SB17-191: Vulnerability Summary for the Week of July 3, 2017

Original release date: July 10, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — elastic_services_controller A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a “tomcat” user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634. 2017-07-05 9.0 CVE-2017-6712
BID
CONFIRM
cisco — elastic_services_controller A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627. 2017-07-05 10.0 CVE-2017-6713
BID
CONFIRM
cisco — ios_xr A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb99384. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.11.3i.ROUT 6.2.1.29i.ROUT 6.2.1.26i.ROUT. 2017-07-03 7.2 CVE-2017-6718
BID
SECTRACK
CONFIRM
cisco — ios_xr A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges, aka Command Injection. More Information: CSCvb99406. Known Affected Releases: 6.2.1.BASE. Known Fixed Releases: 6.2.1.28i.BASE 6.2.1.22i.BASE 6.1.32.8i.BASE 6.1.31.3i.BASE 6.1.3.10i.BASE. 2017-07-03 7.2 CVE-2017-6719
BID
SECTRACK
CONFIRM
cisco — staros A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core (VPC) Software could allow an authenticated, local attacker to break from the StarOS CLI of an affected system and execute arbitrary shell commands as a Linux root user on the system, aka Command Injection. The vulnerability exists because the affected operating system does not sufficiently sanitize commands before inserting them into Linux shell commands. An attacker could exploit this vulnerability by submitting a crafted CLI command for execution in a Linux shell command as a root user. Cisco Bug IDs: CSCvc69329, CSCvc72930. 2017-07-05 7.2 CVE-2017-6707
BID
SECTRACK
CONFIRM
cisco — ultra_services_framework A vulnerability in the symbolic link (symlink) creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of validation checks for the input that is used to create symbolic links. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76654. 2017-07-05 7.5 CVE-2017-6708
CONFIRM
cisco — ultra_services_framework_staging_server A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673. 2017-07-05 10.0 CVE-2017-6714
BID
CONFIRM
google — android The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. 2017-06-30 7.2 CVE-2017-10709
MISC
MISC
MISC
MISC
MISC
humaxdigital — hg100r_firmware An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it’s not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin. 2017-07-03 10.0 CVE-2017-7315
MISC
humaxdigital — hg100r_firmware An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin. 2017-07-03 10.0 CVE-2017-7317
MISC
puppet — mcollective Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior. 2017-06-30 7.5 CVE-2017-2292
CONFIRM
videolan — vlc_media_player avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution. 2017-06-30 7.5 CVE-2017-10699
SECTRACK
CONFIRM
xen — xen Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217. 2017-07-04 10.0 CVE-2017-10912
BID
CONFIRM
xen — xen Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221. 2017-07-04 9.4 CVE-2017-10917
BID
CONFIRM
xen — xen Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222. 2017-07-04 10.0 CVE-2017-10918
BID
CONFIRM
xoev — osci_transport_library An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure. 2017-06-30 7.5 CVE-2017-10670
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
aeroadmin — aeroadmin AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service. 2017-07-02 5.0 CVE-2017-8893
MISC
aeroadmin — aeroadmin AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine. 2017-07-02 6.8 CVE-2017-8894
MISC
antiy — antivirus_engine Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call. 2017-06-30 4.9 CVE-2017-10674
MISC
bestpractical — request_tracker Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allows remote attackers to inject arbitrary web script or HTML via a file upload with an unspecified content type. 2017-07-03 4.3 CVE-2016-6127
DEBIAN
BID
CONFIRM
bestpractical — request_tracker Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack. 2017-07-03 4.3 CVE-2017-5361
DEBIAN
DEBIAN
CONFIRM
bestpractical — request_tracker Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 allows remote attackers to obtain sensitive information about cross-site request forgery (CSRF) verification tokens via a crafted URL. 2017-07-03 6.8 CVE-2017-5943
DEBIAN
BID
CONFIRM
bestpractical — request_tracker The dashboard subscription interface in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote authenticated users with certain privileges to execute arbitrary code via a crafted saved search name. 2017-07-03 6.5 CVE-2017-5944
DEBIAN
BID
CONFIRM
cisco — evolved_programmable_network_manager A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24616 CSCvc35363 CSCvc49574. Known Affected Releases: 3.1(1) 2.0(4.0.45B). 2017-07-03 4.3 CVE-2017-6699
BID
SECTRACK
CONFIRM
cisco — identity_services_engine A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd49141. Known Affected Releases: 2.1(102.101). 2017-07-03 4.3 CVE-2017-6701
BID
SECTRACK
CONFIRM
cisco — prime_collaboration_provisioning A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user’s session. More Information: CSCvc90346. Known Affected Releases: 12.1. 2017-07-03 4.0 CVE-2017-6703
BID
SECTRACK
CONFIRM
cisco — prime_collaboration_provisioning A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More Information: CSCvc90335. Known Affected Releases: 12.1. 2017-07-03 4.0 CVE-2017-6704
BID
SECTRACK
CONFIRM
cisco — prime_infrastructure A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) SQL database interface could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Known Affected Releases: 3.1(1) 2.0(4.0.45B). 2017-07-03 5.5 CVE-2017-6698
BID
SECTRACK
CONFIRM
cisco — prime_infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B). 2017-07-03 4.3 CVE-2017-6700
BID
SECTRACK
CONFIRM
cisco — prime_infrastructure A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65843. Known Affected Releases: 3.1(0.0). 2017-07-03 4.3 CVE-2017-6724
BID
SECTRACK
CONFIRM
cisco — prime_infrastructure A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65833 CSCuw65837. Known Affected Releases: 2.2(2). 2017-07-03 4.3 CVE-2017-6725
BID
SECTRACK
CONFIRM
cisco — socialminer A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1). 2017-07-03 4.3 CVE-2017-6702
BID
SECTRACK
CONFIRM
