SB17-170: Vulnerability Summary for the Week of June 12, 2017

Original release date: June 19, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
gnome — libcroco The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. 2017-06-12 7.1 CVE-2017-8871
MISC
EXPLOIT-DB
gnu — glibc nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd. 2017-06-12 7.5 CVE-2014-9984
BID
CONFIRM
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. 2017-06-13 9.3 CVE-2014-9960
BID
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. 2017-06-13 9.3 CVE-2014-9961
BID
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. 2017-06-13 9.3 CVE-2015-9023
BID
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application. 2017-06-13 9.3 CVE-2015-9025
BID
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine. 2017-06-13 9.3 CVE-2015-9028
BID
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler. 2017-06-13 9.3 CVE-2016-10340
BID
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler. 2017-06-13 9.3 CVE-2016-10342
BID
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated. 2017-06-13 9.3 CVE-2017-7365
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. 2017-06-13 7.6 CVE-2017-7372
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver. 2017-06-13 9.3 CVE-2017-8236
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image. 2017-06-13 9.3 CVE-2017-8237
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function. 2017-06-13 9.3 CVE-2017-8238
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability. 2017-06-13 9.3 CVE-2017-8240
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length. 2017-06-13 9.3 CVE-2017-8241
CONFIRM
iodata — ts-wrla_firmware I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. 2017-06-09 9.0 CVE-2016-7819
CONFIRM
BID
JVN
iodata — ts-wrla_firmware Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. 2017-06-09 9.0 CVE-2016-7820
CONFIRM
BID
JVN
iodata — wfs-sr01_firmware I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. 2017-06-09 10.0 CVE-2016-7806
CONFIRM
BID
JVN
libquicktime — libquicktime The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. 2017-06-12 7.1 CVE-2017-9122
EXPLOIT-DB
skygroup — skysea_client_view SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program. 2017-06-09 10.0 CVE-2016-7836
BID
CONFIRM
JVN
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bluez — bluez Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. 2017-06-09 4.6 CVE-2016-7837
BID
CONFIRM
JVN
buffalotech — wnc01wh_firmware Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors. 2017-06-09 4.3 CVE-2016-7821
CONFIRM
BID
JVN
buffalotech — wnc01wh_firmware Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. 2017-06-09 6.8 CVE-2016-7822
CONFIRM
BID
JVN
buffalotech — wnc01wh_firmware Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. 2017-06-09 6.5 CVE-2016-7824
CONFIRM
BID
JVN
buffalotech — wnc01wh_firmware Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. 2017-06-09 4.0 CVE-2016-7825
CONFIRM
BID
JVN
buffalotech — wnc01wh_firmware Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. 2017-06-09 4.0 CVE-2016-7826
CONFIRM
BID
JVN
codecabin_ — wp_live_chat_support Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-06-09 4.3 CVE-2017-2187
JVN
CONFIRM
corega — cg-wlbargnl_firmware Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-06-09 4.3 CVE-2016-7808
CONFIRM
BID
JVN
corega — cg-wlr300nx_firmware Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors. 2017-06-09 6.8 CVE-2016-7809
CONFIRM
BID
JVN
corega — cg-wlr300nx_firmware Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors. 2017-06-09 5.8 CVE-2016-7811
CONFIRM
BID
JVN
cybozu — dezie Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. 2017-06-09 5.0 CVE-2016-7832
BID
JVN
CONFIRM
cybozu — dezie Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. 2017-06-09 6.4 CVE-2016-7833
BID
JVN
CONFIRM
cybozu — garoon Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via “Messages” function of Cybozu Garoon Keitai. 2017-06-09 4.3 CVE-2016-4906
BID
JVN
CONFIRM
cybozu — garoon Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. 2017-06-09 6.8 CVE-2016-4907
BID
JVN
CONFIRM
cybozu — garoon Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user’s private RSS settings via unspecified vectors. 2017-06-09 4.0 CVE-2016-4908
BID
BID
JVN
CONFIRM
cybozu — garoon Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. 2017-06-09 4.3 CVE-2016-4909
BID
BID
JVN
CONFIRM
cybozu — garoon Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators’ MultiReport filters via unspecified vectors. 2017-06-09 4.0 CVE-2016-4910
BID
JVN
CONFIRM
cybozu — garoon Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users’ To-Dos via unspecified vectors. 2017-06-09 4.0 CVE-2016-7801
BID
JVN
CONFIRM
cybozu — garoon Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. 2017-06-09 4.0 CVE-2016-7802
BID
JVN
CONFIRM
cybozu — garoon SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via “MultiReport” function. 2017-06-09 6.5 CVE-2016-7803
BID
JVN
CONFIRM
emon-cms — deraemon-cms Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username. 2017-06-09 4.3 CVE-2016-7813
CONFIRM
BID
JVN
fenrir-inc — sleipnir Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage. 2017-06-09 5.8 CVE-2016-7831
BID
JVN
gnome — libcroco The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. 2017-06-12 4.3 CVE-2017-8834
MISC
EXPLOIT-DB
google — android A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305. 2017-06-14 6.8 CVE-2017-0638
BID
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. 2017-06-13 4.3 CVE-2017-8242
CONFIRM
h2o_project — h2o Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. 2017-06-09 6.4 CVE-2016-7835
BID
CONFIRM
JVN
ibm — maximo_asset_management IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. 2017-06-13 6.5 CVE-2016-9984
CONFIRM
MISC
iodata — ts-wrla_firmware I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. 2017-06-09 5.0 CVE-2016-7814
CONFIRM
BID
JVN
iodata — wfs-sr01_firmware I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. 2017-06-09 5.0 CVE-2016-7807
CONFIRM
BID
JVN
ipa — appgoat Hands-on Vulnerability Learning Tool “AppGoat” for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182. 2017-06-09 6.8 CVE-2017-2179
JVN
ipa — appgoat Hands-on Vulnerability Learning Tool “AppGoat” for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors. 2017-06-09 4.3 CVE-2017-2180
JVN
ipa — appgoat Hands-on Vulnerability Learning Tool “AppGoat” for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182. 2017-06-09 6.8 CVE-2017-2181
JVN
ipa — appgoat Hands-on Vulnerability Learning Tool “AppGoat” for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181. 2017-06-09 6.8 CVE-2017-2182
JVN
libquicktime — libquicktime The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file. 2017-06-12 4.3 CVE-2017-9123
EXPLOIT-DB
libquicktime — libquicktime The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. 2017-06-12 4.3 CVE-2017-9124
EXPLOIT-DB
libquicktime — libquicktime The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file. 2017-06-12 4.3 CVE-2017-9125
EXPLOIT-DB
libquicktime — libquicktime The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. 2017-06-12 4.3 CVE-2017-9126
EXPLOIT-DB
libquicktime — libquicktime The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file. 2017-06-12 4.3 CVE-2017-9127
EXPLOIT-DB
libquicktime — libquicktime The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file. 2017-06-12 4.3 CVE-2017-9128
EXPLOIT-DB
simple_keitai_chat_project — simple_keitai_chat Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-06-09 4.3 CVE-2016-7817
BID
JVN
torproject — tor The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. 2017-06-09 5.0 CVE-2017-0375
BID
CONFIRM
CONFIRM
CONFIRM
torproject — tor The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. 2017-06-09 5.0 CVE-2017-0376
CONFIRM
CONFIRM
CONFIRM
unisys — mobigate The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-09 4.3 CVE-2016-7805
BID
JVN

