SB17-233: Vulnerability Summary for the Week of August 14, 2017

Original release date: August 21, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11211
BID
SECTRACK
MISC
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11212
BID
SECTRACK
MISC
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11214
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11216
BID
SECTRACK
MISC
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11218
BID
SECTRACK
MISC
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11219
BID
SECTRACK
MISC
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11220
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11221
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11222
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11223
BID
SECTRACK
MISC
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11224
BID
SECTRACK
MISC
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11226
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11227
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11228
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11231
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11234
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11235
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11237
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11241
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11251
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11256
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11257
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11259
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11260
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11261
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11262
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11267
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11268
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11269
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11270
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-11271
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-3016
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-3113
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-3116
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-3117
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-3120
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-3121
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-3123
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution. 2017-08-11 10.0 CVE-2017-3124
BID
SECTRACK
CONFIRM
adobe — digital_editions Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-08-11 10.0 CVE-2017-11274
BID
SECTRACK
CONFIRM
adobe — experience_manager Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. 2017-08-11 7.5 CVE-2017-3108
BID
SECTRACK
CONFIRM
adobe — flash_player Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. 2017-08-11 9.3 CVE-2017-3106
BID
SECTRACK
CONFIRM
EXPLOIT-DB
google — android In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value. 2017-08-16 7.6 CVE-2016-5853
BID
CONFIRM
MISC
google — android In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow. 2017-08-16 7.6 CVE-2016-5859
BID
CONFIRM
MISC
google — android In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow. 2017-08-16 7.6 CVE-2016-5860
BID
CONFIRM
MISC
google — android In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow. 2017-08-16 8.3 CVE-2016-5861
SECTRACK
CONFIRM
MISC
google — android When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec’s individual structure, resulting in a device restart after kernel crash occurs. 2017-08-16 7.6 CVE-2016-5862
BID
CONFIRM
MISC
google — android In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. 2017-08-16 9.3 CVE-2016-5863
BID
CONFIRM
MISC
google — android In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access. 2017-08-16 9.3 CVE-2016-5864
SECTRACK
CONFIRM
MISC
google — android In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. 2017-08-16 7.6 CVE-2016-5867
BID
CONFIRM
MISC
google — android A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file. 2017-08-16 9.3 CVE-2017-8243
BID
CONFIRM
nexusphp_project — nexusphp SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. 2017-08-17 7.5 CVE-2017-12908
MISC
nexusphp_project — nexusphp SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. 2017-08-17 7.5 CVE-2017-12909
MISC
nexusphp_project — nexusphp SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. 2017-08-17 7.5 CVE-2017-12910
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11209
BID
SECTRACK
MISC
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11210
BID
SECTRACK
MISC
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11217
BID
SECTRACK
MISC
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF). 2017-08-11 6.8 CVE-2017-11229
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11230
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11232
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11233
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11236
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11238
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11239
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11242
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11243
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11244
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11245
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing JPEG data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11246
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11248
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11249
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11252
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader’s JavaScript engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 6.8 CVE-2017-11254
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11255
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11258
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution. 2017-08-11 6.8 CVE-2017-11263
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-11265
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document. 2017-08-11 4.3 CVE-2017-3115
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments. 2017-08-11 4.3 CVE-2017-3118
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution. 2017-08-11 6.8 CVE-2017-3119
BID
SECTRACK
CONFIRM
adobe — acrobat_reader Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution. 2017-08-11 4.3 CVE-2017-3122
BID
SECTRACK
CONFIRM
adobe — digital_editions Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability. 2017-08-11 5.0 CVE-2017-11272
BID
SECTRACK
CONFIRM
adobe — digital_editions Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-08-11 5.0 CVE-2017-11275
BID
SECTRACK
CONFIRM
adobe — digital_editions Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-08-11 5.0 CVE-2017-11276
BID
SECTRACK
CONFIRM
adobe — digital_editions Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-08-11 5.0 CVE-2017-11277
BID
SECTRACK
CONFIRM
adobe — digital_editions Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-08-11 5.0 CVE-2017-11278
BID
SECTRACK
CONFIRM
adobe — digital_editions Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-08-11 5.0 CVE-2017-11279
BID
SECTRACK
CONFIRM
adobe — digital_editions Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-08-11 5.0 CVE-2017-11280
BID
SECTRACK
CONFIRM
adobe — digital_editions Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. 2017-08-11 5.0 CVE-2017-3091
BID
SECTRACK
CONFIRM
adobe — experience_manager Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. 2017-08-11 5.0 CVE-2017-3107
BID
SECTRACK
CONFIRM
adobe — experience_manager Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. 2017-08-11 5.0 CVE-2017-3110
BID
SECTRACK
CONFIRM
adobe — flash_player Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. 2017-08-11 5.0 CVE-2017-3085
BID
SECTRACK
MISC
MISC
CONFIRM
cacti — cacti A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. 2017-08-17 4.3 CVE-2017-12927
SECTRACK
CONFIRM
CONFIRM
google — android In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow. 2017-08-16 5.8 CVE-2017-6421
SECTRACK
CONFIRM
MISC
google — android An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. 2017-08-11 4.3 CVE-2017-8258
BID
CONFIRM
google — android In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer. 2017-08-11 6.8 CVE-2017-8259
BID
CONFIRM
google — android A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. 2017-08-11 6.8 CVE-2017-8264
BID
CONFIRM
google — android Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory. 2017-08-11 4.3 CVE-2017-8269
BID
CONFIRM
google — android Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter. 2017-08-11 6.8 CVE-2017-8271
BID
CONFIRM
google — android In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur. 2017-08-11 6.8 CVE-2017-8273
BID
CONFIRM
graphicsmagick — graphicsmagick The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. 2017-08-18 6.8 CVE-2017-12935
MISC
MISC
graphicsmagick — graphicsmagick The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. 2017-08-18 6.8 CVE-2017-12936
MISC
MISC
graphicsmagick — graphicsmagick The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. 2017-08-18 6.8 CVE-2017-12937
MISC
MISC
ibm — emptoris_strategic_supply_management IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881. 2017-08-14 4.3 CVE-2016-6029
CONFIRM
MISC
ibm — emptoris_strategic_supply_management IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559. 2017-08-14 6.2 CVE-2017-1190
CONFIRM
MISC
minidjvu_project — minidjvu The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. 2017-08-17 4.3 CVE-2017-12441
FULLDISC
minidjvu_project — minidjvu The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. 2017-08-17 4.3 CVE-2017-12442
FULLDISC
minidjvu_project — minidjvu The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. 2017-08-17 4.3 CVE-2017-12443
FULLDISC
minidjvu_project — minidjvu The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. 2017-08-17 4.3 CVE-2017-12444
FULLDISC
minidjvu_project — minidjvu The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. 2017-08-17 4.3 CVE-2017-12445
FULLDISC
nexusphp_project — nexusphp Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php. 2017-08-17 4.3 CVE-2017-12907
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
fortinet — fortimanager_firmware Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. 2017-08-11 3.5 CVE-2015-3615
SECTRACK
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver. 2017-08-16 2.6 CVE-2016-5347
BID
CONFIRM
MISC
MISC
google — android In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace. 2017-08-16 2.6 CVE-2016-5854
BID
CONFIRM
MISC
google — android In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough. 2017-08-16 2.6 CVE-2016-5855
BID
CONFIRM
MISC
google — android In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs. 2017-08-16 2.6 CVE-2016-5858
BID
CONFIRM
MISC
MISC
ibm — emptoris_strategic_supply_management IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755. 2017-08-14 3.5 CVE-2016-6021
CONFIRM
MISC
synology — video_station Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. 2017-08-11 3.5 CVE-2017-9556
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
389-ds-base — 389-ds-base
 
