SB17-135: Vulnerability Summary for the Week of May 8, 2017

Original release date: May 15, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ibm — websphere_cast_iron_solutionIBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 119515.2017-05-059.0CVE-2016-9691
CONFIRM
BID
ibm — websphere_cast_iron_solutionIBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 119516.2017-05-057.8CVE-2016-9692
CONFIRM
BID

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
genixcms — genixcmsforgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.2017-05-086.4CVE-2017-8827
MISC
ibm — marketing_platformIBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 110564.2017-05-054.3CVE-2016-0255
CONFIRM
BID
imagemagick — imagemagickIn ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.2017-05-084.3CVE-2017-8830
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe — experience_manager_forms
 
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.2017-05-09not yet calculatedCVE-2017-3067
BID
CONFIRM
adobe — flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3070
BID
CONFIRM
adobe — flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3069
BID
CONFIRM
adobe — flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3072
BID
CONFIRM
adobe — flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3071
BID
CONFIRM
adobe — flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3074
BID
CONFIRM
adobe — flash_playerAdobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3073
BID
CONFIRM
adobe — flash_player
 
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.2017-05-09not yet calculatedCVE-2017-3068
BID
CONFIRM
adodb — adodb
 
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4855
JVN
CONFIRM
advantech — b+b_smartworx_mesr901A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages.2017-05-05not yet calculatedCVE-2017-7909
BID
MISC
advantech — webaccess
 
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.2017-05-05not yet calculatedCVE-2017-7929
BID
MISC
allendisk — id_parameter
 
Allen Disk 1.6 has XSS in the id parameter to downfile.php.2017-05-08not yet calculatedCVE-2017-8832
CONFIRM
allendisk — setpass.php
 
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.2017-05-08not yet calculatedCVE-2017-8848
MISC
ambari — ambari
 
In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.2017-05-12not yet calculatedCVE-2017-5654
CONFIRM
CONFIRM
artifexghostscript — mark_line_tr
 
The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.2017-05-12not yet calculatedCVE-2017-8908
MISC
asus_rt-ac_rt-n — firmwareASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map.2017-05-10not yet calculatedCVE-2017-5892
MISC
MISC
asus_rt-ac_rt-n — firmware
 
ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF.2017-05-10not yet calculatedCVE-2017-5891
MISC
MISC
asus_rt-ac_rt-n — asus_rt_ac_rt_nASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.2017-05-10not yet calculatedCVE-2017-8878
MISC
asus_rt-ac_rt-n — asus_rt_ac_rt_n
 
ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID.2017-05-10not yet calculatedCVE-2017-8877
MISC
atlassian — hipchat
 
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.2017-05-05not yet calculatedCVE-2017-8058
BID
MISC
basercms — basercms
 
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4878
CONFIRM
JVN
basercms — basercms
 
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4882
CONFIRM
JVN
basercms — basercms
 
Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4883
CONFIRM
JVN
basercms — plugin_blog
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4884
CONFIRM
JVN
basercms — plugin_blog
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4881
CONFIRM
JVN
basercms — plugin_blog
 
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4880
CONFIRM
JVN
basercms — plugin_feed
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4885
CONFIRM
JVN
basercms — plugin_mail
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4879
CONFIRM
JVN
basercms — plugin_mail
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4886
CONFIRM
JVN
basercms — plugin_mail
 
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4877
CONFIRM
JVN
basercms — plugin_uploader
 
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4887
CONFIRM
JVN
basercms — basercms
 
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4876
MISC
JVN
blackberry — management_console
 
A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.2017-05-10not yet calculatedCVE-2017-3894
CONFIRM
blf_tech_llc — visualview_hmi
 
An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.2017-05-08not yet calculatedCVE-2017-6051
BID
MISC
brocadefibrechannelsan — os_(fos)
 
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.2017-05-08not yet calculatedCVE-2016-8202
BID
CONFIRM
CONFIRM
brocadenetiron — brocade_netiron
 
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.2017-05-08not yet calculatedCVE-2016-8209
CONFIRM
caclientautomation — os_installation_management_component
 
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.2017-05-05not yet calculatedCVE-2017-8391
BID
CONFIRM
certec — edv_gmbh_atvise_scadaA Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An “improper neutralization of HTTP headers for scripting syntax” issue has been identified, which may allow remote code execution.2017-05-05not yet calculatedCVE-2017-6031
BID
MISC
certec — edv_gmbh_atvise_scada
 
A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. This may allow remote code execution.2017-05-05not yet calculatedCVE-2017-6029
BID
MISC
citrix — xenmobile_server
 
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page.2017-05-05not yet calculatedCVE-2016-6877
BID
MISC
cmsmadesimple —  admin_editusertag_php
 
** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is “a feature, not a bug.”2017-05-12not yet calculatedCVE-2017-8912
MISC
conexantsystems — mictray64task
 
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:UsersPublicMicTray.log by any process.2017-05-12not yet calculatedCVE-2017-8360
MISC
MISC
cybervision — kaa_iot_platformA Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution.2017-05-05not yet calculatedCVE-2017-7911
BID
MISC
dahua — configuration_file
 