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bigtreecms — bigtree_cms admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name. 2017-06-12 3.5 CVE-2017-9546
CONFIRM
bigtreecms — bigtree_cms admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication (aka a pending page change). 2017-06-12 3.5 CVE-2017-9547
CONFIRM
bigtreecms — bigtree_cms admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication (aka a pending page change). 2017-06-12 3.5 CVE-2017-9548
CONFIRM
buffalotech — wnc01wh_firmware Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-06-09 2.3 CVE-2016-7823
CONFIRM
BID
JVN
corega — cg-wlr300nx_firmware Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. 2017-06-09 3.5 CVE-2016-7810
CONFIRM
BID
JVN
ibm — inotes IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854. 2017-06-12 3.5 CVE-2017-1214
CONFIRM
MISC
ibm — rational_doors_next_generation IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627. 2017-06-12 3.5 CVE-2017-1247
CONFIRM
BID
MISC
ibm — rational_doors_next_generation IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751. 2017-06-12 3.5 CVE-2017-1276
CONFIRM
BID
MISC
ibm — rational_doors_next_generation IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 124756. 2017-06-12 3.5 CVE-2017-1278
CONFIRM
BID
MISC
linux — linux_kernel An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35644815. 2017-06-14 2.6 CVE-2017-0651
BID
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acquisition_technology_logistics_agency — electronic_bidding_system Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-06-09 not yet calculated CVE-2017-2178
JVN
CONFIRM
BID
anti-web — anti-web
 
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file. 2017-06-15 not yet calculated CVE-2017-9097
MISC
MISC
MISC
apache — kibana
 
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. 2017-06-16 not yet calculated CVE-2016-1000219
CONFIRM
apache — kibana
 
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. 2017-06-16 not yet calculated CVE-2017-8451
CONFIRM
apache — kibana
 
Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website. 2017-06-16 not yet calculated CVE-2016-10365
CONFIRM
apache — kibana
 
Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. 2017-06-16 not yet calculated CVE-2017-8452
CONFIRM
apache — kibana
 
Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. 2017-06-16 not yet calculated CVE-2016-10366
CONFIRM
apache — kibana
 
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users’ browsers. 2017-06-16 not yet calculated CVE-2016-1000220
CONFIRM
apache — kibana
 
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. 2017-06-16 not yet calculated CVE-2016-1000218
CONFIRM
apache — kibana
 
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions. 2017-06-16 not yet calculated CVE-2016-10364
CONFIRM
apache — kibana
 
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. 2017-06-16 not yet calculated CVE-2015-9056
CONFIRM
apache — nifi Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin. 2017-06-12 not yet calculated CVE-2017-7667
BID
MLIST
apache — nifi
 
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient. 2017-06-12 not yet calculated CVE-2017-7665
BID
MLIST
apache — ranger
 
Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies. 2017-06-14 not yet calculated CVE-2016-8751
BID
CONFIRM
apache — ranger
 
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table. 2017-06-14 not yet calculated CVE-2017-7677
BID
CONFIRM
apache — ranger
 
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true. 2017-06-14 not yet calculated CVE-2016-8746
BID
CONFIRM
apache — ranger
 
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after ‘*’ wildcard character – like my*test, test*.txt. This can result in unintended behavior. 2017-06-14 not yet calculated CVE-2017-7676
BID
CONFIRM
apache — thrift
 
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. 2017-06-16 not yet calculated CVE-2015-3254
CONFIRM
CONFIRM
MLIST
apcupsd — apcupsd
 
In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup. This occurs because of “RW NT AUTHORITYAuthenticated Users” permissions for %SYSTEMDRIVE%apcupsdbinapcupsd.exe. 2017-06-16 not yet calculated CVE-2017-7884
MISC
atlassian — bamboo
 
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo. 2017-06-14 not yet calculated CVE-2017-8907
CONFIRM
atlassian — confluence
 
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself. 2017-06-15 not yet calculated CVE-2017-9505
CONFIRM
MISC
avira — avira mobile security application
 
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext. 2017-06-15 not yet calculated CVE-2015-7732
MISC
cisco — asr_5000_series_routers A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify arbitrary files on an affected system. More Information: CSCvd73726. Known Affected Releases: 21.0.v0.65839 21.3.M0.67005. Known Fixed Releases: 21.4.A0.67087 21.4.A0.67079 21.4.A0.67013 21.3.M0.67084 21.3.M0.67077 21.3.M0.66994 21.3.J0.66993 21.1.v0.67082 21.1.V0.67083. 2017-06-13 not yet calculated CVE-2017-6690
BID
CONFIRM
cisco — context_service
 
A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0. 2017-06-13 not yet calculated CVE-2017-6667
BID
CONFIRM
cisco — cucdm
 
Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected Releases: 8.1(7)ER1. 2017-06-13 not yet calculated CVE-2017-6668
BID
CONFIRM
cisco — cucdm
 
A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1. 2017-06-13 not yet calculated CVE-2017-6670
BID
CONFIRM
cisco — elastic_services_controllers A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More Information: CSCvc76642. Known Affected Releases: 2.2(9.76). 2017-06-13 not yet calculated CVE-2017-6683
BID
CONFIRM
cisco — elastic_services_controllers
 
A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76). 2017-06-13 not yet calculated CVE-2017-6697
BID
CONFIRM
cisco — elastic_services_controllers
 
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.2(9.76). 2017-06-13 not yet calculated CVE-2017-6689
BID
CONFIRM
cisco — elastic_services_controllers
 
A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2). 2017-06-13 not yet calculated CVE-2017-6696
BID
CONFIRM
cisco — elastic_services_controllers
 
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76). 2017-06-13 not yet calculated CVE-2017-6688
BID
CONFIRM
cisco — elastic_services_controllers
 
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2). 2017-06-13 not yet calculated CVE-2017-6691
BID
CONFIRM
cisco — elastic_services_controllers
 
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76). 2017-06-13 not yet calculated CVE-2017-6682
BID
CONFIRM
cisco — elastic_services_controllers
 
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0. 2017-06-13 not yet calculated CVE-2017-6684
BID
CONFIRM
cisco — elastic_services_controllers
 
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected Releases: 2.2(9.76) 2.3(1). 2017-06-13 not yet calculated CVE-2017-6693
BID
CONFIRM
cisco — esa_sma
 
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049. 2017-06-13 not yet calculated CVE-2017-6661
BID
CONFIRM
cisco — esa
 