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts. 2017-08-16 not yet calculated CVE-2017-7551
CONFIRM
apache — attic
 
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to “unencrypted / without key file”. 2017-08-18 not yet calculated CVE-2015-4082
MLIST
BID
CONFIRM
CONFIRM
apache — openfire_xmpp_server
 
OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. 2017-08-18 not yet calculated CVE-2014-3451
MISC
MLIST
BUGTRAQ
BID
MISC
apache — sling
 
The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript ‘eval’ function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. 2017-08-14 not yet calculated CVE-2017-9802
BID
CONFIRM
MLIST
assa_abloy_aptus — styra_porttelefonkort_4400
 
Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. 2017-08-18 not yet calculated CVE-2017-7278
CONFIRM
asus — dsl-n10s_devices
 
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. 2017-08-18 not yet calculated CVE-2017-12593
MISC
asus — dsl-n10s_devices
 
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. 2017-08-18 not yet calculated CVE-2017-12592
MISC
asus — dsl-n10s_devices
 
ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. 2017-08-18 not yet calculated CVE-2017-12591
MISC
augeas — augeas
 
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. 2017-08-17 not yet calculated CVE-2017-7555
BID
MISC
buffalo — wcr-1166ds_devices
 
Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. 2017-08-18 not yet calculated CVE-2017-10811
CONFIRM
JVN
cisco — anyconnect_secure_mobile_client_software
 