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.2017-05-05not yet calculatedCVE-2017-7925
MISC
BID
MISC
dahua — dh_ipcA Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The use of password hash instead of password for authentication vulnerability was identified, which could allow a malicious user to bypass authentication without obtaining the actual password.2017-05-05not yet calculatedCVE-2017-7927
MISC
BID
MISC
dolibarr — erp_crm
 
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.2017-05-10not yet calculatedCVE-2017-8879
MISC
dolibarr — erp_crmDolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.2017-05-10not yet calculatedCVE-2017-7888
MISC
dolibarr — erp_crmDolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.2017-05-10not yet calculatedCVE-2017-7887
MISC
dolibarr — erp_crm
 
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.2017-05-10not yet calculatedCVE-2017-7886
MISC
dropboxlepton — dos_lepton_file
 
Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a malformed lepton file because the code does not ensure setup of a correct number of threads.2017-05-10not yet calculatedCVE-2017-8891
MISC
MISC
MISC
emc — mainframe_enablers_resourcepak_base
 
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-05-08not yet calculatedCVE-2017-4982
CONFIRM
BID
f5 — big_ip 
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations.2017-05-09not yet calculatedCVE-2017-6137
CONFIRM
f5 — big_ipIn F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.2017-05-09not yet calculatedCVE-2016-9253
CONFIRM
f5 — big_ipIn F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.2017-05-09not yet calculatedCVE-2016-9251
CONFIRM
f5 — big_ipIn F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.2017-05-09not yet calculatedCVE-2016-9257
CONFIRM
f5 — big_ipIn F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user’s next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.2017-05-09not yet calculatedCVE-2016-9256
BID
CONFIRM
f5 — big_ip_apm
 
In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated user with an established access session to the BIG-IP APM system may be able to cause a traffic disruption if the length of the requested URL is less than 16 characters.2017-05-09not yet calculatedCVE-2017-0302
CONFIRM
f5 — big_ip
 
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.2017-05-10not yet calculatedCVE-2016-9250
CONFIRM
fiyocms — dapur_apps_app_config_controller_backuper_php
 
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.2017-05-09not yet calculatedCVE-2017-8853
MISC
flatcore — acp_core_files_browser_php
 
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.2017-05-10not yet calculatedCVE-2017-8868
CONFIRM
flightgear — fgcommand_interface
 
In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx – this one exists because of an incomplete fix for CVE-2016-9956.2017-05-12not yet calculatedCVE-2017-8921
CONFIRM
gemalto — smartdiag_diagnosisGemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long “Register a new card” input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.2017-05-08not yet calculatedCVE-2017-6953
EXPLOIT-DB
gnu — c_library
 
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.2017-05-07not yet calculatedCVE-2017-8804
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
goodix — touchscreen_driverAn elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32749036. References: QC-CR#1098602.2017-05-12not yet calculatedCVE-2017-0622
CONFIRM
google — androidAn information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682.2017-05-12not yet calculatedCVE-2017-0634
CONFIRM
google — androidA remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107.2017-05-12not yet calculatedCVE-2017-0635
CONFIRM
CONFIRM
google — androidAn information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34230377. References: QC-CR#1086833.2017-05-12not yet calculatedCVE-2017-0628
CONFIRM
google — androidAn information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399756. References: QC-CR#1093232.2017-05-12not yet calculatedCVE-2017-0631
CONFIRM
google — androidAn information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35214296. References: QC-CR#1086833.2017-05-12not yet calculatedCVE-2017-0629
CONFIRM
google — androidAn information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.2017-05-12not yet calculatedCVE-2017-0630
CONFIRM
google — androidAn information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious component to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-36000515. References: B-RB#117131.2017-05-12not yet calculatedCVE-2017-0633
CONFIRM
google — android
 
An information disclosure vulnerability in the kernel UVC driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33300353.2017-05-12not yet calculatedCVE-2017-0627
CONFIRM
google — android
 
The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application.2017-05-12not yet calculatedCVE-2016-4839
CONFIRM
MISC
JVN
google — android
 
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.2017-05-09not yet calculatedCVE-2016-6799
BID
MLIST
google — android
 