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device, as demonstrated by the Attachment Filter. More Information: CSCvd34632. Known Affected Releases: 10.0.1-087 9.7.1-066. Known Fixed Releases: 10.0.2-020 9.8.1-015. 2017-06-13 not yet calculated CVE-2017-6671
BID
CONFIRM
cisco — firepower
 
A vulnerability in Cisco Firepower Management Center could allow an authenticated, remote attacker to obtain user information. An attacker could use this information to perform reconnaissance. More Information: CSCvc10894. Known Affected Releases: 6.1.0.2 6.2.0. Known Fixed Releases: 6.2.0. 2017-06-13 not yet calculated CVE-2017-6673
CONFIRM
cisco — firepower
 
A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2. 2017-06-13 not yet calculated CVE-2017-6674
BID
CONFIRM
cisco — industrial_network_director
 
A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176). 2017-06-13 not yet calculated CVE-2017-6675
BID
CONFIRM
cisco — ip_phone_8800_series
 
A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are dropped as the SIP process restarts. More Information: CSCvc29353. Known Affected Releases: 11.0(0.1). Known Fixed Releases: 11.0(0)MP2.153 11.0(0)MP2.62. 2017-06-13 not yet calculated CVE-2017-6656
BID
CONFIRM
cisco — ncs_5500_series_routers
 
A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE. 2017-06-13 not yet calculated CVE-2017-6666
BID
CONFIRM
cisco — nx-os
 
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects Cisco NX-OS Software on the following Cisco devices when they are configured for FCoE: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. More Information: CSCvc91729. Known Affected Releases: 8.3(0)CV(0.833). Known Fixed Releases: 8.3(0)ISH(0.62) 8.3(0)CV(0.944) 8.1(1) 8.1(0.8)S0 7.3(2)D1(0.47). 2017-06-13 not yet calculated CVE-2017-6655
BID
CONFIRM
cisco — prime_collaboration_assurance
 
A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6. 2017-06-13 not yet calculated CVE-2017-6659
BID
CONFIRM
cisco — ultra_services_framework
 
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839. 2017-06-13 not yet calculated CVE-2017-6692
BID
CONFIRM
cisco — ultra_services_framework
 
A vulnerability in the AutoVNF logging function of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to create arbitrary directories on the affected system. More Information: CSCvc76652. Known Affected Releases: 21.0.0. 2017-06-13 not yet calculated CVE-2017-6680
BID
CONFIRM
cisco — ultra_services_framework
 
A vulnerability in the Virtual Network Function Manager’s (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839. 2017-06-13 not yet calculated CVE-2017-6694
BID
CONFIRM
cisco — ultra_services_framework
 
A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839. 2017-06-13 not yet calculated CVE-2017-6695
BID
CONFIRM
cisco — ultra_services_framework
 
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information: CSCvc76695. Known Affected Releases: 21.0.0. 2017-06-13 not yet calculated CVE-2017-6687
BID
CONFIRM
cisco — ultra_services_framework
 
A vulnerability in Cisco Ultra Services Framework Staging Server could allow an authenticated, remote attacker with access to the management network to log in as an admin user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76681. Known Affected Releases: 21.0.0. 2017-06-13 not yet calculated CVE-2017-6685
BID
CONFIRM
cisco — ultra_services_framework
 
A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in as an admin or oper user of the affected device, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76699. Known Affected Releases: 21.0.0. 2017-06-13 not yet calculated CVE-2017-6686
BID
CONFIRM
cisco — ultra_services_framework
 
A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information: CSCvc76662. Known Affected Releases: 21.0.0. 2017-06-13 not yet calculated CVE-2017-6681
BID
CONFIRM
citrix — xenmobile_server XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. 2017-06-16 not yet calculated CVE-2017-9231
BID
CONFIRM
curl — curl
 
In curl before 7.54.1 on Windows and DOS, libcurl’s default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given “URL” starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string “file://”). 2017-06-14 not yet calculated CVE-2017-9502
CONFIRM
CONFIRM
cybozu — kintone_app
 
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-09 not yet calculated CVE-2016-7816
BID
JVN
CONFIRM
d-link — dir-605l_devices
 
On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot. 2017-06-15 not yet calculated CVE-2017-9675
CONFIRM
d-link — wireless_n300_router
 
D-Link DIR-615 Wireless N300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. 2017-06-11 not yet calculated CVE-2017-9542
BID
MISC
MISC
digital_canal_structural — wind_analysis
 
A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack. 2017-06-14 not yet calculated CVE-2017-7910
BID
MISC
eclipse — jetty
 
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. 2017-06-16 not yet calculated CVE-2017-9735
MISC
MISC
efs_software — easy_chat_server
 
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code. 2017-06-12 not yet calculated CVE-2017-9544
EXPLOIT-DB
efs_software — easy_chat_server
 
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm. 2017-06-12 not yet calculated CVE-2017-9543
EXPLOIT-DB
efs_software — easy_chat_server
 
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response. 2017-06-12 not yet calculated CVE-2017-9557
EXPLOIT-DB
elastic — logstash
 
Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and can cause the Logstash process to exit. 2017-06-16 not yet calculated CVE-2016-10363
CONFIRM
elastic — logstash
 
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. 2017-06-16 not yet calculated CVE-2016-1000222
CONFIRM
elastic — logstash
 
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. 2017-06-16 not yet calculated CVE-2016-1000221
CONFIRM
elastic — logstash
 
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. 2017-06-16 not yet calculated CVE-2016-10362
CONFIRM
elastic — x-pack_security
 
X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information. 2017-06-16 not yet calculated CVE-2017-8450
CONFIRM
elastic — x-pack_security
 
X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field level security rules for the same index. 2017-06-16 not yet calculated CVE-2017-8449
CONFIRM
emc — esrs_ve
 
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. 2017-06-14 not yet calculated CVE-2017-4986
CONFIRM
BID
emc — rsa_bsafe_cert_c
 
EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability. 2017-06-14 not yet calculated CVE-2017-4981
CONFIRM
BID
emc — rsa_identity_governanace_and_lifecycle_versions
 
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. 2017-06-09 not yet calculated CVE-2017-5003
CONFIRM
BID
emc — rsa_identity_governanace_and_lifecycle_versions
 
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Stored Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system. 2017-06-09 not yet calculated CVE-2017-5004
CONFIRM
BID
f5 — multiple_products
 
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 – 12.1.2, 11.4.0 – 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. 2017-06-09 not yet calculated CVE-2016-7469
BID
CONFIRM
flexera — flexnet_publisher
 
In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges. 2017-06-15 not yet calculated CVE-2016-10395
MISC
gnuplot — gnuplot
 
An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file. 2017-06-15 not yet calculated CVE-2017-9670
CONFIRM
gnutls — gnutls
 