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40). 2017-08-17 not yet calculated CVE-2017-6788
BID
SECTRACK
CISCO
cisco — application_policy_infrastructure_controller
 
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker’s privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker’s configured role. Cisco Bug IDs: CSCvc34335. Known Affected Releases: 1.0(1e), 1.0(1h), 1.0(1k), 1.0(1n), 1.0(2j), 1.0(2m), 1.0(3f), 1.0(3i), 1.0(3k), 1.0(3n), 1.0(4h), 1.0(4o); 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1). 2017-08-17 not yet calculated CVE-2017-6767
BID
SECTRACK
CISCO
cisco — application_policy_infrastructure_controller
 
A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1). 2017-08-17 not yet calculated CVE-2017-6768
BID
SECTRACK
CISCO
cisco — asr_5000_series_aggregated_services_routers

 

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839. 2017-08-17 not yet calculated CVE-2017-6775
BID
SECTRACK
CISCO
cisco — asr_5000_series_aggregated_services_routers

 

A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. 2017-08-17 not yet calculated CVE-2017-6774
BID
SECTRACK
CISCO
cisco — asr_5000_series_aggregated_services_routers
 
A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to bypass the CLI restrictions and execute commands on the underlying operating system. The vulnerability is due to insufficient input sanitization of user-supplied input at the CLI. An attacker could exploit this vulnerability by crafting a script on the device that will allow them to bypass built-in restrictions. An exploit could allow the unauthorized user to launch the CLI directly from a command shell. Cisco Bug IDs: CSCvd47722. Known Affected Releases: 21.0.v0.65839. 2017-08-17 not yet calculated CVE-2017-6773
BID
SECTRACK
CISCO
cisco — elastic_services_controller A vulnerability in the Elastic Services Controller (ESC) web interface of the Cisco Ultra Services Platform could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. An exploit could allow the attacker to view information regarding the Ultra Services Platform deployment. Cisco Bug IDs: CSCvd76406. Known Affected Releases: 21.0.v0.65839. 2017-08-17 not yet calculated CVE-2017-6778
BID
CISCO
cisco — elastic_services_controller
 
A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1). 2017-08-17 not yet calculated CVE-2017-6776
BID
CISCO
cisco — elastic_services_controller
 
A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the application and navigating to certain configuration files. An exploit could allow the attacker to view sensitive system configuration files. Cisco Bug IDs: CSCvd29408. Known Affected Releases: 2.3(2). 2017-08-17 not yet calculated CVE-2017-6772
BID
CISCO
cisco — elastic_services_controller
 
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could exploit this vulnerability by logging into the ConfD server and executing certain commands. An exploit could allow an unprivileged user to view configuration parameters that can be maliciously used. Cisco Bug IDs: CSCvd76409. Known Affected Releases: 2.3, 2.3(2). 2017-08-17 not yet calculated CVE-2017-6777
BID
CISCO
cisco — elastic_services_controller
 
A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log files. An attacker could exploit this vulnerability by logging in to an affected system and accessing unprotected log files. A successful exploit could allow the attacker to access sensitive log files, which may include system credentials, on the affected system. Cisco Bug IDs: CSCvc76616. Known Affected Releases: 2.2(9.76). 2017-08-17 not yet calculated CVE-2017-6786
BID
CISCO
cisco — multiple_appliances
 
A vulnerability in SNMP polling for the Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an administrative user. The vulnerability occurs because the appliances do not protect confidential information at rest in response to Simple Network Management Protocol (SNMP) poll requests. An attacker could exploit this vulnerability by doing a crafted SNMP poll request to the targeted security appliance. An exploit could allow the attacker to discover confidential information that should be restricted, and the attacker could use this information to conduct additional reconnaissance. The attacker must know the configured SNMP community string to exploit this vulnerability. Cisco Bug IDs: CSCve26106, CSCve26202, CSCve26224. Known Affected Releases: 10.0.0-230 (Web Security Appliance), 9.7.2-065 (Email Security Appliance), and 10.1.0-037 (Content Security Management Appliance). 2017-08-17 not yet calculated CVE-2017-6783
BID
SECTRACK
SECTRACK
SECTRACK
CISCO
cisco — policy_suite_software
 
A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0. 2017-08-17 not yet calculated CVE-2017-6781
BID
CISCO
cisco — prime_infrastructure
 
A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0). 2017-08-17 not yet calculated CVE-2017-6782
BID
SECTRACK
CISCO
cisco — rv340_series_routers
 