The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application.2017-05-12not yet calculatedCVE-2016-4838
CONFIRM
MISC
JVN
google — androidAn elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.2017-05-12not yet calculatedCVE-2017-0604
CONFIRM
google — androidAirwatch Inbox for Android contains a vulnerability that may allow a rooted device to decrypt the local data used by the application. Successful exploitation of this issue may result in an unauthorized disclosure of confidential data.2017-05-10not yet calculatedCVE-2017-4896
BID
CONFIRM
google — androidIn function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used.2017-05-12not yet calculatedCVE-2017-8246
CONFIRM
google — androidAn elevation of privilege vulnerability in the kernel trace subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399704. References: QC-CR#1048480.2017-05-12not yet calculatedCVE-2017-0605
CONFIRM
google — androidAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928.2017-05-12not yet calculatedCVE-2017-0607
CONFIRM
google — androidA denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35763994.2017-05-12not yet calculatedCVE-2017-0603
CONFIRM
CONFIRM
google — androidA remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635.2017-05-12not yet calculatedCVE-2017-0600
CONFIRM
CONFIRM
google — androidIn all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs.2017-05-12not yet calculatedCVE-2017-8245
CONFIRM
google — androidA remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748.2017-05-12not yet calculatedCVE-2017-0599
CONFIRM
CONFIRM
google — androidAn information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677.2017-05-12not yet calculatedCVE-2017-0598
CONFIRM
google — androidAn information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955.2017-05-12not yet calculatedCVE-2017-0602
CONFIRM
google — androidAn Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35258579.2017-05-12not yet calculatedCVE-2017-0601
CONFIRM
google — androidAn elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444.2017-05-12not yet calculatedCVE-2017-0594
CONFIRM
CONFIRM
google — androidAn elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392.2017-05-12not yet calculatedCVE-2017-0596
CONFIRM
CONFIRM
google — androidAn elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34705519.2017-05-12not yet calculatedCVE-2017-0595
CONFIRM
CONFIRM
google — androidA remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672.2017-05-12not yet calculatedCVE-2017-0591
CONFIRM
CONFIRM
google — androidAn elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114230.2017-05-12not yet calculatedCVE-2017-0593
CONFIRM
google — androidA remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34618607.2017-05-12not yet calculatedCVE-2017-0588
CONFIRM
CONFIRM
google — androidA remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34970788.2017-05-12not yet calculatedCVE-2017-0592
CONFIRM
CONFIRM
google — androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35039946.2017-05-12not yet calculatedCVE-2017-0590
CONFIRM
CONFIRM
google — androidAn elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571.2017-05-12not yet calculatedCVE-2017-0597
CONFIRM
google — androidA remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34897036.2017-05-12not yet calculatedCVE-2017-0589
CONFIRM
CONFIRM
google — androidA remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35219737.2017-05-12not yet calculatedCVE-2017-0587
CONFIRM
CONFIRM
google — android
 
Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data.2017-05-10not yet calculatedCVE-2017-4895
BID
CONFIRM
google — android
 
In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable “dbg_buf”, “dbg_buf->curr” and “dbg_buf->filled_size” could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. “buffer->curr” itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write).2017-05-12not yet calculatedCVE-2017-8244
CONFIRM
google — android
 
An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.2017-05-12not yet calculatedCVE-2017-0493
CONFIRM
h2o — h2o
 
H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy.2017-05-12not yet calculatedCVE-2016-4864
CONFIRM
JVN
hikvision — ds-2cd2xx2f_iA Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.2017-05-05not yet calculatedCVE-2017-7923
MISC
BID
MISC
hikvision — ds-2cd2xx2f_i
 
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.2017-05-05not yet calculatedCVE-2017-7921
MISC
BID
MISC
htc– bootloader
 
An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32512358.2017-05-12not yet calculatedCVE-2017-0623
CONFIRM
ibmtivolistoragemanager — ibm_tivoli_storage_manager
 
IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472.2017-05-05not yet calculatedCVE-2016-8916
CONFIRM
BID
ibm — cognos_analytics
 
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516.2017-05-10not yet calculatedCVE-2016-3032
CONFIRM
ibm — interact
 
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 115084.2017-05-10not yet calculatedCVE-2016-5888
CONFIRM
ibm — interact
 
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085.2017-05-10not yet calculatedCVE-2016-5889
CONFIRM
ibm — rational_quality_manager
 
IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116896.2017-05-10not yet calculatedCVE-2016-6035
CONFIRM
ibm — rational_team_concert
 
IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 116918.2017-05-10not yet calculatedCVE-2016-6037
CONFIRM
ibm — team_concert
 
IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 120665.2017-05-10not yet calculatedCVE-2017-1103
CONFIRM
ibm — websphere_application_server
 
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.2017-05-10not yet calculatedCVE-2017-1137
CONFIRM
ibm — websphere_portalIBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 1225922017-05-05not yet calculatedCVE-2017-1156
CONFIRM
BID
installer — primedrive_desktop_application
 
Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.2017-05-12not yet calculatedCVE-2017-2167
MISC
JVN
invisionpowerservices — community_suiteInvision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.2017-05-11not yet calculatedCVE-2017-8899
MISC
MISC
MISC
invisionpowerservices — community_suiteInvision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin. An attack uses the announce_content parameter in an index.php?/modcp/announcements/&action=create request. This is related to the “<> Source” option.2017-05-11not yet calculatedCVE-2017-8898
MISC
MISC
MISC
invisionpowerservices — community_suite
 
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a malicious announcement affecting any Invision Power Board user who views the announcement.2017-05-11not yet calculatedCVE-2017-8897
MISC
MISC
MISC
keycloak — node_js_adapter
 
It was found that the Keycloak Node.js adapter 2.5 – 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.2017-05-12not yet calculatedCVE-2017-7474
CONFIRM
libetpan — mime_handling_component
 
A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.2017-05-08not yet calculatedCVE-2017-8825
CONFIRM
CONFIRM
CONFIRM
libtiff — tiffwritedirectorytagcheckedrational
 
The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.2017-05-10not yet calculatedCVE-2016-10371
CONFIRM
CONFIRM
libxml2 — html_parser_c
 
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.2017-05-10not yet calculatedCVE-2017-8872
MISC
libzpaq — bufread::get()_function
 
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.2017-05-08not yet calculatedCVE-2017-8842
MISC
MISC
libzpaq — bufread::get()_function
 
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.2017-05-08not yet calculatedCVE-2017-8847
MISC
MISC
libzpaq — join_pthread_functionThe join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.2017-05-08not yet calculatedCVE-2017-8843
MISC
MISC
libzrip — read_1g
 
