple_cms
 
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce. 2017-04-30 not yet calculated CVE-2017-8081
CONFIRM
gitlab — gitlab
 
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document. 2017-05-04 not yet calculated CVE-2017-8778
CONFIRM
CONFIRM
gnu_binutils — gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 and an invalid write of size 1 during processing of a corrupt binary containing reloc(s) with negative addresses. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. 2017-05-01 not yet calculated CVE-2017-8397
CONFIRM
gnu_binutils — gnu_binutils
 
The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this. 2017-05-02 not yet calculated CVE-2017-8421
CONFIRM
gnu_binutils — gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn’t catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. 2017-05-01 not yet calculated CVE-2017-8396
CONFIRM
gnu_binutils — gnu_binutils
 
dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash. 2017-05-01 not yet calculated CVE-2017-8398
CONFIRM
gnu_binutils — gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 4 due to NULL pointer dereferencing of _bfd_elf_large_com_section. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. 2017-05-01 not yet calculated CVE-2017-8394
CONFIRM
gnu_binutils — gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid write of size 8 because of missing a malloc() return-value check to see if memory had actually been allocated in the _bfd_generic_get_section_contents function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy, to crash. 2017-05-01 not yet calculated CVE-2017-8395
CONFIRM
gnu_binutils — gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a global buffer over-read error because of an assumption made by code that runs for objcopy and strip, that SHT_REL/SHR_RELA sections are always named starting with a .rel/.rela prefix. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objcopy and strip, to crash. 2017-05-01 not yet calculated CVE-2017-8393
CONFIRM
gnu_binutils — gnu_binutils
 
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 8 because of missing a check to determine whether symbols are NULL in the _bfd_dwarf2_find_nearest_line function. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash. 2017-05-01 not yet calculated CVE-2017-8392
CONFIRM
gnulib — gnulib
 
Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. 2017-05-02 not yet calculated CVE-2017-7476
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
google — grpc
 
Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. 2017-04-30 not yet calculated CVE-2017-8359
BID
MISC
MISC
great_southern_bank — great_southern_mobile_banking_app
 
The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5907
MISC
hibara — attachecase
 
Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. 2017-04-28 not yet calculated CVE-2016-7842
JVN
BID
MISC
hibara — attachecase
 
Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file. 2017-04-28 not yet calculated CVE-2016-7843
JVN
MISC
BID
hikvision — ds-2cd2xx2f-i_ds-2cd2xx0f-i
 
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. 2017-05-05 not yet calculated CVE-2017-7921
MISC
MISC
hikvision — ds-2cd2xx2f-i_ds-2cd2xx0f-i
 
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information. 2017-05-05 not yet calculated CVE-2017-7923
MISC
MISC
ibm — bigfix_remote_control
 
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512. 2017-05-03 not yet calculated CVE-2016-2930
CONFIRM
BID
ibm — insights_foundation_for_energy
 
IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907. 2017-04-28 not yet calculated CVE-2017-1141
CONFIRM
BID
ibm — marketing_platform
 
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 110564. 2017-05-05 not yet calculated CVE-2016-0255
CONFIRM
ibm — maximo_asset_management
 
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. 2017-05-03 not yet calculated CVE-2016-9976
CONFIRM
BID
ibm — tealeaf_consumer_experience
 
The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356. 2017-05-03 not yet calculated CVE-2016-0382
CONFIRM
BID
ibm — tivoli_storage_manager
 
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472. 2017-05-05 not yet calculated CVE-2016-8916
CONFIRM
ibm — websphere_cast_iron_solutions
 
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515. 2017-05-05 not yet calculated CVE-2016-9691
CONFIRM
ibm — websphere_cast_iron_solutions
 
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516. 2017-05-05 not yet calculated CVE-2016-9692
CONFIRM
ibm — websphere_portal
 
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592 2017-05-05 not yet calculated CVE-2017-1156
CONFIRM
imagemagick — imagemagick
 
The function named ReadICONImage in codersicon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. 2017-05-04 not yet calculated CVE-2017-8765
CONFIRM
intel — intel_manageability_programs
 
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). 2017-05-02 not yet calculated CVE-2017-5689
BID
CONFIRM
CONFIRM
MISC
MISC
MISC
iodata — webcam_firmware
 
Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 not yet calculated CVE-2017-2113
JVN
MISC
BID
iodata — webcam_firmware
 
HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. 2017-04-28 not yet calculated CVE-2017-2111
JVN
MISC
BID
iodata — webcam_firmware
 
TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 not yet calculated CVE-2017-2112
JVN
MISC
BID
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file. 2017-04-30 not yet calculated CVE-2017-7721
CONFIRM
MISC
irods — irods
 
Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved via igetwild. Because igetwild is a Bash script, the part of the pathname following the semicolon would be executed in the user’s shell. 2017-05-05 not yet calculated CVE-2017-8799
CONFIRM
k-opticom — business_lala_call_app
 