A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco WebEx Meetings not sufficiently protecting sensitive data when responding to an HTTP request to the web interface. An attacker could exploit the vulnerability by attempting to use the HTTP protocol and looking at the data in the HTTP responses from the Cisco WebEx Meetings Server. An exploit could allow the attacker to find sensitive information about the application. Cisco Bug IDs: CSCve37988. Known Affected Releases: firmware 1.0.0.30, 1.0.0.33, 1.0.1.9, 1.0.1.16. 2017-08-17 not yet calculated CVE-2017-6784
BID
SECTRACK
CISCO
cisco — telepresence_video_communication_server
 
A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897. 2017-08-17 not yet calculated CVE-2017-6790
BID
SECTRACK
CISCO
cisco — ultra_services_framework
 
A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839. 2017-08-17 not yet calculated CVE-2017-6771
BID
CISCO
cisco — unified_communications_manager
 
A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user’s configuration. The vulnerability is due to lack of proper Role Based Access Control (RBAC) when certain user configuration changes are requested. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to the targeted application. An exploit could allow the attacker to impact the integrity of the application where one user can modify the configuration of another user’s information. Cisco Bug IDs: CSCve27331. Known Affected Releases: 10.5(2.10000.5), 11.0(1.10000.10), 11.5(1.10000.6). 2017-08-17 not yet calculated CVE-2017-6785
BID
SECTRACK
CISCO
cisco — virtual_network_function_element_manager
 
A vulnerability in the Cisco Virtual Network Function (VNF) Element Manager could allow an authenticated, remote attacker to elevate privileges and run commands in the context of the root user on the server. The vulnerability is due to command settings that allow Cisco VNF Element Manager users to specify arbitrary commands that will run as root on the server. An attacker could use this setting to elevate privileges and run commands in the context of the root user on the server. Cisco Bug IDs: CSCvc76670. Known Affected Releases: prior to 5.0.4 and 5.1.4. 2017-08-17 not yet calculated CVE-2017-6710
BID
CISCO
d-link — dr-600_rev_bx_devices
 
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. 2017-08-18 not yet calculated CVE-2017-12943
MISC
divio_ag — django_cms
 
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. 2017-08-18 not yet calculated CVE-2015-5081
MLIST
CONFIRM
CONFIRM
elastic — x-pack_security_tls

 

The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data. 2017-08-18 not yet calculated CVE-2017-8446
CONFIRM
elastic — x-pack_security_tls
 
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates. 2017-08-18 not yet calculated CVE-2017-8445
CONFIRM
estsoft — alzip
 
Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of “AUX” as the initial substring of a filename. 2017-08-19 not yet calculated CVE-2017-11323
MISC
MISC
exiv2 — exiv2
 
There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. 2017-08-18 not yet calculated CVE-2017-12955
MISC
exiv2 — exiv2
 
There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. 2017-08-18 not yet calculated CVE-2017-12957
MISC
exiv2 — exiv2
 
There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. 2017-08-18 not yet calculated CVE-2017-12956
MISC
foxit_software — pdf_compressor
 
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer. 2017-08-16 not yet calculated CVE-2017-12892
BID
CONFIRM
free_software_foundation — gnu_bitutils
 
The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. 2017-08-19 not yet calculated CVE-2017-12967
CONFIRM
free_software_foundation — gnu_pspp
 
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 not yet calculated CVE-2017-12960
MISC
free_software_foundation — gnu_pspp
 
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 not yet calculated CVE-2017-12961
MISC
free_software_foundation — gnu_pspp
 
There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 not yet calculated CVE-2017-12958
MISC
free_software_foundation — gnu_pspp
 
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack. 2017-08-18 not yet calculated CVE-2017-12959
MISC
fuji — electric_monitouch_vt-sft

 

A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. 2017-08-14 not yet calculated CVE-2017-9660
BID
MISC
MISC
fuji — electric_monitouch_vt-sft
 
A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. The stack-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. 2017-08-14 not yet calculated CVE-2017-9659
BID
MISC
MISC
MISC
fuji — electric_monitouch_vt-sft

 

An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by default, which could allow an authenticated attacker with local access to escalate privileges. 2017-08-14 not yet calculated CVE-2017-9662
BID
MISC
MISC
ganeti — ganeti
 
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation. 2017-08-18 not yet calculated CVE-2015-7944
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
ganeti — ganeti
 
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results. 2017-08-18 not yet calculated CVE-2015-7945
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
gitlab — community_and_enterprise_editions
 
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import. 2017-08-14 not yet calculated CVE-2017-12426
CONFIRM
MLIST
gnome_project — librest
 
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. 2017-08-18 not yet calculated CVE-2015-2675
REDHAT
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675. 2017-08-18 not yet calculated CVE-2017-0687
BID
CONFIRM
hawtio — hawtio
 