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.2017-05-08not yet calculatedCVE-2017-8844
MISC
MISC
lintian — lintian
 
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.2017-05-08not yet calculatedCVE-2017-8829
CONFIRM
linux — kernelThe omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.2017-05-12not yet calculatedCVE-2017-8925
CONFIRM
CONFIRM
CONFIRM
linux — kernel
 
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.2017-05-11not yet calculatedCVE-2017-7472
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — kernel
 
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.2017-05-10not yet calculatedCVE-2017-8890
CONFIRM
CONFIRM
linux — kernel
 
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.2017-05-12not yet calculatedCVE-2017-8924
CONFIRM
CONFIRM
CONFIRM
lzolx_d_ch — lzolx_decompress
 
The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.2017-05-08not yet calculatedCVE-2017-8845
MISC
MISC
mautic — mautic
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.2017-05-10not yet calculatedCVE-2017-8874
MISC
mediatek — camera_driver
 
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35399703. References: QC-CR#831322.2017-05-12not yet calculatedCVE-2017-0621
CONFIRM
mediatek — command_queue_driverAn elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536.2017-05-12not yet calculatedCVE-2017-0618
CONFIRM
mediatek — pin_controller_driverAn elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566.2017-05-12not yet calculatedCVE-2017-0619
CONFIRM
mediatek — power_driverAn elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278.2017-05-12not yet calculatedCVE-2017-0615
CONFIRM
mediatek — system_managementAn elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160.2017-05-12not yet calculatedCVE-2017-0616
CONFIRM
mediatek — video_driverAn elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173.2017-05-12not yet calculatedCVE-2017-0617
CONFIRM
mediatek — command_queue_driver
 
An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531.2017-05-12not yet calculatedCVE-2017-0625
CONFIRM
mediatek — thermal_driver
 
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445.2017-05-12not yet calculatedCVE-2016-10280
CONFIRM
mediatek — thermal_driver
 
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475.2017-05-12not yet calculatedCVE-2016-10281
CONFIRM
mediatek — thermal_driver
 
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189.2017-05-12not yet calculatedCVE-2016-10282
CONFIRM
mediatek — touchscreen
 
An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901.2017-05-12not yet calculatedCVE-2016-10274
CONFIRM
microsoft — .net_framework
 
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka “.NET Security Feature Bypass Vulnerability.”2017-05-12not yet calculatedCVE-2017-0248
CONFIRM
microsoft — activex
 
An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka “Microsoft ActiveX Information Disclosure Vulnerability.”2017-05-12not yet calculatedCVE-2017-0242
CONFIRM
microsoft — asp_netA denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests.2017-05-12not yet calculatedCVE-2017-0247
MISC
microsoft — asp_net
 
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.2017-05-12not yet calculatedCVE-2017-0256
MISC
microsoft — asp_net
 
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.2017-05-12not yet calculatedCVE-2017-0249
MISC
microsoft — browsers
 
A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka “Microsoft Browser Spoofing Vulnerability.”2017-05-12not yet calculatedCVE-2017-0231
CONFIRM
microsoft — edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0235
CONFIRM
microsoft — edge
 
A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240.2017-05-12not yet calculatedCVE-2017-0221
CONFIRM
microsoft — edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0234
CONFIRM
microsoft — edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0236
CONFIRM
microsoft — edge
 
An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka “Microsoft Edge Elevation of Privilege Vulnerability.” This CVE ID is unique from CVE-2017-0233.2017-05-12not yet calculatedCVE-2017-0241
CONFIRM
microsoft — edge
 
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka “Microsoft Edge Elevation of Privilege Vulnerability.” This CVE ID is unique from CVE-2017-0241.2017-05-12not yet calculatedCVE-2017-0233
CONFIRM
microsoft — edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0230
CONFIRM
microsoft — edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0229
CONFIRM
microsoft — edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka “Microsoft Edge Remote Code Execution Vulnerability.”2017-05-12not yet calculatedCVE-2017-0266
CONFIRM
microsoft — edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227.2017-05-12not yet calculatedCVE-2017-0240
CONFIRM
microsoft — edge
 
A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240.2017-05-12not yet calculatedCVE-2017-0227
CONFIRM
microsoft — explorer
 
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka “Internet Explorer Security Feature Bypass Vulnerability.”2017-05-12not yet calculatedCVE-2017-0064
CONFIRM
microsoft — explorer
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka “Internet Explorer Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0226.2017-05-12not yet calculatedCVE-2017-0222
CONFIRM
microsoft — explorer
 
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka “Internet Explorer Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0222.2017-05-12not yet calculatedCVE-2017-0226
CONFIRM
microsoft — javascript_engines
 
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0224
CONFIRM
microsoft — javascript_engines
 
A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.2017-05-12not yet calculatedCVE-2017-0228
CONFIRM
microsoft — javascript_engines
 