cisco — staros A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service (DoS) condition. Affected Products: ASR 5000 Series Routers, Virtualized Packet Core (VPC) Software. More Information: CSCvc21129. Known Affected Releases: 21.1.0 21.1.M0.65601 21.1.v0. Known Fixed Releases: 21.2.A0.65754 21.1.b0.66164 21.1.V0.66014 21.1.R0.65759 21.1.M0.65749 21.1.0.66030 21.1.0. 2017-07-03 5.0 CVE-2017-3865
BID
SECTRACK
CONFIRM
cisco — ultra_services_framework A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659. 2017-07-05 5.0 CVE-2017-6709
CONFIRM
cisco — ultra_services_framework A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulnerability is due to an insecure default configuration of the Apache ZooKeeper service used by the affected software. An attacker could exploit this vulnerability by accessing the affected device through the orchestrator network. An exploit could allow the attacker to gain access to ZooKeeper data nodes (znodes) and influence the behavior of the system’s high-availability feature. This vulnerability affects all releases of Cisco Ultra Services Framework UAS prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvd29395. 2017-07-05 6.4 CVE-2017-6711
BID
CONFIRM
cisco — unified_contact_center_express A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affected Releases: 10.6(1). Known Fixed Releases: 11.5(1.10000.61). 2017-07-03 5.5 CVE-2017-6722
BID
SECTRACK
CONFIRM
cisco — wide_area_application_services A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) condition. More Information: CSCvc57428. Known Affected Releases: 6.3(1). Known Fixed Releases: 6.3(0.143) 6.2(3c)6 6.2(3.22). 2017-07-03 5.0 CVE-2017-6721
BID
SECTRACK
CONFIRM
ektron — ektron_content_management_system Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx. 2017-07-03 4.3 CVE-2016-6201
MISC
elasticsearch — kibana In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs. 2017-06-30 4.3 CVE-2017-8443
CONFIRM
graphicsmagick — graphicsmagick When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata indicating a single sample per pixel) in coders/tiff.c, a buffer overflow occurs, related to QuantumTransferMode. 2017-07-02 4.3 CVE-2017-10794
BID
CONFIRM
graphicsmagick — graphicsmagick When GraphicsMagick 1.3.25 processes a DPX image (with metadata indicating a large width) in coders/dpx.c, a denial of service (OOM) can occur in ReadDPXImage(). 2017-07-02 4.3 CVE-2017-10799
CONFIRM
BID
graphicsmagick — graphicsmagick When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data. 2017-07-02 4.3 CVE-2017-10800
CONFIRM
BID
humaxdigital — hg100r_firmware An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page. 2017-07-03 4.3 CVE-2017-7316
MISC
intelliants — subrion_cms Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. 2017-07-02 4.3 CVE-2017-10795
BID
MISC
netapp — altavault NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. 2017-07-03 5.1 CVE-2016-3998
CONFIRM
netapp — clustered_data_ontap NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. 2017-07-03 6.8 CVE-2016-3997
CONFIRM
CONFIRM
netapp — data_ontap NetApp Data ONTAP, when operating in 7-Mode 8.1 and 8.2, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. 2017-07-03 6.8 CVE-2016-3400
CONFIRM
BID
MISC
CONFIRM
netapp — oncommand_system_manager NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. 2017-07-03 6.8 CVE-2016-5045
CONFIRM
objectplanet — opinio In ObjectPlanet Opinio before 7.6.4, there is XSS. 2017-07-02 4.3 CVE-2017-10798
CONFIRM
puppetlabs — mcollective-sshkey-security The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string “_pub.pem”. 2017-06-30 4.3 CVE-2017-2298
CONFIRM
CONFIRM
CONFIRM
winamp — winamp Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to “Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00000000000009a8.” 2017-07-05 4.4 CVE-2017-10725
MISC
xen — xen Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. 2017-07-04 5.0 CVE-2017-10919
BID
CONFIRM
xnview — xnview XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at KERNELBASE!FindSortHashNode+0x0000000000000040.” 2017-07-05 4.6 CVE-2017-10774
MISC
xoev — osci_transport_library A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption. 2017-06-30 4.3 CVE-2017-10668
MISC
MISC
xoev — osci_transport_library Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs. 2017-06-30 6.4 CVE-2017-10669
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
antiy — antivirus_engine When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used. 2017-07-02 2.1 CVE-2017-10706
MISC
cisco — firepower_management_center A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6. 2017-07-03 3.5 CVE-2017-6715
BID
CONFIRM
cisco — firepower_management_center A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases prior to 6.0.0.0. More Information: CSCuy88785. Known Affected Releases: 5.4.1.6. 2017-07-03 3.5 CVE-2017-6716
BID
CONFIRM
cisco — firepower_management_center A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2.1. 2017-07-03 3.5 CVE-2017-6717
BID
CONFIRM
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc85415. Known Affected Releases: 2.1(0.800). 2017-07-03 3.5 CVE-2017-6605
BID
SECTRACK
CONFIRM
cisco — prime_collaboration_provisioning A vulnerability in the filesystem of the Cisco Prime Collaboration Provisioning tool could allow an authenticated, local attacker to acquire sensitive information. More Information: CSCvc82973. Known Affected Releases: 12.1. 2017-07-03 2.1 CVE-2017-6705
BID
SECTRACK
CONFIRM
cisco — prime_collaboration_provisioning A vulnerability in the logging subsystem of the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, local attacker to acquire sensitive information. More Information: CSCvd07260. Known Affected Releases: 12.1. 2017-07-03 3.6 CVE-2017-6706
BID
SECTRACK
CONFIRM
synology — audio_station Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. 2017-06-30 3.5 CVE-2015-9104
MISC
CONFIRM
synology — note_station Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. 2017-06-30 3.5 CVE-2015-9103
MISC
MISC
CONFIRM
synology — photo_station Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. 2017-06-30 3.5 CVE-2015-9102
MISC
MISC
MISC
MISC
CONFIRM
synology — video_station Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. 2017-06-30 3.5 CVE-2015-9105
MISC
MISC
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acquisition_technology_&_logistics_agency — electronic_tendering_and_bid_opening_system
 
Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2208
MISC
JVN
apache — etherpad
 
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests. 2017-07-07 not yet calculated CVE-2015-3297
MLIST
MLIST
BID
CONFIRM
apache — solr
 
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either “HttpClientInterceptorPlugin” or “HttpClientBuilderPlugin”, his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected. 2017-07-07 not yet calculated CVE-2017-7660
MLIST
apple — quicktime_for_windows
 
Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2218
JVN
MISC

brother_industries — mfc-j960dwn_firmware

Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2244
JVN
CONFIRM
c-ares — c-ares
 
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. 2017-07-07 not yet calculated CVE-2017-1000381
CONFIRM
CONFIRM
cacti — cacti
 
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. 2017-07-06 not yet calculated CVE-2017-10970
CONFIRM
catdoc — catdoc
 
The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer. 2017-07-08 not yet calculated CVE-2017-11110
MISC
charamin_steering_committee –installer_of_charamin_omp
 
Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2227
JVN
cybozu — garoon
 
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user’s file through a specially crafted page. 2017-07-07 not yet calculated CVE-2017-2144
JVN
CONFIRM
cybozu — garoon
 
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. 2017-07-07 not yet calculated CVE-2017-2146
JVN
CONFIRM
cybozu — garoon
 
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2145
JVN
CONFIRM
cybozu — kunai
 
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2172
JVN
CONFIRM
d-link — d-link_dir-615
 
On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router’s Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim’s Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim’s Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware. 2017-07-07 not yet calculated CVE-2017-7404
MISC
MISC
d-link — d-link_dir-615
 
On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim’s host, an attacker might be able to take over the administrative session without being prompted for authentication credentials. An attacker can get the victim’s and router’s IP addresses by simply sniffing the network traffic. Moreover, if the victim has web access enabled on his router and is accessing the web interface from a different network that is behind the NAT/Proxy, an attacker can sniff the network traffic to know the public IP address of the victim’s router and take over his session as he won’t be prompted for credentials. 2017-07-07 not yet calculated CVE-2017-7405
MISC
MISC
d-link — d-link_dir-615
 
The D-Link DIR-615 device before v20.12PTb04 doesn’t use SSL for any of the authenticated pages. Also, it doesn’t allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user’s credentials and/or credentials of users being added while sniffing the traffic. 2017-07-07 not yet calculated CVE-2017-7406
MISC
MISC
dbd::mysql — dbd::mysql
 
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples. 2017-07-01 not yet calculated CVE-2017-10788
MISC
BID
MISC
dbd::mysql — dbd::mysql
 
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting’s documentation has a “your communication with the server will be encrypted” statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. 2017-07-01 not yet calculated CVE-2017-10789
BID
MISC
MISC
dfactory — responsive_lightbox
 
Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2243
JVN
CONFIRM
elastic — elasticsearch_x-pack_security
 
Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details. 2017-07-07 not yet calculated CVE-2017-8442
CONFIRM
emc — rsa_archer
 
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users’ discussion forum messages. 2017-07-06 not yet calculated CVE-2017-4999
CONFIRM
BID
SECTRACK
emc — rsa_archer
 
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user’s privileges. 2017-07-06 not yet calculated CVE-2017-4998
CONFIRM
BID
SECTRACK
emc — rsa_archer
 
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. 2017-07-06 not yet calculated CVE-2017-5001
CONFIRM
BID
SECTRACK
emc — rsa_archer
 
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the RSA Archer application without the victims realizing an attack occurred. 2017-07-06 not yet calculated CVE-2017-5002
CONFIRM
BID
SECTRACK
emc — rsa_archer
 
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. 2017-07-06 not yet calculated CVE-2017-5000
CONFIRM
BID
SECTRACK
fastone — image_viewer
 
FastStone Image Viewer 6.2 has a “User Mode Write AV” issue, possibly related to the jpeg_mem_term function in jmemnobs.c in libjpeg. This issue can be triggered by a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. 2017-07-05 not yet calculated CVE-2017-8826
MISC
fastone — image_viewer
 
FastStone Image Viewer 6.2 has a “Data from Faulting Address may be used as a return value” issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact. 2017-07-05 not yet calculated CVE-2017-8785
MISC
finecms — finecms
 
In FineCMS before 2017-07-06, applicationcorecontrollerconfig.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters. 2017-07-06 not yet calculated CVE-2017-10967
CONFIRM
finecms — finecms
 
In FineCMS through 2017-07-07, applicationcorecontrollertemplate.php allows remote PHP code execution by placing the code after “ 2017-07-07 not yet calculated CVE-2017-10968
MISC
finecms — finecms
 
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header. 2017-07-06 not yet calculated CVE-2017-10973
CONFIRM
CONFIRM
foxit — foxit_reader_and_phantompdf
 
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. 2017-07-07 not yet calculated CVE-2017-10994
CONFIRM
golang — go
 
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries. 2017-07-06 not yet calculated CVE-2017-8932
SUSE
SUSE
MISC
CONFIRM
CONFIRM
CONFIRM
MLIST
FEDORA
google — android A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809. 2017-07-06 not yet calculated CVE-2017-0699
CONFIRM
google — android A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048. 2017-07-06 not yet calculated CVE-2017-0709
CONFIRM
google — android
 
A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177. 2017-07-06 not yet calculated CVE-2017-0670
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151. 2017-07-06 not yet calculated CVE-2017-0678
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950. 2017-07-06 not yet calculated CVE-2017-0689
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414. 2017-07-06 not yet calculated CVE-2017-0665
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231. 2017-07-06 not yet calculated CVE-2017-0686
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425. 2017-07-06 not yet calculated CVE-2017-0688
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689. 2017-07-06 not yet calculated CVE-2017-0666
CONFIRM
google — android
 
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579. 2017-07-06 not yet calculated CVE-2017-0668
CONFIRM
google — android
 
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752. 2017-07-06 not yet calculated CVE-2017-0669
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202. 2017-07-06 not yet calculated CVE-2017-0690
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889. 2017-07-06 not yet calculated CVE-2017-0695
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278. 2017-07-06 not yet calculated CVE-2017-0664
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36993291. 2017-07-06 not yet calculated CVE-2017-0693
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096. 2017-07-06 not yet calculated CVE-2017-0680
CONFIRM
google — android
 
Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request. 2017-07-07 not yet calculated CVE-2014-7954
MISC
FULLDISC
BUGTRAQ
BID
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36591008. 2017-07-06 not yet calculated CVE-2017-0683
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36588422. 2017-07-06 not yet calculated CVE-2017-0682
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566. 2017-07-06 not yet calculated CVE-2017-0681
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195. 2017-07-06 not yet calculated CVE-2017-0685
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318. 2017-07-06 not yet calculated CVE-2017-0694
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824. 2017-07-06 not yet calculated CVE-2017-0667
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407. 2017-07-06 not yet calculated CVE-2017-0692
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978. 2017-07-06 not yet calculated CVE-2017-0679
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453. 2017-07-06 not yet calculated CVE-2017-0691
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35421151. 2017-07-06 not yet calculated CVE-2017-0684
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120. 2017-07-06 not yet calculated CVE-2017-0696
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek networking driver. Product: Android. Versions: Android kernel. Android ID: A-36099953. References: M-ALPS03206781. 2017-07-06 not yet calculated CVE-2017-0711
BID
CONFIRM
google — android
 
Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running “pm install” with the target apk, and simultaneously running a crafted script to process logcat’s output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000. 2017-07-07 not yet calculated CVE-2014-7953
FULLDISC
BUGTRAQ
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864. 2017-07-06 not yet calculated CVE-2017-0710
CONFIRM
google — android
 
A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467. 2017-07-06 not yet calculated CVE-2017-0707
CONFIRM
google — android
 