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application. 2017-06-16 not yet calculated CVE-2017-7507
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. 2017-06-13 not yet calculated CVE-2016-10333
BID
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. 2017-06-13 not yet calculated CVE-2016-10334
BID
CONFIRM
google — android In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected. 2017-06-13 not yet calculated CVE-2017-8235
CONFIRM
google — android A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170. 2017-06-14 not yet calculated CVE-2017-0663
BID
CONFIRM
google — android A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-35472997. 2017-06-14 not yet calculated CVE-2017-0644
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. 2017-06-13 not yet calculated CVE-2015-9021
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. 2017-06-13 not yet calculated CVE-2015-9022
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer. 2017-06-13 not yet calculated CVE-2015-9033
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call. 2017-06-13 not yet calculated CVE-2014-9965
BID
CONFIRM
google — android
 
A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500. 2017-06-14 not yet calculated CVE-2017-0637
BID
CONFIRM
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. 2017-06-13 not yet calculated CVE-2014-9966
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth. 2017-06-13 not yet calculated CVE-2017-7371
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. 2017-06-13 not yet calculated CVE-2017-7370
CONFIRM
google — android
 
An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991. 2017-06-14 not yet calculated CVE-2017-0639
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM. 2017-06-13 not yet calculated CVE-2014-9963
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality. 2017-06-13 not yet calculated CVE-2014-9964
BID
CONFIRM
google — android
 
An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35472278. 2017-06-14 not yet calculated CVE-2017-0650
CONFIRM
google — android
 
An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327. 2017-06-14 not yet calculated CVE-2017-0645
BID
CONFIRM
google — android
 
A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591. 2017-06-14 not yet calculated CVE-2017-0641
BID
CONFIRM
CONFIRM
google — android
 
A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017. 2017-06-14 not yet calculated CVE-2017-0642
BID
CONFIRM
CONFIRM
google — android
 
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051. 2017-06-14 not yet calculated CVE-2017-0643
BID
CONFIRM
google — android
 
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467. 2017-06-14 not yet calculated CVE-2017-0640
BID
CONFIRM
google — android
 
An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337. 2017-06-14 not yet calculated CVE-2017-0646
BID
CONFIRM
google — android
 
An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-36101220. 2017-06-14 not yet calculated CVE-2017-0648
BID
CONFIRM
google — android
 
An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283. 2017-06-14 not yet calculated CVE-2017-0649
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications. 2017-06-13 not yet calculated CVE-2015-9032
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver. 2017-06-13 not yet calculated CVE-2017-7373
CONFIRM
google — android
 
An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138. 2017-06-14 not yet calculated CVE-2017-0647
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP. 2017-06-13 not yet calculated CVE-2015-9031
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication. 2017-06-13 not yet calculated CVE-2015-9030
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. 2017-06-13 not yet calculated CVE-2015-9029
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption. 2017-06-13 not yet calculated CVE-2017-7369
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. 2017-06-13 not yet calculated CVE-2017-8239
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. 2017-06-13 not yet calculated CVE-2014-9967
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory. 2017-06-13 not yet calculated CVE-2015-9020
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. 2017-06-13 not yet calculated CVE-2016-10336
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed. 2017-06-13 not yet calculated CVE-2016-10337
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing. 2017-06-13 not yet calculated CVE-2016-10338
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. 2017-06-13 not yet calculated CVE-2016-10332
BID
CONFIRM
google — android
 
The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted /sys/kernel/debug/msm-bus-dbg/client-data/update-request write request. 2017-06-16 not yet calculated CVE-2017-6899
MISC
google — android
 
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. 2017-06-13 not yet calculated CVE-2015-9027
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore. 2017-06-13 not yet calculated CVE-2016-10339
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. 2017-06-13 not yet calculated CVE-2016-10341
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. 2017-06-13 not yet calculated CVE-2016-10335
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command. 2017-06-13 not yet calculated CVE-2014-9962
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. 2017-06-13 not yet calculated CVE-2017-7368
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. 2017-06-13 not yet calculated CVE-2015-9026
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. 2017-06-13 not yet calculated CVE-2015-9024
BID
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. 2017-06-13 not yet calculated CVE-2017-8234
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. 2017-06-13 not yet calculated CVE-2017-7366
CONFIRM
google — android
 
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image. 2017-06-13 not yet calculated CVE-2017-7367
CONFIRM
google — android
 
In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write. 2017-06-13 not yet calculated CVE-2017-8233
CONFIRM
ibm — api_connect
 
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002. 2017-06-15 not yet calculated CVE-2017-1379
CONFIRM
BID
MISC
ibm — bigfix_compliance
 
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 123672. 2017-06-15 not yet calculated CVE-2017-1197
CONFIRM
MISC
ibm — jazz_foundation
 
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209. 2017-06-13 not yet calculated CVE-2016-9973
CONFIRM
BID
MISC
ibm — jazz_foundation
 
IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. 2017-06-13 not yet calculated CVE-2017-1099
CONFIRM
MISC
ibm — quality_manager
 
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666. 2017-06-13 not yet calculated CVE-2017-1104
CONFIRM
BID
MISC
ibm — quality_manager
 
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120663. 2017-06-13 not yet calculated CVE-2017-1102
CONFIRM
BID
MISC
ibm — quality_manager
 
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662. 2017-06-13 not yet calculated CVE-2017-1101
CONFIRM
BID
MISC
ibm — quality_manager
 
IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120661. 2017-06-13 not yet calculated CVE-2017-1100
CONFIRM
BID
MISC
infotecs — vipnet_client_and_coordinator
 
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks. 2017-06-14 not yet calculated CVE-2017-9606
MISC
intel — active_management_technology
 
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker’s crafted web page. 2017-06-14 not yet calculated CVE-2017-5697
CONFIRM
jadf — screensaver_installers
 
Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-06-09 not yet calculated CVE-2017-2176
JVN
CONFIRM
BID
japan_agency_for_local_authority_information _systems — jpki_client_software_for_windows
 
Untrusted search path vulnerability in The Public Certification Service for Individuals “The JPKI user’s software (for Windows 7 and later)” Ver3.0.1 and earlier, The Public Certification Service for Individuals “The JPKI user’s software (for Windows Vista)” Ver3.0.1 and earlier and The Public Certification Service for Individuals “The JPKI user’s software” Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-06-09 not yet calculated CVE-2016-4902
BID
JVN
japan_pension_service — todokesho
 
Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-06-09 not yet calculated CVE-2016-7818
CONFIRM
CONFIRM
CONFIRM
CONFIRM
BID
JVN
japan_total_system — groupsession
 
GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors. 2017-06-09 not yet calculated CVE-2017-2165
JVN
BID
kbvault_mysql — kbvault_mysql
 
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code. 2017-06-16 not yet calculated CVE-2017-9602
EXPLOIT-DB
kde — kde_applications
 
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin’s sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. 2017-06-13 not yet calculated CVE-2017-9604
CONFIRM
CONFIRM
lenovo — mouse suite
 
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. 2017-06-13 not yet calculated CVE-2015-4596
CONFIRM
libgcrypt — libgcrypt
 