A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236.2017-05-12not yet calculatedCVE-2017-0238
CONFIRM
microsoft — malware_protection_engineThe Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka “Microsoft Malware Protection Engine Remote Code Execution Vulnerability.”2017-05-09not yet calculatedCVE-2017-0290
BID
MISC
MISC
CONFIRM
CONFIRM
MISC
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0351
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges2017-05-09not yet calculatedCVE-2017-0352
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0348
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0347
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0350
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.2017-05-09not yet calculatedCVE-2017-0355
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0349
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privileges2017-05-09not yet calculatedCVE-2017-0345
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0343
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape may allow users to gain access to arbitrary physical memory, leading to escalation of privileges.2017-05-09not yet calculatedCVE-2017-0344
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0346
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under raised IRQL which may lead to a denial of service.2017-05-09not yet calculatedCVE-2017-0354
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where due to improper locking on certain conditions may lead to a denial of service2017-05-09not yet calculatedCVE-2017-0353
CONFIRM
microsoft — nvidia_gpu_display_driverAll versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where incorrect calculation may cause an invalid address access leading to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0342
CONFIRM
microsoft — nvidia_gpu_display_driver
 
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges.2017-05-09not yet calculatedCVE-2017-0341
CONFIRM
microsoft — officeMicrosoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.2017-05-12not yet calculatedCVE-2017-0281
CONFIRM
microsoft — office
 
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281.2017-05-12not yet calculatedCVE-2017-0261
CONFIRM
microsoft — office
 
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281.2017-05-12not yet calculatedCVE-2017-0262
CONFIRM
microsoft — powerpoint_mac
 
Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265.2017-05-12not yet calculatedCVE-2017-0264
CONFIRM
microsoft — powerpoint_mac
 
Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-0254 and CVE-2017-0264.2017-05-12not yet calculatedCVE-2017-0265
CONFIRM
microsoft — server_message_blockThe Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka “Windows SMB Denial of Service Vulnerability”. This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273.2017-05-12not yet calculatedCVE-2017-0280
CONFIRM
microsoft — server_message_blockThe Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka “Windows SMB Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.2017-05-12not yet calculatedCVE-2017-0278
CONFIRM
microsoft — server_message_blockThe Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka “Windows SMB Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279.2017-05-12not yet calculatedCVE-2017-0277
CONFIRM
microsoft — server_message_blockMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka “Windows SMB Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0275
CONFIRM
microsoft — server_message_blockMicrosoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka “Windows SMB Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0274
CONFIRM
microsoft — server_message_blockThe Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka “Windows SMB Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278.2017-05-12not yet calculatedCVE-2017-0279
CONFIRM
microsoft — server_message_block
 
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka “Windows SMB Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275.2017-05-12not yet calculatedCVE-2017-0276
CONFIRM
microsoft — server_message_block
 
The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka “Windows SMB Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279.2017-05-12not yet calculatedCVE-2017-0272
CONFIRM
microsoft — server_message_block
 
The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka “Windows SMB Denial of Service Vulnerability”. This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280.2017-05-12not yet calculatedCVE-2017-0269
CONFIRM
microsoft — server_message_block
 
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka “Windows SMB Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0268
CONFIRM
microsoft — server_message_block
 
The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka “Windows SMB Denial of Service Vulnerability”. This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280.2017-05-12not yet calculatedCVE-2017-0273
CONFIRM
microsoft — server_message_block
 
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka “Windows SMB Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0270
CONFIRM
microsoft — server_message_block
 
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka “Windows SMB Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0271
CONFIRM
microsoft — server_message_block
 
Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka “Windows SMB Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276.2017-05-12not yet calculatedCVE-2017-0267
CONFIRM
microsoft — server
 
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka “Win32k Information Disclosure Vulnerability.”2017-05-12not yet calculatedCVE-2017-0245
CONFIRM
microsoft — server
 
The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka “Windows Kernel Elevation of Privilege Vulnerability.”2017-05-12not yet calculatedCVE-2017-0244
CONFIRM
microsoft — server
 
The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0258.2017-05-12not yet calculatedCVE-2017-0259
CONFIRM
microsoft — server
 
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259.2017-05-12not yet calculatedCVE-2017-0258
CONFIRM
microsoft — server
 
The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka “Win32k Elevation of Privilege Vulnerability.”2017-05-12not yet calculatedCVE-2017-0246
CONFIRM
microsoft — sharepoint_foundation
 
Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka “Microsoft SharePoint XSS Vulnerability”.2017-05-12not yet calculatedCVE-2017-0255
CONFIRM
microsoft — windows_com_aggregate_marshaler
 
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka “Windows COM Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-0214.2017-05-12not yet calculatedCVE-2017-0213
CONFIRM
microsoft — windows_hyper_v
 
Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka “Windows Hyper-V vSMB Elevation of Privilege Vulnerability”.2017-05-12not yet calculatedCVE-2017-0212
CONFIRM
microsoft — windows_server
 
The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability.”2017-05-12not yet calculatedCVE-2017-0263
CONFIRM
microsoft — windows_server
 
Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka “Windows DNS Server Denial of Service Vulnerability”.2017-05-12not yet calculatedCVE-2017-0171
CONFIRM
microsoft — windows_server
 
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259.2017-05-12not yet calculatedCVE-2017-0175
CONFIRM
microsoft — windows_server
 
The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka “GDI Information Disclosure Vulnerability.”2017-05-12not yet calculatedCVE-2017-0190
CONFIRM
microsoft — windows_server
 
Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka “Windows COM Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-0213.2017-05-12not yet calculatedCVE-2017-0214
CONFIRM
microsoft — windows_server
 