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user. 2017-08-17 not yet calculated CVE-2017-7556
BID
CONFIRM
ibm — doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246. 2017-08-18 not yet calculated CVE-2017-1338
CONFIRM
BID
MISC
ibm — infosphere_information_server
 
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-Force ID: 128468. 2017-08-14 not yet calculated CVE-2017-1469
CONFIRM
BID
MISC
ibm — websphere_application_server
 
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. 2017-08-18 not yet calculated CVE-2017-1501
CONFIRM
BID
SECTRACK
MISC
japanese_ministry_of_economy_trade_ and_industry — shin_kinkyuji_houkoku_data_nyuryoku_program
 
Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on March 10, 2011), distributed on the website till May 17, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 not yet calculated CVE-2017-10823
JVN
japanese_ministry_of_economy_trade_ and_industry — shin_sekiyu_yunyu_chousa_houkoku_data_nyuryoku_program
 
Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on September 30, 2013), distributed on the website until May 17, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 not yet calculated CVE-2017-10822
JVN
japanese_ministry_of_economy_trade_ and_industry — teikihoukokusho_sakuseishien_tool
 
Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 not yet calculated CVE-2017-2228
JVN
japanese_ministry_of_economy_trade_ and_industry — shin_kikan_toukei_houkoku_data_nyuryokuyou_program
 
Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on September 30, 2013), distributed on the website until May 17, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 not yet calculated CVE-2017-10821
JVN
joomla! — joomla!
 
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}. 2017-08-18 not yet calculated CVE-2015-4071
MISC
FULLDISC
FULLDISC
BID
EXPLOIT-DB
kanboard — kanboard
 
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46. 2017-08-14 not yet calculated CVE-2017-12850
BID
CONFIRM
kanboard — kanboard
 
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46. 2017-08-14 not yet calculated CVE-2017-12851
BID
CONFIRM
kayson_group — phpgrid
 
Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name. 2017-08-18 not yet calculated CVE-2017-10665
CONFIRM
MISC
kddi — qua
 
Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 not yet calculated CVE-2017-2289
JVN
kguard — digital_video_recorder
 
KGuard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. 2017-08-18 not yet calculated CVE-2015-4464
MISC
BUGTRAQ
BID
MISC
lasso — lasso
 
The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. 2017-08-11 not yet calculated CVE-2015-1783
FEDORA
FEDORA
FEDORA
CONFIRM
MISC
lenovo — thinkpad
 
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. 2017-08-18 not yet calculated CVE-2017-3756
BID
CONFIRM
libsass — libsass
 
There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor’s CVE-2017-11555 fix (available from GitHub after 2017-07-24). 2017-08-18 not yet calculated CVE-2017-12963
MISC
libsass — libsass
 
There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. 2017-08-18 not yet calculated CVE-2017-12964
MISC
libsass — libsass
 
There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. 2017-08-18 not yet calculated CVE-2017-12962
MISC
libtiff — libtiff
 
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. 2017-08-18 not yet calculated CVE-2017-12944
CONFIRM
linux — linux_kernel
 
The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. 2017-08-19 not yet calculated CVE-2017-10662
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel

 

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. 2017-08-19 not yet calculated CVE-2017-10661
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. 2017-08-19 not yet calculated CVE-2017-10663
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. 2017-08-17 not yet calculated CVE-2011-0469
MISC
MISC
MISC
mozilla — firefox
 
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. 2017-08-18 not yet calculated CVE-2007-5341
CONFIRM
CONFIRM
CONFIRM
musl — libc
 
Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors. 2017-08-18 not yet calculated CVE-2015-1817
MLIST
BID
nessusphp — nessusphp
 
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. 2017-08-18 not yet calculated CVE-2017-12680
MISC
nessusphp — nessusphp
 
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. 2017-08-18 not yet calculated CVE-2017-12776
MISC
netapp — ontap
 
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. 2017-08-18 not yet calculated CVE-2017-12859
CONFIRM
netapp — ontap
 
Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. 2017-08-18 not yet calculated CVE-2017-12420
CONFIRM
numpy — numpy
 
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. 2017-08-15 not yet calculated CVE-2017-12852
CONFIRM
opencv — opencv
 
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has a integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. 2017-08-15 not yet calculated CVE-2017-12863
MISC
opencv — opencv
 
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. 2017-08-15 not yet calculated CVE-2017-12862
MISC
opencv — opencv
 
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier. 2017-08-15 not yet calculated CVE-2017-12864
MISC
openstack — aodh
 
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. 2017-08-18 not yet calculated CVE-2017-12440
CONFIRM
CONFIRM
CONFIRM
CONFIRM
osisoft — multiple_products
 