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. 2017-06-10 not yet calculated CVE-2017-9526
BID
CONFIRM
CONFIRM
CONFIRM
libreswan — libreswan
 
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). 2017-06-13 not yet calculated CVE-2016-5391
CONFIRM
CONFIRM
FEDORA
FEDORA
libsndfile — libsndfile
 
In libsndfile version 1.0.28, an error in the “aiff_read_chanmap()” function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. 2017-06-12 not yet calculated CVE-2017-6892
CONFIRM
MISC
MISC
linux — linux_kernel
 
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time. 2017-06-17 not yet calculated CVE-2017-1000380
MISC
MISC
MISC
MISC
MISC
MISC
linux — linux_kernel
 
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. 2017-06-13 not yet calculated CVE-2017-9605
CONFIRM
CONFIRM
mea_financial_enterprises — algonquin_state_bank_mobile_banking_app
 
The “Algonquin State Bank Mobile Banking” by Algonquin State Bank app 3.0.0 — aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9581
MISC
mea_financial_enterprises — athens_state_bank_mobile_app
 
The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9572
MISC
mea_financial_enterprises — avb_bank_mobile_banking_app
 
The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9567
MISC
mea_financial_enterprises — blue_ridge_bank_app
 
The “Blue Ridge Bank and Trust Co. Mobile Banking” by Blue Ridge Bank and Trust Co. app 3.0.1 — aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9597
MISC
mea_financial_enterprises — bnb_mobile_banking_app
 
The “BNB Mobile Banking” by Brady National Bank app 3.0.0 — aka bnb-mobile-banking/id674215747 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9582
MISC
mea_financial_enterprises — cayuga_lake_national_bank_app
 
The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9560
MISC
mea_financial_enterprises — cb2go_app
 
The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9564
MISC
mea_financial_enterprises — cbtx_on_the_go_app
 
The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9569
MISC
mea_financial_enterprises — ccb_mobile_banking_app
 
The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9571
MISC
mea_financial_enterprises — cfb_mobile_banking_app
 
The “CFB Mobile Banking” by Citizens First Bank Wisconsin app 3.0.1 — aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9596
MISC
mea_financial_enterprises — charlevoix_state_bank_app
 
The “Charlevoix State Bank” by Charlevoix State Bank app 3.0.1 — aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9583
MISC
mea_financial_enterprises — community_state_bank_lamar_app
 
The “Community State Bank – Lamar Mobile Banking” by Community State Bank – Lamar app 3.0.3 — aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9585
MISC
mea_financial_enterprises — financial_plus_mobile_banking_app
 
The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9568
MISC
mea_financial_enterprises — first_citizens_bank_mobile_banking_app
 
The “First Citizens Bank-Mobile Banking” by First Citizens Bank (AL) app 3.0.0 — aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9577
MISC
mea_financial_enterprises — first_citizens_community_bank_app
 
The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9563
MISC
mea_financial_enterprises — first_security_bank_sleepy_eye_mobile_app
 
The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9565
MISC
mea_financial_enterprises — first_state_bank_of_bigfork_mobile_banking_app
 
The “First State Bank of Bigfork Mobile Banking” by First State Bank of Bigfork app 4.0.3 — aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9595
MISC
mea_financial_enterprises — fnb_kemp_mobile_banking_app
 
The “FNB Kemp Mobile Banking” by First National Bank of Kemp app 3.0.2 — aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9601
MISC
mea_financial_enterprises — fountain_trust_mobile_banking_app The “Fountain Trust Mobile Banking” by FOUNTAIN TRUST COMPANY app 3.0.0 — aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9599
MISC
mea_financial_enterprises — freedom_1st_credit_union_mobile_banking_app
 
The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9562
MISC
mea_financial_enterprises — fsb_dequeen_mobile_banking_app
 
The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9566
MISC
mea_financial_enterprises — fsby_mobile_banking_app
 
The “FSBY Mobile Banking” by First State Bank of Yoakum TX app 3.0.0 — aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9586
MISC
mea_financial_enterprises — fvb_mobile_banking_app
 
The “FVB Mobile Banking” by First Volunteer Bank of Tennessee app 3.1.1 — aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9575
MISC
mea_financial_enterprises — hbo_mobile_banking_app
 
The “HBO Mobile Banking” by Heritage Bank of Ozarks app 3.0.0 — aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9584
MISC
mea_financial_enterprises — jmcu_mobile_banking_app
 
The “JMCU Mobile Banking” by Joplin Metro Credit Union app 3.0.0 — aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9579
MISC
mea_financial_enterprises — kc_area_credit_union_mobile_banking_app
 
The “KC Area Credit Union Mobile Banking” by K C Area Credit Union app 3.0.1 — aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9574
MISC
mea_financial_enterprises — lee_bank_and_trust_mobile_app
 
The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9561
MISC
mea_financial_enterprises — mea_financial_vision_bank_app
 
The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9559
MISC
mea_financial_enterprises — middleton_community_bank_mobile_banking_app
 
The “Middleton Community Bank Mobile Banking” by Middleton Community Bank app 3.0.0 — aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9576
MISC
mea_financial_enterprises — morton_credit_union_app
 
The “Morton Credit Union Mobile Banking” by Morton Credit Union app 3.0.1 — aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9598
MISC
mea_financial_enterprises — mount_vernon_bank_trust_mobile_banking_app
 
The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9570
MISC
mea_financial_enterprises — nasb_mobile_banking_app
 
The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9573
MISC
mea_financial_enterprises — oculina_mobile_banking_app
 
The “Oculina Mobile Banking” by Oculina Bank app 3.0.0 — aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9593
MISC
mea_financial_enterprises — oritani_mobile_banking_app
 
The “Oritani Mobile Banking” by Oritani Bank app 3.0.0 — aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9588
MISC
mea_financial_enterprises — pcb_mobile_app
 
The “PCB Mobile” by Phelps County Bank app 3.0.2 — aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9591
MISC
mea_financial_enterprises — pcsb_bank_mobile_app
 
The “PCSB BANK Mobile” by PCSB Bank app 3.0.4 — aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9587
MISC
mea_financial_enterprises — peoples_bank_tulsa_app
 
The “Peoples Bank Tulsa” by Peoples Bank – OK app 3.0.2 — aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9600
MISC
mea_financial_enterprises — pioneer_bank_and_trust_mobile_banking_app
 
The “Pioneer Bank & Trust Mobile Banking” by PIONEER BANK AND TRUST app 3.0.0 — aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9580
MISC
mea_financial_enterprises — rvcb_mobile_banking_app
 
The “RVCB Mobile” by RVCB Mobile Banking app 3.0.0 — aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9578
MISC
mea_financial_enterprises — scsb_shelbyville_il_mobile_banking_app
 
The “SCSB Shelbyville IL Mobile Banking” by Shelby County State Bank app 3.0.0 — aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9589
MISC
mea_financial_enterprises — state_bank_of_waterloo_mobile_banking_app
 