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.2017-05-12not yet calculatedCVE-2017-0220
CONFIRM
microsoft — windows_server
 
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka “Win32k Information Disclosure Vulnerability.”2017-05-12not yet calculatedCVE-2017-0077
CONFIRM
microsoft — windows_vista
 
Untrusted search path vulnerability in installers for The Public Certification Service for Individuals “The JPKI user’s software (for Windows 7 and later)” Ver3.1 and earlier, The Public Certification Service for Individuals “The JPKI user’s software (for Windows Vista)”, The Public Certification Service for Individuals “The JPKI user’s software” Ver2.6 and earlier that were available until April 27, 2017 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.2017-05-12not yet calculatedCVE-2017-2157
JVN
MISC
microsoft — word
 
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.2017-05-12not yet calculatedCVE-2017-0254
CONFIRM
miniupnp — miniupnpc
 
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.2017-05-10not yet calculatedCVE-2017-8798
MISC
MISC
motorola — bootloader
 
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.2017-05-12not yet calculatedCVE-2016-10277
CONFIRM
mozilla — network_security_seervices
 
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.2017-05-10not yet calculatedCVE-2017-5461
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
multicoreware — planeclipandmax()
 
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding.2017-05-11not yet calculatedCVE-2017-8906
MISC
nessus — nessus
 
Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2017-2122
JVN
CONFIRM
netcloud — serverNextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.2017-05-08not yet calculatedCVE-2017-0891
MISC
CONFIRM
netcloud — serverNextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers.2017-05-08not yet calculatedCVE-2017-0893
MISC
CONFIRM
netcloud — serverNextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.2017-05-08not yet calculatedCVE-2017-0895
MISC
CONFIRM
netcloud — serverNextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.2017-05-08not yet calculatedCVE-2017-0892
MISC
CONFIRM
netcloud — serverNextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.2017-05-08not yet calculatedCVE-2017-0894
MISC
CONFIRM
netcloud — server
 
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.2017-05-08not yet calculatedCVE-2017-0890
MISC
CONFIRM
oneplus — one_xAn issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same ‘ro.build.product’ system property, attackers can install OTAs of one product over the other, even on locked bootloaders. That could theoretically allow for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. Moreover, the vulnerability may result in having the device unusable until a Factory Reset is performed. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use ‘adb sideload’ to push the OTA.2017-05-11not yet calculatedCVE-2017-8851
MISC
oneplus — one_x
 
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even on locked bootloaders, which allows for exploitation of vulnerabilities patched on one image but not on the other, in addition to expansion of the attack surface. This vulnerability can be exploited by Man-in-the-Middle (MiTM) attackers targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, physical attackers can reboot the phone into recovery, and then use ‘adb sideload’ to push the OTA (on OnePlus 3/3T ‘Secure Start-up’ must be off).2017-05-11not yet calculatedCVE-2017-8850
MISC
oneplus — one_x
 
An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient ‘updater-script’ in OTAs that does not check that the current version is lower than or equal to the given image’s. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use ‘adb sideload’ to push the OTA (on OnePlus 3/3T ‘Secure Start-up’ must be off).2017-05-11not yet calculatedCVE-2017-5948
MISC
oneplus — ota_updater
 
An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851.2017-05-11not yet calculatedCVE-2016-10370
MISC
MISC
opentexttempobox — opentext_tempo_box
 
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.2017-05-10not yet calculatedCVE-2017-8892
MISC
panda — mobile_security
 
Acceptance of invalid/self-signed TLS certificates in “Panda Mobile Security” 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.2017-05-05not yet calculatedCVE-2017-8060
BID
MISC
postgresql — pgrequiresslIn PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.2017-05-12not yet calculatedCVE-2017-7485
CONFIRM
postgresql — postgresqlPostgreSQL versions 8.4 – 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.2017-05-12not yet calculatedCVE-2017-7486
CONFIRM
postgresql — postgresql
 
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.2017-05-12not yet calculatedCVE-2017-7484
CONFIRM
qualcomm — sound_driverAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34088848. References: QC-CR#1116015.2017-05-12not yet calculatedCVE-2017-0606
CONFIRM
qualcomm  — wi_fi_driver
 
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32094986. References: QC-CR#2002052.2017-05-12not yet calculatedCVE-2016-10283
CONFIRM
qualcomm — adsprpc_driver
 
An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC-CR#1110747.2017-05-12not yet calculatedCVE-2017-0465
CONFIRM
qualcomm — bootloader
 
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-34514954. References: QC-CR#1009111.2017-05-12not yet calculatedCVE-2016-10275
CONFIRM
qualcomm — bootloader
 
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105.2017-05-12not yet calculatedCVE-2016-10276
CONFIRM
qualcomm — crypto_driver
 
An elevation of privilege vulnerability in the Qualcomm crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899710. References: QC-CR#1116295.2017-05-12not yet calculatedCVE-2016-10289
CONFIRM
qualcomm — led_driver
 
An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33863909. References: QC-CR#1109763.2017-05-12not yet calculatedCVE-2016-10288
CONFIRM
qualcomm — led_driver
 
An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33781694. References: QC-CR#1109326.2017-05-12not yet calculatedCVE-2016-10295
CONFIRM
qualcomm — power_driver
 