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized. 2017-08-14 not yet calculated CVE-2017-9653
BID
MISC
CONFIRM
osisoft — multiple_products
 
A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a malicious web site. 2017-08-14 not yet calculated CVE-2017-9655
BID
MISC
CONFIRM
paessler — prtg_network_monitor
 
Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-08-18 not yet calculated CVE-2017-9816
CONFIRM
php_group — php ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP. 2017-08-17 not yet calculated CVE-2017-12934
CONFIRM
CONFIRM
php_group — php
 
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. 2017-08-17 not yet calculated CVE-2017-12933
CONFIRM
CONFIRM
CONFIRM
php_group — php
 
ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP. 2017-08-17 not yet calculated CVE-2017-12932
CONFIRM
CONFIRM
CONFIRM
postgresql — postgresql
 
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service. 2017-08-16 not yet calculated CVE-2017-7548
BID
SECTRACK
CONFIRM
postgresql — postgresql
 
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. 2017-08-16 not yet calculated CVE-2017-7547
BID
SECTRACK
CONFIRM
postgresql — postgresql
 
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password. 2017-08-16 not yet calculated CVE-2017-7546
BID
SECTRACK
CONFIRM
pulp — pulp
 
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. 2017-08-18 not yet calculated CVE-2015-5153
CONFIRM
qnap — ts212p_devices
 
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. 2017-08-18 not yet calculated CVE-2017-12582
MISC
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. 2017-08-18 not yet calculated CVE-2017-8255
BID
CONFIRM
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. 2017-08-18 not yet calculated CVE-2017-8256
BID
CONFIRM
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. 2017-08-18 not yet calculated CVE-2017-8265
BID
CONFIRM
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. 2017-08-18 not yet calculated CVE-2017-8261
BID
CONFIRM
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. 2017-08-18 not yet calculated CVE-2015-9038
BID
CONFIRM
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. 2017-08-18 not yet calculated CVE-2014-9979
BID
CONFIRM
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. 2017-08-18 not yet calculated CVE-2014-9981
CONFIRM
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. 2017-08-18 not yet calculated CVE-2017-8270
BID
CONFIRM
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. 2017-08-18 not yet calculated CVE-2015-9061
BID
CONFIRM
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write. 2017-08-18 not yet calculated CVE-2017-8272
BID
CONFIRM
qualcomm — android_products In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). 2017-08-18 not yet calculated CVE-2017-9678
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. 2017-08-18 not yet calculated CVE-2015-8593
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. 2017-08-18 not yet calculated CVE-2015-8594
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. 2017-08-18 not yet calculated CVE-2015-8592
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. 2017-08-18 not yet calculated CVE-2015-8596
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. 2017-08-18 not yet calculated CVE-2015-9043
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. 2017-08-18 not yet calculated CVE-2015-9042
BID
CONFIRM
qualcomm — android_products

 

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. 2017-08-18 not yet calculated CVE-2015-9044
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. 2017-08-18 not yet calculated CVE-2015-9045
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. 2017-08-18 not yet calculated CVE-2015-9047
BID
CONFIRM
qualcomm — android_products

 

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. 2017-08-18 not yet calculated CVE-2015-9046
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. 2017-08-18 not yet calculated CVE-2015-9041
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. 2017-08-18 not yet calculated CVE-2015-9040
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. 2017-08-18 not yet calculated CVE-2015-9034
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. 2017-08-18 not yet calculated CVE-2015-0576
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. 2017-08-18 not yet calculated CVE-2015-9035
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. 2017-08-18 not yet calculated CVE-2015-9036
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. 2017-08-18 not yet calculated CVE-2015-9039
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. 2017-08-18 not yet calculated CVE-2015-9037
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. 2017-08-18 not yet calculated CVE-2015-8595
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition. 2017-08-18 not yet calculated CVE-2017-7364
SECTRACK
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. 2017-08-18 not yet calculated CVE-2014-9971
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. 2017-08-18 not yet calculated CVE-2014-9969
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. 2017-08-18 not yet calculated CVE-2014-9972
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. 2017-08-18 not yet calculated CVE-2014-9973
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. 2017-08-18 not yet calculated CVE-2017-8267
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. 2017-08-18 not yet calculated CVE-2017-8268
BID
CONFIRM
qualcomm — android_products

 