The “State Bank of Waterloo Mobile Banking” by State Bank of Waterloo app 3.0.2 — aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9590
MISC
mea_financial_enterprises — svb_mobile_banking_app
 
The “SVB Mobile” by Sauk Valley Bank Mobile Banking app 3.0.0 — aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9594
MISC
mea_financial_enterprises — wawa_employees_credit_union_app
 
The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9558
MISC
mea_financial_enterprises — your_legacy_mobile_banking_app
 
The “Your Legacy Federal Credit Union Mobile Banking” by Your Legacy Federal Credit Union app 3.0.1 — aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-06-16 not yet calculated CVE-2017-9592
MISC
mediatek — mediatek
 
An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263. 2017-06-14 not yet calculated CVE-2017-0636
BID
CONFIRM
metasploit — metasploit
 
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks. 2017-06-15 not yet calculated CVE-2017-5244
BID
CONFIRM
MISC
microsoft — office A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. 2017-06-14 not yet calculated CVE-2017-8509
BID
CONFIRM
microsoft — office A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka “Microsoft Office Memory Corruption Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8507
BID
CONFIRM
microsoft — office
 
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. 2017-06-14 not yet calculated CVE-2017-8510
BID
CONFIRM
microsoft — office
 
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260. 2017-06-14 not yet calculated CVE-2017-8506
BID
CONFIRM
microsoft — office
 
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506. 2017-06-14 not yet calculated CVE-2017-0260
BID
CONFIRM
microsoft — office
 
A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka “Microsoft Office Security Feature Bypass Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8508
BID
CONFIRM
microsoft — office
 
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506. 2017-06-14 not yet calculated CVE-2017-8512
BID
CONFIRM
microsoft — office
 
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. 2017-06-14 not yet calculated CVE-2017-8511
BID
CONFIRM
microsoft — outlook
 
A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka “Microsoft Outlook for Mac Spoofing Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8545
BID
CONFIRM
microsoft — powerpoint
 
A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka “Microsoft PowerPoint Remote Code Execution Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8513
BID
CONFIRM
microsoft — sharepoint
 
An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka “Microsoft SharePoint XSS vulnerability”. 2017-06-14 not yet calculated CVE-2017-8551
BID
CONFIRM
microsoft — sharepoint
 
An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka “Microsoft SharePoint Reflective XSS Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8514
BID
CONFIRM
microsoft — skype
 
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka “Skype for Business Remote Code Execution Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8550
BID
CONFIRM
microsoft — windows Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka “Windows PDF Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0291. 2017-06-14 not yet calculated CVE-2017-0292
BID
CONFIRM
microsoft — windows Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. 2017-06-14 not yet calculated CVE-2017-8471
BID
CONFIRM
microsoft — windows Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. 2017-06-14 not yet calculated CVE-2017-8473
BID
CONFIRM
microsoft — windows The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8489
BID
CONFIRM
microsoft — windows Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219. 2017-06-14 not yet calculated CVE-2017-0216
BID
CONFIRM
microsoft — windows The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8488
BID
CONFIRM
microsoft — windows Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8548, and CVE-2017-8549. 2017-06-14 not yet calculated CVE-2017-8521
BID
CONFIRM
microsoft — windows Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user’s system when Windows Search fails to handle objects in memory, aka “Windows Search Information Disclosure Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8544
BID
CONFIRM
microsoft — windows Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477. 2017-06-14 not yet calculated CVE-2017-8484
BID
CONFIRM
microsoft — windows Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484. 2017-06-14 not yet calculated CVE-2017-8475
BID
CONFIRM
microsoft — windows Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. 2017-06-14 not yet calculated CVE-2017-8470
BID
CONFIRM
microsoft — windows The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8492
BID
CONFIRM
microsoft — windows The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8490
BID
CONFIRM
microsoft — windows Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8497. 2017-06-14 not yet calculated CVE-2017-8496
BID
CONFIRM
microsoft — windows
 
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka “Windows Graphics Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. 2017-06-14 not yet calculated CVE-2017-0288
BID
CONFIRM
microsoft — windows
 
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka “Windows Graphics Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. 2017-06-14 not yet calculated CVE-2017-0289
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This CVE ID is unique from CVE-2017-8468. 2017-06-14 not yet calculated CVE-2017-8465
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8491
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8480
BID
CONFIRM
microsoft — windows
 
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka “Windows olecnv32.dll Remote Code Execution Vulnerability.” 2017-06-15 not yet calculated CVE-2017-8487
BID
CONFIRM
microsoft — windows
 
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka “Windows PDF Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0292. 2017-06-14 not yet calculated CVE-2017-0291
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219. 2017-06-14 not yet calculated CVE-2017-0218
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:UsersDEFAULT folder structure, aka “Windows Default Folder Tampering Vulnerability”. 2017-06-14 not yet calculated CVE-2017-0295
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484. 2017-06-14 not yet calculated CVE-2017-8477
BID
CONFIRM
microsoft — windows
 
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka “Windows Graphics Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. 2017-06-14 not yet calculated CVE-2017-0286
BID
CONFIRM
microsoft — windows
 
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka “Windows Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0284, CVE-2017-0285, and CVE-2017-8534. 2017-06-14 not yet calculated CVE-2017-0282
BID
CONFIRM
microsoft — windows
 
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka “Windows Uniscribe Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8528. 2017-06-14 not yet calculated CVE-2017-0283
BID
CONFIRM
microsoft — windows
 
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of memory contents, aka “Windows Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-8534. 2017-06-14 not yet calculated CVE-2017-0285
BID
CONFIRM
microsoft — windows
 
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka “Windows Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0282, CVE-2017-0285, and CVE-2017-8534. 2017-06-14 not yet calculated CVE-2017-0284
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka “Windows Remote Code Execution Vulnerability”. 2017-06-14 not yet calculated CVE-2017-0294
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka “Win32k Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. 2017-06-14 not yet calculated CVE-2017-8472
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8469
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka “Windows TDX Elevation of Privilege Vulnerability”. 2017-06-14 not yet calculated CVE-2017-0296
BID
CONFIRM
microsoft — windows

 

Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8522 and CVE-2017-8524. 2017-06-14 not yet calculated CVE-2017-8517
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This CVE ID is unique from CVE-2017-8465. 2017-06-14 not yet calculated CVE-2017-8468
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka “Windows Security Feature Bypass Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8493
BID
CONFIRM
microsoft — windows
 
Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows improper elevation of privilege, aka “Windows Cursor Elevation of Privilege Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8466
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka “Windows VAD Cloning Denial of Service Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8515
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka “Windows Elevation of Privilege Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8494
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8474
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8481
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8479
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8476
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8482
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8485
BID
CONFIRM
microsoft — windows

 

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka “Internet Explorer Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8547. 2017-06-14 not yet calculated CVE-2017-8519
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8483
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8478
BID
CONFIRM
microsoft — windows
 