A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458. 2017-07-06 not yet calculated CVE-2017-0698
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882. 2017-07-06 not yet calculated CVE-2017-0703
CONFIRM
google — android
 
A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36621442. 2017-07-06 not yet calculated CVE-2017-0702
CONFIRM
google — android
 
A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36385715. 2017-07-06 not yet calculated CVE-2017-0701
CONFIRM
google — android
 
A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-35639138. 2017-07-06 not yet calculated CVE-2017-0700
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013. 2017-07-06 not yet calculated CVE-2017-0697
CONFIRM
google — android
 
An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340. 2017-07-07 not yet calculated CVE-2017-0340
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898. 2017-07-06 not yet calculated CVE-2017-0705
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227. 2017-07-06 not yet calculated CVE-2017-0675
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36035074. 2017-07-06 not yet calculated CVE-2017-0677
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431. 2017-07-06 not yet calculated CVE-2017-0676
CONFIRM
google — android
 
An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326. 2017-07-07 not yet calculated CVE-2017-0326
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163. 2017-07-06 not yet calculated CVE-2017-0674
CONFIRM
google — android
 
A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762. 2017-07-06 not yet calculated CVE-2017-0671
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-33059280. 2017-07-06 not yet calculated CVE-2017-0704
CONFIRM
google — android
 
A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879. 2017-07-06 not yet calculated CVE-2017-0708
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33974623. 2017-07-06 not yet calculated CVE-2017-0673
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532. 2017-07-06 not yet calculated CVE-2017-0706
CONFIRM
google — android
 
A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578. 2017-07-06 not yet calculated CVE-2017-0672
CONFIRM
graphicsmagick — graphicsmagick
 
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structrure. 2017-07-07 not yet calculated CVE-2017-11102
CONFIRM
CONFIRM

i-o_data_device — multiple_products

Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2223
MISC
JVN
ibm — jazz_foundation
 
IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. 2017-07-05 not yet calculated CVE-2016-9700
CONFIRM
MISC
ibm — jazz_foundation
 
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553. 2017-07-05 not yet calculated CVE-2016-9987
CONFIRM
BID
MISC
ibm — jazz_foundation
 
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554. 2017-07-05 not yet calculated CVE-2016-9988
CONFIRM
BID
MISC
ibm — jazz_foundation
 
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552. 2017-07-05 not yet calculated CVE-2016-9986
CONFIRM
BID
MISC
ibm — jazz_foundation
 
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555. 2017-07-05 not yet calculated CVE-2016-9989
CONFIRM
BID
MISC
ibm — security_guardium
 
IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits sensitive data in cleartext in the query of the request. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 110409 2017-07-05 not yet calculated CVE-2016-0238
CONFIRM
BID
MISC
ibm — team_concert
 
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762. 2017-07-05 not yet calculated CVE-2016-9733
CONFIRM
BID
MISC
ibm — team_concert
 
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821. 2017-07-05 not yet calculated CVE-2016-9746
CONFIRM
BID
MISC
ibm — team_concert
 
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529. 2017-07-05 not yet calculated CVE-2016-9701
CONFIRM
BID
MISC
ibm — jazz_reporting_service
 
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120656. 2017-07-05 not yet calculated CVE-2017-1096
CONFIRM
BID
MISC
ibm — jazz_reporting_service
 
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788. 2017-07-05 not yet calculated CVE-2017-1157
CONFIRM
BID
MISC
ibm — maximo_asset_management
 
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user to obtain sensitive information due to inappropriate data retention of attachments. IBM X-Force ID: 123299. 2017-07-05 not yet calculated CVE-2017-1176
CONFIRM
BID
MISC
ibm — maximo_asset_management
 
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123778. 2017-07-05 not yet calculated CVE-2017-1208
CONFIRM
BID
MISC
ibm — rational_team_concert
 
IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121151. 2017-07-05 not yet calculated CVE-2017-1113
CONFIRM
BID
MISC
ibm — security_guardium
 
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633. 2017-07-05 not yet calculated CVE-2017-1253
CONFIRM
BID
MISC
ibm — security_guardium
 
IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634. 2017-07-05 not yet calculated CVE-2017-1254
CONFIRM
BID
MISC
ibm — security_guardium
 
IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124678 2017-07-05 not yet calculated CVE-2017-1256
CONFIRM
BID
MISC
ibm — security_guardium
 
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739. 2017-07-05 not yet calculated CVE-2017-1264
CONFIRM
BID
MISC
ibm — security_guardium
 
IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744 2017-07-05 not yet calculated CVE-2017-1269
CONFIRM
BID
MISC
ibm — security_guardium
 
IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685 2017-07-05 not yet calculated CVE-2017-1258
CONFIRM
BID
MISC
ibm — websphere_message_broker
 
IBM WebSphere Message Broker stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123777. 2017-07-05 not yet calculated CVE-2017-1207
CONFIRM
BID
MISC
ibm — websphere_message_broker
 
IBM WebSphere Message Broker could allow a local user with specialized access to prevent the message broker from starting. IBM X-Force ID: 122033. 2017-07-05 not yet calculated CVE-2017-1144
CONFIRM
BID
MISC
ibm — websphere_mq
 
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 2017-07-06 not yet calculated CVE-2017-1236
CONFIRM
MISC
ibm — websphere_portal
 
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857 2017-07-05 not yet calculated CVE-2017-1217
CONFIRM
BID
SECTRACK
MISC
ibm –maximo_asset_management
 
IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297. 2017-07-05 not yet calculated CVE-2017-1175
CONFIRM
BID
MISC
imagemagick — imagemagick
 
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. 2017-07-07 not yet calculated CVE-2017-10995
CONFIRM
imagemagick — imagemagick
 
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. 2017-07-05 not yet calculated CVE-2017-10928
CONFIRM
information-technology_promotion_agency_japan — icodechecker
 
Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2194
JVN
MISC
information-technology_promotion_agency_japan — installer_of_casl_ii_simulator
 
Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2220
JVN
MISC
internet_security_association_and_key_management_ protocol — internet_security_association_and_key_management_ protocol
 