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. 2017-08-18 not yet calculated CVE-2014-9968
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. 2017-08-18 not yet calculated CVE-2017-9679
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. 2017-08-18 not yet calculated CVE-2017-9685
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. 2017-08-18 not yet calculated CVE-2014-9411
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. 2017-08-18 not yet calculated CVE-2017-9684
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. 2017-08-18 not yet calculated CVE-2017-9682
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message. 2017-08-18 not yet calculated CVE-2017-9680
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. 2017-08-18 not yet calculated CVE-2017-8266
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. 2017-08-18 not yet calculated CVE-2017-8263
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. 2017-08-18 not yet calculated CVE-2015-9048
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. 2017-08-18 not yet calculated CVE-2014-9976
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. 2017-08-18 not yet calculated CVE-2014-9977
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. 2017-08-18 not yet calculated CVE-2014-9978
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. 2017-08-18 not yet calculated CVE-2015-0574
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. 2017-08-18 not yet calculated CVE-2014-9980
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. 2017-08-18 not yet calculated CVE-2014-9975
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. 2017-08-18 not yet calculated CVE-2014-9974
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. 2017-08-18 not yet calculated CVE-2017-8260
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. 2017-08-18 not yet calculated CVE-2017-8262
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. 2017-08-18 not yet calculated CVE-2017-8257
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. 2017-08-18 not yet calculated CVE-2017-8254
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. 2017-08-18 not yet calculated CVE-2017-8253
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. 2017-08-18 not yet calculated CVE-2015-0575
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. 2017-08-18 not yet calculated CVE-2015-9049
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. 2017-08-18 not yet calculated CVE-2015-9069
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. 2017-08-18 not yet calculated CVE-2016-10392
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. 2017-08-18 not yet calculated CVE-2016-10388
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition. 2017-08-18 not yet calculated CVE-2016-10389
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. 2017-08-18 not yet calculated CVE-2016-10390
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. 2017-08-18 not yet calculated CVE-2016-5872
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. 2017-08-18 not yet calculated CVE-2015-9067
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. 2017-08-18 not yet calculated CVE-2015-9063
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. 2017-08-18 not yet calculated CVE-2015-9064
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. 2017-08-18 not yet calculated CVE-2015-9065
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. 2017-08-18 not yet calculated CVE-2015-9066
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. 2017-08-18 not yet calculated CVE-2016-10391
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. 2017-08-18 not yet calculated CVE-2016-10382
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. 2017-08-18 not yet calculated CVE-2016-10346
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. 2017-08-18 not yet calculated CVE-2016-10347
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. 2017-08-18 not yet calculated CVE-2016-10380
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. 2017-08-18 not yet calculated CVE-2016-10381
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. 2017-08-18 not yet calculated CVE-2016-10344
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. 2017-08-18 not yet calculated CVE-2016-10343
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. 2017-08-18 not yet calculated CVE-2015-9070
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. 2017-08-18 not yet calculated CVE-2015-9071
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. 2017-08-18 not yet calculated CVE-2015-9072
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. 2017-08-18 not yet calculated CVE-2015-9073
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. 2017-08-18 not yet calculated CVE-2015-9062
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. 2017-08-18 not yet calculated CVE-2015-9068
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. 2017-08-18 not yet calculated CVE-2015-9050
BID
CONFIRM
qualcomm — android_products

 

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message. 2017-08-18 not yet calculated CVE-2015-9051
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. 2017-08-18 not yet calculated CVE-2016-10383
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. 2017-08-18 not yet calculated CVE-2015-9053
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. 2017-08-18 not yet calculated CVE-2015-9052
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. 2017-08-18 not yet calculated CVE-2015-9055
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. 2017-08-18 not yet calculated CVE-2015-9060
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. 2017-08-18 not yet calculated CVE-2016-5871
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. 2017-08-18 not yet calculated CVE-2016-10386
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. 2017-08-18 not yet calculated CVE-2016-10385
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. 2017-08-18 not yet calculated CVE-2016-10387
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. 2017-08-18 not yet calculated CVE-2015-9054
BID
CONFIRM
qualcomm — android_products
 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. 2017-08-18 not yet calculated CVE-2016-10384
CONFIRM
qualcomm — apple_products
 
A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. 2017-08-16 not yet calculated CVE-2017-8248
FULLDISC
BID
SECTRACK
quali — cloudshell
 
Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate. 2017-08-18 not yet calculated CVE-2017-9767
MISC
BUGTRAQ
EXPLOIT-DB
rarlab — unrar
 
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. 2017-08-18 not yet calculated CVE-2017-12942
MISC

rarlab — unrar

 

libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. 2017-08-18 not yet calculated CVE-2017-12940
MISC
rarlab — unrar
 
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. 2017-08-18 not yet calculated CVE-2017-12941
MISC
rarlab — unrar
 