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka “Graphics Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0286, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. 2017-06-14 not yet calculated CVE-2017-0287
BID
CONFIRM
microsoft — windows
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka “Internet Explorer Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8519. 2017-06-14 not yet calculated CVE-2017-8547
BID
CONFIRM
microsoft — windows
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user’s computer when affected Microsoft scripting engines do not properly handle objects in memory, aka “Microsoft Browser Information Disclosure Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8529
BID
CONFIRM
microsoft — windows
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555. 2017-06-14 not yet calculated CVE-2017-8530
BID
CONFIRM
microsoft — windows
 
A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE is unique from CVE-2017-0263. 2017-06-14 not yet calculated CVE-2017-8552
CONFIRM
microsoft — windows
 
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530. 2017-06-14 not yet calculated CVE-2017-8555
BID
CONFIRM
microsoft — windows
 
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8517 and CVE-2017-8522. 2017-06-14 not yet calculated CVE-2017-8524
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. 2017-06-14 not yet calculated CVE-2017-0173
BID
CONFIRM
microsoft — windows
 
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka “Windows Uniscribe Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0283. 2017-06-14 not yet calculated CVE-2017-8528
BID
CONFIRM
microsoft — windows
 
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka “Windows Graphics Remote Code Execution Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8527
BID
CONFIRM
microsoft — windows

 

Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka “Microsoft Edge Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8504. 2017-06-14 not yet calculated CVE-2017-8498
BID
CONFIRM
microsoft — windows

 

Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8520, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549. 2017-06-14 not yet calculated CVE-2017-8499
BID
CONFIRM
microsoft — windows
 
Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka “Windows PDF Information Disclosure Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8460
BID
CONFIRM
microsoft — windows

 

Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka “Microsoft Edge Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8498. 2017-06-14 not yet calculated CVE-2017-8504
BID
CONFIRM
microsoft — windows
 
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8496. 2017-06-14 not yet calculated CVE-2017-8497
BID
CONFIRM
microsoft — windows

 

Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8499, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549. 2017-06-14 not yet calculated CVE-2017-8520
BID
CONFIRM
microsoft — windows
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555. 2017-06-14 not yet calculated CVE-2017-8523
BID
CONFIRM
microsoft — windows
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user’s system when Microsoft Edge improperly improperly handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8548. 2017-06-14 not yet calculated CVE-2017-8549
BID
CONFIRM
microsoft — windows
 
An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka “GDI Information Disclosure Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8553
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300. 2017-06-14 not yet calculated CVE-2017-0297
BID
CONFIRM
microsoft — windows
 
A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user’s session, aka “Windows COM Session Elevation of Privilege Vulnerability.” 2017-06-14 not yet calculated CVE-2017-0298
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-0299
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. 2017-06-14 not yet calculated CVE-2017-0215
BID
CONFIRM
microsoft — windows
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user’s system when Microsoft Edge improperly improperly handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8549. 2017-06-14 not yet calculated CVE-2017-8548
BID
CONFIRM
microsoft — windows
 
Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka “Windows RPC Remote Code Execution Vulnerability.” 2017-06-15 not yet calculated CVE-2017-8461
BID
CONFIRM
microsoft — windows
 
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218. 2017-06-14 not yet calculated CVE-2017-0219
BID
CONFIRM
microsoft — windows
 
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka “LNK Remote Code Execution Vulnerability.” 2017-06-14 not yet calculated CVE-2017-8464
BID
CONFIRM
microsoft — windows
 
Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524. 2017-06-14 not yet calculated CVE-2017-8522
BID
CONFIRM
microsoft — windows
 
Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka “Hypervisor Code Integrity Elevation of Privilege Vulnerability”. 2017-06-14 not yet calculated CVE-2017-0193
BID
CONFIRM
microsoft — windows
 
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka “Windows Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285. 2017-06-14 not yet calculated CVE-2017-8534
BID
CONFIRM
microsoft — windows
 
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka “Graphics Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532. 2017-06-14 not yet calculated CVE-2017-8533
BID
CONFIRM
microsoft — windows
 
Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka “Windows Search Remote Code Execution Vulnerability”. 2017-06-14 not yet calculated CVE-2017-8543
BID
CONFIRM
microsoft — windows
 
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka “Graphics Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533. 2017-06-14 not yet calculated CVE-2017-8532
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-8462
BID
CONFIRM
microsoft — windows
 
Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka “Graphics Uniscribe Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533. 2017-06-14 not yet calculated CVE-2017-8531
BID
CONFIRM
microsoft — windows
 
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka “Windows Kernel Information Disclosure Vulnerability,” a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, and CVE-2017-0297. 2017-06-14 not yet calculated CVE-2017-0300
BID
CONFIRM
mruby — mruby
 
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file. 2017-06-11 not yet calculated CVE-2017-9527
CONFIRM
CONFIRM
netmove — saat_netizen
 
Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-06-09 not yet calculated CVE-2017-2206
BID
JVN
CONFIRM
netmove — saat_netizen
 
Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-06-09 not yet calculated CVE-2017-2207
BID
JVN
CONFIRM
new_relic — .net_agent
 
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. 2017-06-13 not yet calculated CVE-2017-9246
MISC
open_ticket_request_system — open_ticket_request_system
 
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end. 2017-06-12 not yet calculated CVE-2017-9324
MISC
MISC
pascal-bajorat — simplece
 
In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. 2017-06-15 not yet calculated CVE-2017-9674
MISC
pascal-bajorat — simplece
 
In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password. 2017-06-15 not yet calculated CVE-2017-9673
MISC
pivotal — cloud_foundry An issue was discovered in Cloud Foundry Foundation Cloud Foundry release v252 and earlier versions, UAA stand-alone release v2.0.0 – v2.7.4.12 & v3.0.0 – v3.11.0, and UAA bosh release v26 & earlier versions. UAA is vulnerable to session fixation when configured to authenticate against external SAML or OpenID Connect based identity providers. 2017-06-13 not yet calculated CVE-2017-4963
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails. 2017-06-13 not yet calculated CVE-2016-8219
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka “Blind SQL Injection with privileged UAA endpoints.” 2017-06-13 not yet calculated CVE-2017-4974
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges. 2017-06-13 not yet calculated CVE-2017-4973
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 – v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth configuration to be ignored when the Static file file is not present in the application root. Applications containing a Staticfile.auth file but not a Static file had their basic auth turned off when an operator upgraded the Static file build pack in the foundation to one of the vulnerable versions. Note that Static file applications without a Static file are technically misconfigured, and will not successfully detect unless the Static file build pack is explicitly specified. 2017-06-13 not yet calculated CVE-2017-4970
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database. 2017-06-13 not yet calculated CVE-2017-4972
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v263; UAA release 2.x versions prior to v2.7.4.18, 3.6.x versions prior to v3.6.12, 3.9.x versions prior to v3.9.14, and other versions prior to v4.3.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.16, 24.x versions prior to v24.11, 30.x versions prior to 30.4, and other versions prior to v40. There was an issue with forwarded http headers in UAA that could result in account corruption. 2017-06-13 not yet calculated CVE-2017-4994
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an “Unauthenticated JWT signing algorithm in routing” issue. 2017-06-13 not yet calculated CVE-2016-8218
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka “BOSH Director Shell Injection Vulnerabilities.” 2017-06-13 not yet calculated CVE-2017-4961
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry. 2017-06-13 not yet calculated CVE-2016-6655
BID
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. There is privilege escalation (arbitrary password reset) with user invitations. 2017-06-13 not yet calculated CVE-2017-4992
CONFIRM
pivotal — cloud_foundry
 