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. 2017-07-05 not yet calculated CVE-2016-10396
CONFIRM
CONFIRM
CONFIRM
irfanview — irfanview IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to “Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c998.” 2017-07-05 not yet calculated CVE-2017-9877
CONFIRM
MISC
irfanview — irfanview IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121.” 2017-07-05 not yet calculated CVE-2017-10729
CONFIRM
MISC
irfanview — irfanview IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResGetMappingSize+0x00000000000003cc.” 2017-07-05 not yet calculated CVE-2017-9921
MISC
irfanview — irfanview IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpCompareResourceNames_U+0x0000000000000062.” 2017-07-05 not yet calculated CVE-2017-9922
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a “Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033.” 2017-07-05 not yet calculated CVE-2017-9915
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.” 2017-07-05 not yet calculated CVE-2017-9892
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlFreeHandle+0x00000000000001b6.” 2017-07-05 not yet calculated CVE-2017-9916
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResSearchResourceInsideDirectory+0x000000000000029e.” 2017-07-05 not yet calculated CVE-2017-9920
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!RtlFreeHandle+0x0000000000000218.” 2017-07-05 not yet calculated CVE-2017-9917
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000087.” 2017-07-05 not yet calculated CVE-2017-9919
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80.” 2017-07-05 not yet calculated CVE-2017-10731
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to “Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceTypesInternal+0x0000000000000589.” 2017-07-05 not yet calculated CVE-2017-9923
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d96.” 2017-07-05 not yet calculated CVE-2017-10730
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.” 2017-07-05 not yet calculated CVE-2017-10735
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “User Mode Write AV starting at FPX+0x000000000000176c.” 2017-07-05 not yet calculated CVE-2017-9531
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “User Mode Write AV starting at FPX+0x0000000000001555.” 2017-07-05 not yet calculated CVE-2017-9532
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53.” 2017-07-05 not yet calculated CVE-2017-9528
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000150.” 2017-07-05 not yet calculated CVE-2017-9530
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000016e53.” 2017-07-05 not yet calculated CVE-2017-9535
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “User Mode Write AV starting at FPX!DE_Decode+0x0000000000000a9b.” 2017-07-05 not yet calculated CVE-2017-9533
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000017426.” 2017-07-05 not yet calculated CVE-2017-9534
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “Read Access Violation on Control Flow starting at FPX!GetPlugInInfo+0x0000000000012bf2.” 2017-07-05 not yet calculated CVE-2017-9873
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “Read Access Violation on Block Data Move starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b84f.” 2017-07-05 not yet calculated CVE-2017-9882
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429.” 2017-07-05 not yet calculated CVE-2017-10732
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to “Data from Faulting Address controls Branch Selection starting at KERNELBASE!QueryOptionalDelayLoadedAPI+0x0000000000000c42.” 2017-07-05 not yet calculated CVE-2017-9918
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000007053.” 2017-07-05 not yet calculated CVE-2017-9891
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to “Data from Faulting Address controls Code Flow starting at FPX+0x0000000000007216.” 2017-07-05 not yet calculated CVE-2017-9883
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.” 2017-07-05 not yet calculated CVE-2017-9886
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX+0x000000000000688d.” 2017-07-05 not yet calculated CVE-2017-9887
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a “Read Access Violation starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000003714.” 2017-07-05 not yet calculated CVE-2017-9889
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6.” 2017-07-05 not yet calculated CVE-2017-9884
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000006a98.” 2017-07-05 not yet calculated CVE-2017-9885
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) has a “Data from Faulting Address controls Branch Selection starting at USER32!wvsprintfA+0x00000000000002f3” issue, which might allow attackers to execute arbitrary code via a crafted file. 2017-07-05 not yet calculated CVE-2017-8369
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote attackers to execute arbitrary code or cause a denial of service (Heap Corruption and application crash) in processing a FlashPix (.FPX) file, a different vulnerability than CVE-2017-7721. 2017-07-05 not yet calculated CVE-2017-8370
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “Read Access Violation on Control Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014eb.” 2017-07-05 not yet calculated CVE-2017-9536
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to an “Invalid Handle starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-07-05 not yet calculated CVE-2017-10734
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000031a0.” 2017-07-05 not yet calculated CVE-2017-9888
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) allows remote attackers to execute code via a crafted .mov file, because of a “User Mode Write AV near NULL” issue. 2017-07-05 not yet calculated CVE-2017-8766
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to “Data from Faulting Address controls subsequent Write Address starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a525.” 2017-07-05 not yet calculated CVE-2017-9879
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a “Read Access Violation starting at FPX+0x000000000000153a.” 2017-07-05 not yet calculated CVE-2017-9890
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.” 2017-07-05 not yet calculated CVE-2017-10733
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “Read Access Violation on Control Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c99a.” 2017-07-05 not yet calculated CVE-2017-9878
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to “Data from Faulting Address controls Code Flow starting at FPX+0x0000000000007236.” 2017-07-05 not yet calculated CVE-2017-9880
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to “Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c995.” 2017-07-05 not yet calculated CVE-2017-9876
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “User Mode Write AV starting at FPX!DE_Decode+0x0000000000000cdb.” 2017-07-05 not yet calculated CVE-2017-9875
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to “Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014e7.” 2017-07-05 not yet calculated CVE-2017-9881
CONFIRM
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000007822.” 2017-07-05 not yet calculated CVE-2017-9874
CONFIRM
MISC
irfanview — irfanview
 
IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae.” 2017-07-05 not yet calculated CVE-2017-10925
MISC
irfanview — irfanview
 
IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a “Read Access Violation starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-07-05 not yet calculated CVE-2017-10926
MISC
irfanview — irfanview
 
IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a “User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a529.” 2017-07-05 not yet calculated CVE-2017-10924
MISC
irssi — irssi
 
An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. 2017-07-07 not yet calculated CVE-2017-10965
CONFIRM
CONFIRM
irssi — irssi
 
An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table. 2017-07-07 not yet calculated CVE-2017-10966
CONFIRM
CONFIRM
jabberd — jabberd
 
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. 2017-07-04 not yet calculated CVE-2017-10807
CONFIRM
CONFIRM
CONFIRM
jython — jython
 
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object. 2017-07-06 not yet calculated CVE-2016-4000
CONFIRM
DEBIAN
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
kddi — home_spot_cube2
 
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. 2017-07-07 not yet calculated CVE-2017-2183
JVN
CONFIRM
kddi — home_spot_cube2
 
HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. 2017-07-07 not yet calculated CVE-2017-2186
JVN
CONFIRM
kddi — home_spot_cube2
 
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. 2017-07-07 not yet calculated CVE-2017-2185
JVN
CONFIRM
kddi — home_spot_cube2
 
Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. 2017-07-07 not yet calculated CVE-2017-2184
JVN
CONFIRM
knot-dns — knot-dns
 
Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. 2017-07-08 not yet calculated CVE-2017-11104
MISC
MISC
MISC
linux — linux_kernel
 
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system. 2017-07-02 not yet calculated CVE-2017-8797
MISC
MISC
MISC
MISC
BID
SECTRACK
MISC
MISC
MISC
linux — linux_kernel
 
Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures. 2017-07-04 not yet calculated CVE-2017-10810
CONFIRM
BID
CONFIRM
CONFIRM
linux — linux_kernel
 
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216. 2017-07-04 not yet calculated CVE-2017-10911
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
lutim — lutim
 
Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename. 2017-07-06 not yet calculated CVE-2017-10975
MISC
ministry_of_agriculture_forestry_and_fisheries — denshinouhin_check_system
 
Untrusted search path vulnerability in Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition (Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001) [Updated on 2016 May 31] and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2188
MISC
JVN
ministry_of_education_culture_sports_science_and_technology — ebidsettingchecker.exe
 
Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2225
JVN
MISC
ministry_of_justice — installer_of_pdf_digital_signature_plugin
 
Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2233
JVN
ministry_of_justice — installer_of_shinseiyo_sogo_soft
 
Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2232
JVN

ministry_of_land_infrastructure_transport_and_tourism,_japan — mlit_denshiseikabutsusakuseishienkensa

Untrusted search path vulnerability in The installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02 and earlier, distributed till June 20, 2017, The self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02 and earlier, distributed till June 20, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2231
JVN
MISC
MISC
national_institute_for_land_and_infrastructure_management — douro_kouji_kanseizutou_check
 
Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2230
JVN
MISC
MISC

national_institute_for_land_and_infrastructure_management — douroshisetu_data_sakusei_system

Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei System Ver1.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2229
JVN
MISC
MISC
national_tax_agency — setup_file_of_advance_preparation
 
Untrusted search path vulnerability in Installer of “Setup file of advance preparation” (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2215
MISC
JVN
MISC
national_tax_agency — installer_of_setup_file_of_advance_preparation_for_e-tax_software
 
Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-07-07 not yet calculated CVE-2017-2226
JVN
ncurses — ncurses
 
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. 2017-07-08 not yet calculated CVE-2017-11113
MISC
ncurses — ncurses
 
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. 2017-07-08 not yet calculated CVE-2017-11112
MISC
netwide_assembler — netwide_assembler
 
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. 2017-07-08 not yet calculated CVE-2017-11111
MISC
newport — xps-cx_and_xps-qx
 
An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL). 2017-07-03 not yet calculated CVE-2017-7919
BID
MISC
nitro_pro — nitro_pro
 
Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. 2017-07-07 not yet calculated CVE-2017-7950
CONFIRM
notepad-plus-plus — notepad++
 
Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a “Data from Faulting Address controls Code Flow” issue. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands. 2017-07-05 not yet calculated CVE-2017-8803
MISC

nvidia — nvidia_sound_driver

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process in the kernel. Product: Android. Versions: N/A. Android ID: A-34386301. References: N-CVE-2017-6247. 2017-07-06 not yet calculated CVE-2017-6247
BID
SECTRACK
CONFIRM
nvidia — nvidia_sound_driver
 
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34372667. References: N-CVE-2017-6248. 2017-07-06 not yet calculated CVE-2017-6248
BID
SECTRACK
CONFIRM
odoo — odoo
 
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used. 2017-07-04 not yet calculated CVE-2017-10803
CONFIRM
odoo — odoo
 
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users. 2017-07-04 not yet calculated CVE-2017-10805
CONFIRM
odoo — odoo
 
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used. 2017-07-04 not yet calculated CVE-2017-10804
CONFIRM
CONFIRM
CONFIRM
phpldapadmin — phpldapadmin
 
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. 2017-07-08 not yet calculated CVE-2017-11107
MISC
MISC
puppet — puppet_enterprise
 
Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won’t happen anymore. 2017-07-05 not yet calculated CVE-2017-2294
CONFIRM
puppet — puppet
 
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML. 2017-07-05 not yet calculated CVE-2017-2295
BID
CONFIRM
quick_emulator — quick_emulator
 
The qemu-nbd server in QEMU (aka Quick Emulator), when built with the Network Block Device (NBD) Server support, allows remote attackers to cause a denial of service (segmentation fault and server crash) by leveraging failure to ensure that all initialization occurs before talking to a client in the nbd_negotiate function. 2017-07-06 not yet calculated CVE-2017-9524
MLIST
MLIST
MLIST
radare2 — radare2
 
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02. 2017-07-05 not yet calculated CVE-2017-10929
CONFIRM
CONFIRM

red_hat — rh-3scale_api_management_platform
 

Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. NOTE: some sources have a typo in which CVE-2017-7512 maps to an OpenVPN vulnerability. The proper CVE ID for that OpenVPN vulnerability is CVE-2017-7521. Specifically, CVE-2017-7521 is the correct CVE ID for TWO closely related findings in OpenVPN. Any source that lists BOTH CVE-2017-7512 and CVE-2017-7521 for OpenVPN should have listed ONLY CVE-2017-7521. 2017-07-07 not yet calculated CVE-2017-7512
CONFIRM
CONFIRM
schneider electric — wonderware archestra logger 
 
A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of service for logging and log-viewing (applications that use the Wonderware ArchestrA Logger continue to run when the Wonderware ArchestrA Logger service is unavailable). 2017-07-07 not yet calculated CVE-2017-9631
MISC
MISC

schneider electric — wonderware archestra logger 
 

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory resources of the machine, causing a denial of service. 2017-07-07 not yet calculated CVE-2017-9627
MISC
MISC
schneider electric — wonderware archestra logger 
 
A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote attacker to execute arbitrary code in the context of a highly privileged account. 2017-07-07 not yet calculated CVE-2017-9629
MISC
MISC
siemens — simatic_cp_44x-1_rna
 
An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA’s CPU. 2017-07-07 not yet calculated CVE-2017-6868
MISC
sqlite — sqlite
 
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. 2017-07-07 not yet calculated CVE-2017-10989
MISC
MISC
MISC
MISC
MISC
stdutility — stdu_viewer
 
STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands including Ctrl-+ commands. 2017-07-05 not yet calculated CVE-2017-8387
MISC
sublime_text — sublime_text 
 
Sublime Text 3 Build 3126 might allow user-assisted attackers to execute code via a crafted .mkv file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands, as demonstrated by Ctrl-A, Delete, and Ctrl-Z. 2017-07-05 not yet calculated CVE-2017-8368
MISC
swftools — swftools
 
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c. 2017-07-07 not yet calculated CVE-2017-11096
MISC
swftools — swftools
 
When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c. 2017-07-07 not yet calculated CVE-2017-11097
MISC
swftools — swftools
 
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. 2017-07-07 not yet calculated CVE-2017-11101
MISC
swftools — swftools
 