The Business LaLa Call App for Android 1.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-28 not yet calculated CVE-2017-2104
JVN
BID
k-opticom — lala_call_app
 
The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-28 not yet calculated CVE-2017-2103
JVN
BID
kerio — connect
 
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. 2017-05-02 not yet calculated CVE-2017-7440
MISC
kmcis — caseaware
 
An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., “usr”) that is transmitted in the login.php query string. 2017-05-01 not yet calculated CVE-2017-5631
MISC
lame — lame
 
LAME through 3.99.5 relies on the signed integer data type for values in a WAV or AIFF header, which allows remote attackers to cause a denial of service (stack-based buffer overflow or heap-based buffer overflow) or possibly have unspecified other impact via a crafted file, as demonstrated by mishandling of num_channels. 2017-05-02 not yet calculated CVE-2017-8419
MISC
libreoffice — libreoffice
 
LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. 2017-04-30 not yet calculated CVE-2017-8358
MISC
MISC
libtirpc_ntirpc — libtirpc_ntirpc
 
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. 2017-05-04 not yet calculated CVE-2017-8779
MISC
MISC
MISC
MISC
linux — linux_kernel
 
The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. 2017-05-02 not yet calculated CVE-2014-9940
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. 2017-05-02 not yet calculated CVE-2015-9004
CONFIRM
BID
CONFIRM
CONFIRM
linux — linux_kernel
 
The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. 2017-04-28 not yet calculated CVE-2017-7895
BID
CONFIRM
CONFIRM
linuxcontainers — lxc
 
lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host’s /proc, to access the rest of the host’s filesystem via the openat() family of syscalls. 2017-05-01 not yet calculated CVE-2016-8649
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
netiq — imanager
 
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat. 2017-05-03 not yet calculated CVE-2017-7428
CONFIRM
CONFIRM
CONFIRM
novell — imanager
 
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management. 2017-05-03 not yet calculated CVE-2017-7431
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
novell — imanager
 
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. 2017-05-03 not yet calculated CVE-2017-7430
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
novell — imanager
 
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability. 2017-05-03 not yet calculated CVE-2017-7432
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
nvidia — video_driver
 
An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331. 2017-05-02 not yet calculated CVE-2017-0331
CONFIRM
openssl — openssl
 
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. 2017-05-04 not yet calculated CVE-2016-7053
BID
CONFIRM
openssl — openssl
 
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem. 2017-05-04 not yet calculated CVE-2017-3732
BID
CONFIRM
openssl — openssl
 
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker’s direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. 2017-05-04 not yet calculated CVE-2016-7055
BID
CONFIRM
openssl — openssl
 
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. 2017-05-04 not yet calculated CVE-2017-3731
BID
CONFIRM
openssl — openssl
 
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected. 2017-05-04 not yet calculated CVE-2017-3733
BID
CONFIRM
openssl — openssl
 
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. 2017-05-04 not yet calculated CVE-2017-3730
BID
CONFIRM
openssl — openssl
 
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. 2017-05-04 not yet calculated CVE-2016-7054
BID
CONFIRM
opsview — monitor_pro
 
In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple URL encoding bypass, %252f instead of /. 2017-05-03 not yet calculated CVE-2016-10367
MISC
opsview — monitor_pro
 
Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the /login URI. 2017-05-03 not yet calculated CVE-2016-10368
MISC
palo_alto_networks — pan-os
 
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to obtain sensitive information via unspecified request parameters. 2017-05-02 not yet calculated CVE-2017-7216
BID
CONFIRM
panda_security — panda_mobile_security_app
 
Acceptance of invalid/self-signed TLS certificates in “Panda Mobile Security” 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. 2017-05-05 not yet calculated CVE-2017-8060
MISC
payquicker — payquicker_app
 
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5902
MISC
pcre2 — pcre2
 
pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. 2017-05-04 not yet calculated CVE-2017-8786
MISC
MISC
MISC
MISC
pcre2 — pcre2
 
PCRE2 before 2017-03-10 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a “pattern with very many captures.” 2017-05-01 not yet calculated CVE-2017-8399
MISC
MISC
pexip — infinity
 
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes. 2017-05-02 not yet calculated CVE-2017-6551
BID
CONFIRM
podofo — podofo
 
Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size. 2017-04-30 not yet calculated CVE-2017-8378
MISC
podofo — podpfo
 
The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file. 2017-05-05 not yet calculated CVE-2017-8787
MISC
primedrive — desktop_application
 
Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-04-28 not yet calculated CVE-2017-2108
JVN
BID
MISC
proxmox — mail_gateway
 
Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. 2017-05-03 not yet calculated CVE-2015-9058
MISC
proxmox — mail_gateway
 
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. 2017-05-03 not yet calculated CVE-2015-9057
MISC
qemu — qemu
 
Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (memory consumption) via vectors involving the orig_value variable. 2017-05-02 not yet calculated CVE-2017-8086
CONFIRM
MLIST
BID
CONFIRM
MLIST
qemu — qemu
 
hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. 2017-05-02 not yet calculated CVE-2017-8112
MLIST
BID
CONFIRM
MLIST
quick_heal — multiple_products Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. 2017-05-04 not yet calculated CVE-2017-8774
MISC
quick_heal — multiple_products
 
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file. 2017-05-04 not yet calculated CVE-2017-8775
MISC
quick_heal — multiple_products
 
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation. 2017-05-04 not yet calculated CVE-2017-8773
MISC
quick_heal — multiple_products
 
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product. 2017-05-04 not yet calculated CVE-2017-8776
MISC
radicale — radicale
 
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. 2017-04-30 not yet calculated CVE-2017-8342
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rapid7 — appspider_pro
 
Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. 2017-05-03 not yet calculated CVE-2017-5236
CONFIRM
rapid7 — appspider_pro
 
Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash. 2017-05-03 not yet calculated CVE-2017-5240
CONFIRM
rockwell_automation — controllogix_5580_controllers
 
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller. 2017-05-05 not yet calculated CVE-2017-6024
MISC
rubocop — rubocop RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users. 2017-05-02 not yet calculated CVE-2017-8418
MISC
MISC
ruby — ruby
 
The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks. 2017-05-02 not yet calculated CVE-2016-4442
MLIST
CONFIRM
CONFIRM
rxvt — rxvt
 
Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read. 2017-05-02 not yet calculated CVE-2017-7483
MLIST
MLIST
rzip — rzip_2.1
 
The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive. 2017-04-30 not yet calculated CVE-2017-8364
MISC
sandisk — sdhc/sdxc_memory_card
 
Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-04-28 not yet calculated CVE-2017-2149
JVN
BID
MISC
schneider_electric — struxureware_data_center_expert
 
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors. 2017-04-30 not yet calculated CVE-2017-8371
MISC
MISC
smalruby-editor — smalruby-editor
 
smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-04-28 not yet calculated CVE-2017-2096
JVN
MISC
BID
softonic — panda_free_antivirus
 
PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \.PSMEMDriver. 2017-04-30 not yet calculated CVE-2017-8339
MISC
space_coast_credit_union — space_coast_credit_union_mobile_app
 
The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-3212
MISC
BID
MISC
state_bank_of_india — state_bank_anywhere_app
 
The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-5901
MISC
support-project — knowledge
 
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-04-28 not yet calculated CVE-2017-2097
JVN
BID
swftools — swftools
 
In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS. 2017-05-01 not yet calculated CVE-2017-8401
CONFIRM
swftools — swftools
 
In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution. 2017-05-01 not yet calculated CVE-2017-8400
CONFIRM
telaxus — epesi
 
Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter. 2017-05-04 not yet calculated CVE-2017-8763
MISC
telegram — telegram_desktop
 
Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations. 2017-04-30 not yet calculated CVE-2016-10351
MISC
tex_live — tex_live
 
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file. 2017-05-02 not yet calculated CVE-2016-10243
DEBIAN
MLIST
BID
FEDORA
FEDORA
MISC
CONFIRM
think_mutual_bank — think_mutual_bank_mobile_banking_app
 
The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-05-05 not yet calculated CVE-2017-3213
MISC
BID
MISC
trend_micro — officescan
 
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation. 2017-05-03 not yet calculated CVE-2017-5481
BID
CONFIRM
trend_micro — officescan
 
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. 2017-05-05 not yet calculated CVE-2017-8801
CONFIRM
CONFIRM
tver — tver_app
 
The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-04-28 not yet calculated CVE-2017-2105
JVN
BID
underbit — mad
 
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file. 2017-04-30 not yet calculated CVE-2017-8372
MISC
underbit — mad
 
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. 2017-04-30 not yet calculated CVE-2017-8373
MISC
underbit — mad
 
The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. 2017-04-30 not yet calculated CVE-2017-8374
MISC
vaultive — o365
 
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from ‘Content-Type: multipart/encrypted; protocol=”application/pgp-encrypted”; boundary=”abc123abc123″‘ to ‘Content-Type: text/plain’ – this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure). 2017-05-03 not yet calculated CVE-2017-7229
MISC
vivaldi_software — vivaldi
 
Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. 2017-04-28 not yet calculated CVE-2017-2156
BID
JVN
MISC
webmin — webmin
 
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-04-28 not yet calculated CVE-2017-2106
JVN
BID
MISC
wordpress — wordpress
 
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim’s e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message. 2017-05-04 not yet calculated CVE-2017-8295
BID
MISC
EXPLOIT-DB
xen_project — xen
 
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. 2017-05-03 not yet calculated CVE-2017-7995
CONFIRM
CONFIRM
xirrus — arrayos
 
SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2017-05-05 not yet calculated CVE-2017-6557
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.