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. 2017-08-18 not yet calculated CVE-2017-12938
MISC
razer — synapse
 
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. 2017-08-18 not yet calculated CVE-2017-11653
MISC
razer — synapse
 
Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. 2017-08-18 not yet calculated CVE-2017-11652
MISC
realtime — rwr-3g-100_router_firmware
 
The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. 2017-08-14 not yet calculated CVE-2017-12853
MISC
EXPLOIT-DB
resiprocate — resiprocate
 
Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response. 2017-08-18 not yet calculated CVE-2017-9454
CONFIRM
MLIST
ruby — ruby
 
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing “openuri-” followed by a crafted UID, and putting Ruby code in said directory once a meta file is created. 2017-08-18 not yet calculated CVE-2015-3649
MISC
MLIST
BID
MISC
MISC
MISC
simplight — scada_software
 
An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to place a malicious DLL file within the search path resulting in execution of arbitrary code. 2017-08-14 not yet calculated CVE-2017-9661
BID
MISC
solar_controls — heating_control_downloader
 
An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file. 2017-08-14 not yet calculated CVE-2017-9646
BID
MISC
solar_controls — wattconfig_m_software
 
An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file. 2017-08-14 not yet calculated CVE-2017-9648
BID
MISC
spring_batch_admin — spring_batch_admin
 
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. 2017-08-18 not yet calculated CVE-2017-12882
MLIST
BID
spring_batch_admin — spring_batch_admin
 
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. 2017-08-18 not yet calculated CVE-2017-12881
MLIST
BID
strongswan — strongswan
 
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. 2017-08-18 not yet calculated CVE-2017-11185
CONFIRM
symantec — messaging_gateway
 
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. 2017-08-11 not yet calculated CVE-2017-6327
BID
EXPLOIT-DB
CONFIRM
synology — assistant
 
Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. 2017-08-18 not yet calculated CVE-2017-11160
CONFIRM
synology — chat
 
Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors. 2017-08-11 not yet calculated CVE-2017-11148
BID
CONFIRM
synology — download_station
 
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. 2017-08-14 not yet calculated CVE-2017-11156
CONFIRM
synology — download_station
 
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. 2017-08-14 not yet calculated CVE-2017-11149
CONFIRM
synology — office
 
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents. 2017-08-14 not yet calculated CVE-2017-11150
CONFIRM
teikoku_databank_ltd — tbd_ca_typea
 
Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until August 10, 2017, allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 not yet calculated CVE-2017-10824
JVN
thales — nshield_connect_hardware_models
 
Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel. 2017-08-18 not yet calculated CVE-2015-1878
SECTRACK
tomax — r60g_devices
 
ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. 2017-08-18 not yet calculated CVE-2017-12589
MISC
unity_technologies –unity_editor
 
A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. 2017-08-18 not yet calculated CVE-2017-12939
CONFIRM
wildmidi — wildmidi
 
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. 2017-08-17 not yet calculated CVE-2017-11661
FULLDISC
EXPLOIT-DB
wildmidi — wildmidi
 
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. 2017-08-17 not yet calculated CVE-2017-11663
FULLDISC
EXPLOIT-DB
wildmidi — wildmidi
 
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. 2017-08-17 not yet calculated CVE-2017-11664
FULLDISC
CONFIRM
EXPLOIT-DB
wildmidi — wildmidi
 
The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. 2017-08-17 not yet calculated CVE-2017-11662
FULLDISC
EXPLOIT-DB
wordpress — wordpress
 
classescontrolleradminmodals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. 2017-08-18 not yet calculated CVE-2017-12947
MISC
MISC
wordpress — wordpress
 
CoreAdminPFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. 2017-08-18 not yet calculated CVE-2017-12948
MISC
wordpress — wordpress
 
libmodulescontributorscontributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. 2017-08-18 not yet calculated CVE-2017-12949
MISC
wordpress — wordpress
 
classescontrolleradminmodals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. 2017-08-18 not yet calculated CVE-2017-12946
MISC
MISC
wordpress — wordpress
 
Cross-site scripting (XSS) vulnerability exists in the WordPress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. 2017-08-18 not yet calculated CVE-2015-5057
MLIST
BID
MISC
x.org — libxfont
 
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. 2017-08-18 not yet calculated CVE-2007-5199
CONFIRM
CONFIRM
xamarin — xamarin.ios
 
The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka “Xamarin.iOS Elevation Of Privilege Vulnerability.” 2017-08-15 not yet calculated CVE-2017-8665
BID
CONFIRM
EXPLOIT-DB
xen_project — xen
 
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected. 2017-08-15 not yet calculated CVE-2017-12855
BID
SECTRACK
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.