An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33621829. References: QC-CR#1105481.2017-05-12not yet calculatedCVE-2016-10294
CONFIRM
qualcomm — secure_channel_manager
 
An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711.2017-05-12not yet calculatedCVE-2017-0620
CONFIRM
qualcomm — secure_executionAn elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400457. References: QC-CR#1086140.2017-05-12not yet calculatedCVE-2017-0613
CONFIRM
qualcomm — secure_executionAn elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399405. References: QC-CR#1080290.2017-05-12not yet calculatedCVE-2017-0614
CONFIRM
qualcomm — secure_executionAn elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-34389303. References: QC-CR#1061845.2017-05-12not yet calculatedCVE-2017-0612
CONFIRM
qualcomm — shared_memory_driver
 
An information disclosure vulnerability in the Qualcomm shared memory driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33845464. References: QC-CR#1109782.2017-05-12not yet calculatedCVE-2016-10296
CONFIRM
qualcomm — shared_memory_driver
 
An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33898330. References: QC-CR#1109782.2017-05-12not yet calculatedCVE-2016-10290
CONFIRM
qualcomm — slimbus_driver
 
An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837.2017-05-12not yet calculatedCVE-2016-10291
CONFIRM
qualcomm — sound-driverAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399801. References: QC-CR#1090482.2017-05-12not yet calculatedCVE-2017-0609
CONFIRM
qualcomm — sound-driverAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399404. References: QC-CR#1094852.2017-05-12not yet calculatedCVE-2017-0610
CONFIRM
qualcomm — sound-driverAn elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393841. References: QC-CR#1084210.2017-05-12not yet calculatedCVE-2017-0611
CONFIRM
qualcomm — sound-driver
 
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR#1098363.2017-05-12not yet calculatedCVE-2017-0608
CONFIRM
qualcomm — sound_codec_driver
 
An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35392586. References: QC-CR#832915.2017-05-12not yet calculatedCVE-2017-0632
CONFIRM
qualcomm — sound_driver
 
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33784446. References: QC-CR#1112751.2017-05-12not yet calculatedCVE-2016-10287
CONFIRM
qualcomm — video_driver
 
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237.2017-05-12not yet calculatedCVE-2016-10286
CONFIRM
qualcomm — video_driver
 
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33752702. References: QC-CR#1104899.2017-05-12not yet calculatedCVE-2016-10285
CONFIRM
qualcomm — video_driver
 
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402303. References: QC-CR#2000664.2017-05-12not yet calculatedCVE-2016-10284
CONFIRM
qualcomm — video_driver
 
An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33352393. References: QC-CR#1101943.2017-05-12not yet calculatedCVE-2016-10293
CONFIRM
qualcomm — wifi_driverAn information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35393124. References: QC-CR#1088050.2017-05-12not yet calculatedCVE-2017-0626
CONFIRM
qualcomm — wifi_driver
 
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34327795. References: QC-CR#2005832.2017-05-12not yet calculatedCVE-2017-0624
CONFIRM
qualcomm — wifi_driver
 
A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34514463. References: QC-CR#1065466.2017-05-12not yet calculatedCVE-2016-10292
CONFIRM
rockwell — automation_controllogix
 
A Resource Exhaustion issue was discovered in Rockwell Automation ControlLogix 5580 controllers V28.011, V28.012, and V28.013; ControlLogix 5580 controllers V29.011; CompactLogix 5380 controllers V28.011; and CompactLogix 5380 controllers V29.011. This vulnerability may allow an attacker to cause a denial of service condition by sending a series of specific CIP-based commands to the controller.2017-05-05not yet calculatedCVE-2017-6024
BID
MISC
saa7164usc — ssa7164_bus_get function
 
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.10.14 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a “double fetch” vulnerability.2017-05-08not yet calculatedCVE-2017-8831
MISC
sap — sapcar
 
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.2017-05-10not yet calculatedCVE-2017-8852
MISC
schneiderelectric — vampset
 
All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system remains operational and VAMPSET responds, it is able to be shut down through its normal closing protocol.2017-05-09not yet calculatedCVE-2017-7967
CONFIRM
siemens — simatic_cp
 
Siemens SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X200 (All versions), SCALANCE X200 IRT (All versions), SCALANCE X300, X408, X414 (All versions), SCALANCE XM400, XR500 (All versions), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions), Softnet PROFINET IO for PC-based Windows systems (All versions), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 / UPS1600 PROFINET (All versions), SIMATIC ET 200AL (All versions), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions), PN/PN Coupler (All versions), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 incl. F and H (All versions), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.8 HF4), SINAMICS S110 w. PN (All versions), SINAMICS S120 (All versions before V4.8 HF4), SINAMICS S150 (All versions before V4.8 HF4), SINAMICS V90 w. PN (All versions), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (V4.7 before SP6 HF8 and before V4.5), SINUMERIK 840D sl (V4.7 before SP6 HF8 and before V4.5), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 – Ethernet) packet.2017-05-10not yet calculatedCVE-2017-2680
BID
CONFIRM
siemens — simatic_s7Siemens SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 incl. F and H (All versions), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP (Layer 2 – Ethernet) packet sent to an affected product.2017-05-11not yet calculatedCVE-2017-2681
BID
CONFIRM
siemens — simaticA vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the “administrators” group to crash services by sending specially crafted messages to the DCOM interface.2017-05-11not yet calculatedCVE-2017-6867
BID
CONFIRM
siemens — simatic
 