When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. 2017-07-07 not yet calculated CVE-2017-11098
MISC
swftools — swftools
 
When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. 2017-07-07 not yet calculated CVE-2017-11099
MISC
swftools — swftools
 
When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c. 2017-07-06 not yet calculated CVE-2017-10976
MISC
swftools — swftools
 
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a “Read Access Violation starting at image00000000_00400000+0x000000000001b5fe.” 2017-07-05 not yet calculated CVE-2017-9927
MISC
swftools — swftools
 
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a “Read Access Violation starting at image00000000_00400000+0x000000000001b596.” 2017-07-05 not yet calculated CVE-2017-9926
MISC
swftools — swftools
 
When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c. 2017-07-07 not yet calculated CVE-2017-11100
MISC
swftools — swftools
 
SWFTools 2013-04-09-1007 on Windows has a “Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71” issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS (Access Violation). 2017-07-05 not yet calculated CVE-2017-8420
MISC
swftools — swftools
 
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a “User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-07-05 not yet calculated CVE-2017-9925
MISC
swftools — swftools
 
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a “User Mode Write AV starting at image00000000_00400000+0x000000000001b72a.” 2017-07-05 not yet calculated CVE-2017-9924
MISC
systemd — systemd
 
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. “0day”), running the service in question with root privileges rather than the user intended. 2017-07-07 not yet calculated CVE-2017-1000082
MLIST
CONFIRM
tcpdump —  tcpdump
 
tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol. 2017-07-08 not yet calculated CVE-2017-11108
MISC
teamspeak — teamspeak_server
 
A potential Buffer Overflow Vulnerability (from a BB Code handling issue) has been identified in TeamSpeak Server version 3.0.13.6 (08/11/2016 09:48:33), it enables the users to Crash any WINDOWS Client that clicked into a Vulnerable Channel of a TeamSpeak Server. 2017-07-06 not yet calculated CVE-2017-8290
MISC
telerik — telerik.web.ui.dll
 
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. 2017-07-03 not yet calculated CVE-2017-9248
CONFIRM
CONFIRM
teltonika — rut9xx_routers
 
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. 2017-07-03 not yet calculated CVE-2017-8116
MISC
MISC
MISC
topdesk — topdesk
 
There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019. 2017-07-04 not yet calculated CVE-2017-7276
CONFIRM
tor_project — tor
 
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay’s family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. 2017-07-02 not yet calculated CVE-2017-0377
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
toshiba — home_gateway_hem-gw16a_and_hem_gw26a_firmware Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative privileges. 2017-07-07 not yet calculated CVE-2017-2236
JVN
toshiba — home_gateway_hem-gw16a_and_hem_gw26a_firmware
 
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2237
JVN
toshiba — home_gateway_hem-gw16a_and_hem_gw26a_firmware
 
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2235
JVN
toshiba — home_gateway_hem-gw16a_and_hem_gw26a_firmware
 
Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges. 2017-07-07 not yet calculated CVE-2017-2234
JVN
toshiba — home_gateway_hem-gw16a_and_hem_gw26a_firmware
 
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2238
JVN
tp-link — nc250 On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. 2017-07-02 not yet calculated CVE-2017-10796
MISC

vim — vim

Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance. 2017-07-08 not yet calculated CVE-2017-11109
MISC
vladimir_anokhin — shortcodes_ultimate
 
Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2245
JVN
CONFIRM
CONFIRM
w3_eden — wordpress_download_manager
 
Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2216
JVN
CONFIRM
CONFIRM
w3_eden — wordpress_download_manager
 
Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2217
JVN
CONFIRM
CONFIRM
web-dorado — event_calendar_wd
 
Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2222
JVN
CONFIRM
CONFIRM
web-dorado — event_calendar_wd
 
Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-07 not yet calculated CVE-2017-2224
JVN
CONFIRM
CONFIRM
webmin — webmin
 
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840. 2017-07-03 not yet calculated CVE-2017-9313
MISC
BID
SECTRACK
MISC
MISC
MISC
winamp — winamp
 
Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to “Data from Faulting Address may be used as a return value starting at f263!GetWinamp5SystemComponent+0x0000000000001951.” 2017-07-05 not yet calculated CVE-2017-10726
MISC
winamp — winamp
 
Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to “Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-07-05 not yet calculated CVE-2017-10728
MISC
winamp — winamp
 
Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to “Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f.” 2017-07-05 not yet calculated CVE-2017-10727
MISC
windjview — windjview
 
WinDjView 2.1 might allow user-assisted attackers to execute code via a crafted .djvu file, because of a “User Mode Write AV near NULL” in WinDjView.exe. One threat model is a victim who obtains an untrusted .djvu file from a remote location and issues several “zoom in” (e.g., Ctrl + Plus) commands. 2017-07-05 not yet calculated CVE-2017-7894
MISC
wordpress — wordpress
 
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. 2017-07-07 not yet calculated CVE-2017-10991
MISC
x.org — x_server
 
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events. 2017-07-06 not yet calculated CVE-2017-10971
MISC
MISC
MISC
MISC
x.org — x_server
 
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server. 2017-07-06 not yet calculated CVE-2017-10972
MISC
MISC
xen — xen
 
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. 2017-07-04 not yet calculated CVE-2017-10915
BID
CONFIRM
xen — xen
 
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. 2017-07-04 not yet calculated CVE-2017-10914
BID
CONFIRM
xen — xen
 
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1. 2017-07-04 not yet calculated CVE-2017-10913
BID
CONFIRM
xen — xen
 
The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2. 2017-07-04 not yet calculated CVE-2017-10921
CONFIRM
xen — xen
 
The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 1. 2017-07-04 not yet calculated CVE-2017-10920
CONFIRM
xen — xen
 
Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. 2017-07-04 not yet calculated CVE-2017-10923
BID
CONFIRM
xen — xen
 
The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220. 2017-07-04 not yet calculated CVE-2017-10916
CONFIRM
xen — xen
 