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone. 2017-06-13 not yet calculated CVE-2017-4991
CONFIRM
pivotal — pivotal_cloud_foundry_elastic_runtime

 

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users in multiple components included in PCF Elastic Runtime, aka an “Unauthenticated JWT signing algorithm in multiple components” issue. 2017-06-13 not yet calculated CVE-2017-2773
BID
CONFIRM
pivotal — pivotal_cloud_foundry_elastic_runtime
 
An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile. 2017-06-13 not yet calculated CVE-2017-4955
BID
CONFIRM
pivotal — pivotal_cloud_foundry_elastic_runtime
 
An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions prior to 1.8.29 and 1.9.x versions prior to 1.9.7. Pivotal Cloud Foundry deployments using the Pivotal Account application are vulnerable to a flaw which allows an authorized user to take over the account of another user, causing account lockout and potential escalation of privileges. 2017-06-13 not yet calculated CVE-2017-4959
BID
CONFIRM
pivotal — pivotal_cloud_foundry_tile_generator
 
An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator. 2017-06-13 not yet calculated CVE-2017-4975
CONFIRM
pivotal — rabbitmq
 
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser’s local storage without expiration, making it possible to retrieve them using a chained attack. 2017-06-13 not yet calculated CVE-2017-4966
CONFIRM
pivotal — rabbitmq
 
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. 2017-06-13 not yet calculated CVE-2017-4965
BID
CONFIRM
pivotal — rabbitmq
 
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. 2017-06-13 not yet calculated CVE-2017-4967
CONFIRM
pivotal — spring_web_flow
 
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to ‘false’) can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. 2017-06-13 not yet calculated CVE-2017-4971
BID
CONFIRM
CONFIRM
piwigo — piwigo
 
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the “redirect” parameter is not validated. 2017-06-14 not yet calculated CVE-2017-9464
MISC
MISC
piwigo — piwigo
 
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. 2017-06-14 not yet calculated CVE-2017-9463
MISC
MISC
MISC
pulp — pulp
 
Pulp before 2.8.5 uses bash’s $RANDOM in an unsafe way to generate passwords. 2017-06-13 not yet calculated CVE-2016-3704
CONFIRM
CONFIRM
MISC
MISC
FEDORA
CONFIRM
pulp — pulp
 
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. 2017-06-13 not yet calculated CVE-2016-3696
CONFIRM
CONFIRM
FEDORA
CONFIRM
qemu — qemu
 
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device. 2017-06-16 not yet calculated CVE-2017-9374
CONFIRM
MLIST
CONFIRM
qemu — qemu
 
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. 2017-06-16 not yet calculated CVE-2017-9503
MLIST
CONFIRM
MLIST
MLIST
qemu — qemu
 
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. 2017-06-16 not yet calculated CVE-2017-9375
CONFIRM
MLIST
BID
CONFIRM
qemu — qemu
 
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device. 2017-06-16 not yet calculated CVE-2017-9373
CONFIRM
MLIST
BID
CONFIRM
qnap — qts
 
QNAP QTS before 4.2.6 build 20170517 allows command injection. 2017-06-15 not yet calculated CVE-2017-7876
CONFIRM
qnap — qts
 
QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password function. 2017-06-15 not yet calculated CVE-2017-7629
CONFIRM
red_hat — quickstart_cloud_installer
 
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. 2017-06-13 not yet calculated CVE-2016-5411
BID
CONFIRM
rockwell_automation — panelview_plus_6
 
A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access. 2017-06-14 not yet calculated CVE-2017-7914
MISC
ruby — ruby
 
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. 2017-06-12 not yet calculated CVE-2015-9096
MISC
MISC
MISC
MISC
ruby — ruby
 
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring. 2017-06-12 not yet calculated CVE-2015-9097
MISC
MISC
MISC
MISC
MISC
MISC
MISC
sap — successfactors
 
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. 2017-06-15 not yet calculated CVE-2017-9613
MISC
BID
MISC
spip — spip
 
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution. 2017-06-17 not yet calculated CVE-2017-9736
CONFIRM
CONFIRM
CONFIRM
synology — photo_station
 
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by “synophoto_dsm_user –auth USERNAME PASSWORD”, and local users are able to obtain credentials by sniffing “/proc/*/cmdline”. 2017-06-13 not yet calculated CVE-2017-9552
MISC
CONFIRM
tablib — tablib
 
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability. 2017-06-14 not yet calculated CVE-2017-2810
BID
MISC
telaxus — epesi Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data. 2017-06-14 not yet calculated CVE-2017-9624
CONFIRM
CONFIRM
telaxus — epesi
 
Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter. 2017-06-14 not yet calculated CVE-2017-9621
CONFIRM
CONFIRM
telaxus — epesi
 
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. 2017-06-14 not yet calculated CVE-2017-9622
CONFIRM
CONFIRM
telaxus — epesi
 
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data. 2017-06-14 not yet calculated CVE-2017-9623
CONFIRM
CONFIRM
tera_term — tera_term
 
Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-06-09 not yet calculated CVE-2017-2193
JVN
BID
CONFIRM
tslite — tslite
 
The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash). 2017-06-13 not yet calculated CVE-2015-3220
CONFIRM
CONFIRM
MLIST
uclibc — uclibc
 
In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression. 2017-06-16 not yet calculated CVE-2017-9728
MISC
uclibc — uclibc
 
In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression. 2017-06-16 not yet calculated CVE-2017-9729
MISC
winsparkle — winsparkle
 
Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory. 2017-06-09 not yet calculated CVE-2016-7838
BID
CONFIRM
JVN
JVN
CONFIRM
wireshark — wireshark
 
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. 2017-06-14 not yet calculated CVE-2017-9616
CONFIRM
wireshark — wireshark
 
In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. 2017-06-14 not yet calculated CVE-2017-9617
CONFIRM
wordpress — wordpress
 
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. 2017-06-15 not yet calculated CVE-2017-9419
MISC
wordpress — wordpress
 
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. 2017-06-13 not yet calculated CVE-2017-9603
MISC
MISC
wordpress — wordpress
 
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. 2017-06-12 not yet calculated CVE-2017-9418
MISC
wordpress — wordpress
 
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. 2017-06-13 not yet calculated CVE-2017-9429
MISC
yocto_project — yp_core_pyro
 
In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core – Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package. 2017-06-16 not yet calculated CVE-2017-9731
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.