Siemens SIMATIC WinCC (TIA Portal) (V13 all versions before SP2 and V14 before SP1), SIMATIC STEP 7 (TIA Portal) (V13 all versions before SP2 and V14 before SP1), SIMATIC STEP 7 V5.X (All versions), STEP 7 – Micro/WIN SMART (All versions), SMART PC Access V2.0, SIMATIC Automation Tool (All versions), SIMATIC WinCC (All versions), SIMATIC PCS 7 (All versions), SIMATIC NET PC-Software (All versions), Primary Setup Tool (PST) (All versions), Security Configuration Tool (SCT) (All versions), SINEMA Server (All versions), SINAUT ST7CC (All versions), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SINUMERIK 808D Programming Tool (All versions), SIMATIC WinCC flexible 2008 (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 – Ethernet) packet.2017-05-11not yet calculatedCVE-2017-6865
BID
CONFIRM
soy — cmsCross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2017-2164
JVN
soy — cms
 
Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.2017-05-12not yet calculatedCVE-2017-2163
JVN
splunk — enterprise_lightOpen redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4857
JVN
CONFIRM
splunk — enterprise_lightOpen redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4859
JVN
CONFIRM
splunk — enterprise_lightCross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4858
JVN
CONFIRM
splunk — enterprise_light
 
Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.2017-05-12not yet calculatedCVE-2016-4856
JVN
CONFIRM
swftools — pdf2swfA Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf 3.02.2017-05-10not yet calculatedCVE-2017-7698
CONFIRM
symphony — meta_parameter
 
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.2017-05-10not yet calculatedCVE-2017-8876
MISC
synology — dsm_user
 
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.2017-05-12not yet calculatedCVE-2016-10330
MLIST
MISC
MISC
CONFIRM
synology — photo_station
 
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted ‘X-Forwarded-For’ header.2017-05-12not yet calculatedCVE-2016-10329
MLIST
MISC
MISC
CONFIRM
synology — photo_station
 
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.2017-05-12not yet calculatedCVE-2016-10331
MISC
CONFIRM
tibco — spotfire_server
 
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.2017-05-09not yet calculatedCVE-2017-5527
CONFIRM
trafficmanagementmicrokernel — traffic_anagement_microkernel
 
The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, APM, ASM, GTM, Link Controller, PEM, PSM, and WebSafe 11.6.0 before 11.6.0 HF6, 11.5.0 before 11.5.3 HF2, and 11.3.0 before 11.4.1 HF10 may suffer from a memory leak while handling certain types of TCP traffic. Remote attackers may cause a denial of service (DoS) by way of a crafted TCP packet.2017-05-11not yet calculatedCVE-2016-7476
BID
CONFIRM
ubuntu — lightdm
 
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.2017-05-12not yet calculatedCVE-2017-8900
CONFIRM
CONFIRM
CONFIRM
unicodetoutf8() — unicode_to_utf8()_function
 
An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.2017-05-12not yet calculatedCVE-2017-8911
MISC
unixsocket.c — lxterminal
 
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).2017-05-08not yet calculatedCVE-2016-10369
MISC
MISC
MISC
veritasbackupexec — veritas_backup_exec
 
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An authenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.2017-05-10not yet calculatedCVE-2017-8895
CONFIRM
veritas — netbackupIn Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the ‘bprd’ process.2017-05-09not yet calculatedCVE-2017-8857
BID
CONFIRM
veritas — netbackupIn Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.2017-05-09not yet calculatedCVE-2017-8859
BID
CONFIRM
veritas — netbackupIn Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the ‘bprd’ process.2017-05-09not yet calculatedCVE-2017-8858
BID
CONFIRM
veritas — netbackup
 
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the ‘bprd’ process.2017-05-09not yet calculatedCVE-2017-8856
BID
CONFIRM
wolfssl — out_of_bounds_memory_access
 
wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.2017-05-09not yet calculatedCVE-2017-8854
CONFIRM
wolfssl — wc_dhagreewolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.2017-05-09not yet calculatedCVE-2017-8855
CONFIRM
wordpress — clean_login_plugin
 
CSRF in the Clean Login plugin before 1.8 for WordPress allows remote attackers to change the login redirect URL or logout redirect URL.2017-05-10not yet calculatedCVE-2017-8875
MISC
MISC
xen — failsafeXen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.2017-05-11not yet calculatedCVE-2017-8905
CONFIRM
CONFIRM
xen — gnttabop_transferXen through 4.8.x mishandles the “contains segment descriptors” property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.2017-05-11not yet calculatedCVE-2017-8904
CONFIRM
CONFIRM
xen — iret_hypercall
 
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.2017-05-11not yet calculatedCVE-2017-8903
CONFIRM
CONFIRM
zencart — main_page_parameter
 
Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor’s README.md file offers a link to v160.zip with a description of “Download latest in-development version from github.”2017-05-08not yet calculatedCVE-2017-8833
CONFIRM
zendstringextend — zend/zend_string_h
 
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script’s use of .= with a long string.2017-05-12not yet calculatedCVE-2017-8923
MISC
liblrzipso — read_stream_functionThe read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.2017-05-08not yet calculatedCVE-2017-8846
MISC
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.