The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. 2017-07-04 not yet calculated CVE-2017-10922
CONFIRM
xnview — xnview XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.” 2017-07-05 not yet calculated CVE-2017-10752
MISC
xnview — xnview XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046.” 2017-07-05 not yet calculated CVE-2017-10753
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in “Browser” mode, because of a “Stack Buffer Overrun” issue. 2017-07-05 not yet calculated CVE-2017-8781
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in “Browser” mode, because of a “User Mode Write AV near NULL” in XnView.exe. 2017-07-05 not yet calculated CVE-2017-8381
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.” 2017-07-05 not yet calculated CVE-2017-10783
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5.” 2017-07-05 not yet calculated CVE-2017-10781
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.” 2017-07-05 not yet calculated CVE-2017-10782
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a.” 2017-07-05 not yet calculated CVE-2017-10780
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000013a20.” 2017-07-05 not yet calculated CVE-2017-10779
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018” (without RPC initialization). 2017-07-05 not yet calculated CVE-2017-10769
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at MSCTF!_CtfImeCreateThreadMgr+0x00000000000000a8.” 2017-07-05 not yet calculated CVE-2017-10773
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a.” 2017-07-05 not yet calculated CVE-2017-10770
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a “Read Access Violation starting at ntdll_77df0000!LdrShutdownProcess+0x0000000000000130.” 2017-07-05 not yet calculated CVE-2017-10776
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a “Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb.” 2017-07-05 not yet calculated CVE-2017-10775
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018” (with RPC initialization). 2017-07-05 not yet calculated CVE-2017-10772
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV starting at xnview+0x000000000022bf8d.” 2017-07-05 not yet calculated CVE-2017-10748
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24.” 2017-07-05 not yet calculated CVE-2017-10777
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510.” 2017-07-05 not yet calculated CVE-2017-10771
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125.” 2017-07-05 not yet calculated CVE-2017-10778
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-07-05 not yet calculated CVE-2017-10749
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByHandle+0x0000000000000031.” 2017-07-05 not yet calculated CVE-2017-10763
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at GDI32!ScriptStringAnalyse+0x00000000000001c8.” 2017-07-05 not yet calculated CVE-2017-10766
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050.” 2017-07-05 not yet calculated CVE-2017-10765
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at COMCTL32!Tab_OnGetItem+0x000000000000002f.” 2017-07-05 not yet calculated CVE-2017-10764
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x000000000000042f.” 2017-07-05 not yet calculated CVE-2017-10762
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429.” 2017-07-05 not yet calculated CVE-2017-10761
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029.” 2017-07-05 not yet calculated CVE-2017-10760
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039.” 2017-07-05 not yet calculated CVE-2017-10759
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6.” 2017-07-05 not yet calculated CVE-2017-10757
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.” 2017-07-05 not yet calculated CVE-2017-10754
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca.” 2017-07-05 not yet calculated CVE-2017-10768
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpRemoveUCRBlock+0x0000000000000046.” 2017-07-05 not yet calculated CVE-2017-10756
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133.” 2017-07-05 not yet calculated CVE-2017-10751
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a “User Mode Write AV starting at Xfpx+0x0000000000004efd.” 2017-07-05 not yet calculated CVE-2017-9529
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4.” 2017-07-05 not yet calculated CVE-2017-10758
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.” 2017-07-05 not yet calculated CVE-2017-10750
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInitializeThread+0x000000000000010b.” 2017-07-05 not yet calculated CVE-2017-10755
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a “Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b.” 2017-07-05 not yet calculated CVE-2017-9914
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address controls Branch Selection starting at Xfpx!gffGetFormatInfo+0x00000000000228e8.” 2017-07-05 not yet calculated CVE-2017-9905
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.” 2017-07-05 not yet calculated CVE-2017-10746
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0.” 2017-07-05 not yet calculated CVE-2017-10745
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a “User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272.” 2017-07-05 not yet calculated CVE-2017-9894
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a “Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000013e8a.” 2017-07-05 not yet calculated CVE-2017-9896
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to “Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005.” 2017-07-05 not yet calculated CVE-2017-10767
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a “Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95.” 2017-07-05 not yet calculated CVE-2017-9895
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032.” 2017-07-05 not yet calculated CVE-2017-10744
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a “User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548.” 2017-07-05 not yet calculated CVE-2017-9893
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.” 2017-07-05 not yet calculated CVE-2017-9904
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to “Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e388.” 2017-07-05 not yet calculated CVE-2017-9899
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to “Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385.” 2017-07-05 not yet calculated CVE-2017-9900
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a “User Mode Write AV starting at Xfpx+0x0000000000004cbb.” 2017-07-05 not yet calculated CVE-2017-9898
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to “Data from Faulting Address controls Code Flow starting at Xfpx+0x00000000000117ff.” 2017-07-05 not yet calculated CVE-2017-9903
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to “Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5.” 2017-07-05 not yet calculated CVE-2017-9901
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to “Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91.” 2017-07-05 not yet calculated CVE-2017-9902
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx+0x0000000000010e81.” 2017-07-05 not yet calculated CVE-2017-9911
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a “User Mode Write AV starting at Xfpx+0x000000000000dcab.” 2017-07-05 not yet calculated CVE-2017-9897
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Possible Stack Corruption starting at Xfpx!gffGetFormatInfo+0x0000000000022e1f.” 2017-07-05 not yet calculated CVE-2017-9907
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a “Read Access Violation starting at Xfpx+0x000000000000d6da.” 2017-07-05 not yet calculated CVE-2017-9908
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec.” 2017-07-05 not yet calculated CVE-2017-10739
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to an “Error Code (0xc000041d) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-07-05 not yet calculated CVE-2017-9910
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.” 2017-07-05 not yet calculated CVE-2017-9912
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508.” 2017-07-05 not yet calculated CVE-2017-9906
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!TpAllocCleanupGroup+0x00000000000003d7.” 2017-07-05 not yet calculated CVE-2017-9913
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b.” 2017-07-05 not yet calculated CVE-2017-10743
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a.” 2017-07-05 not yet calculated CVE-2017-9909
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016.” 2017-07-05 not yet calculated CVE-2017-10742
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d.” 2017-07-05 not yet calculated CVE-2017-10740
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082.” 2017-07-05 not yet calculated CVE-2017-10738
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121.” 2017-07-05 not yet calculated CVE-2017-10741
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a.” 2017-07-05 not yet calculated CVE-2017-10736
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV starting at xnview+0x000000000037a8aa.” 2017-07-05 not yet calculated CVE-2017-10747
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a “User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6.” 2017-07-05 not yet calculated CVE-2017-10737
MISC
xnview — xnview
 
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in “Browser” mode, because of a “User Mode Write AV near NULL” in XnView.exe. 2017-07-05 not yet calculated CVE-2017-8282
MISC
yaws — yaws
 
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. 2017-07-07 not yet calculated CVE-2017-10974
MISC
EXPLOIT-DB
yuki_hattori — marp
 
Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript. 2017-07-07 not yet calculated CVE-2017-2239
JVN

 

gnu_pspp — gnu_pspp

 

There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP 0.10.5-pre2. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack. 2017-07-01 not yet calculated CVE-2017-10792
BID
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.