SB17-240: Vulnerability Summary for the Week of August 21, 2017

Original release date: August 28, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache2triad — apache2triad Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID parameter. 2017-08-23 7.5 CVE-2017-12965
MISC
MISC
BID
aptus — styra_porttelefonkort_4400_firmware Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. 2017-08-18 10.0 CVE-2017-7278
CONFIRM
buffalo — wcr-1166ds_firmware Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. 2017-08-18 7.7 CVE-2017-10811
CONFIRM
JVN
enecho.meti — shin_kikan_toukei_houkoku_data_nyuryokuyou_program Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10821
JVN
enecho.meti — shin_kinkyuji_houkoku_data_nyuryoku_program Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10823
JVN
enecho.meti — shin_sekiyu_yunyu_chousa_houkoku_data_nyuryoku_program Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10822
JVN
enecho.meti — teikihoukokusho_sakuseishien_tool Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-2228
JVN
formcraft-wp — formcraft The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php. 2017-08-23 7.5 CVE-2017-13137
MISC
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. 2017-08-18 10.0 CVE-2014-9411
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. 2017-08-18 10.0 CVE-2014-9968
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. 2017-08-18 10.0 CVE-2014-9969
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. 2017-08-18 10.0 CVE-2014-9971
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. 2017-08-18 10.0 CVE-2014-9972
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. 2017-08-18 10.0 CVE-2014-9973
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. 2017-08-18 10.0 CVE-2014-9974
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. 2017-08-18 10.0 CVE-2014-9975
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. 2017-08-18 10.0 CVE-2014-9976
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. 2017-08-18 10.0 CVE-2014-9977
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. 2017-08-18 10.0 CVE-2014-9978
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. 2017-08-18 10.0 CVE-2014-9979
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. 2017-08-18 10.0 CVE-2014-9980
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. 2017-08-18 10.0 CVE-2014-9981
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. 2017-08-18 10.0 CVE-2015-0574
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. 2017-08-18 10.0 CVE-2015-0575
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. 2017-08-18 7.6 CVE-2015-0576
MISC.
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. 2017-08-18 10.0 CVE-2015-8592
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. 2017-08-18 10.0 CVE-2015-8593
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. 2017-08-18 10.0 CVE-2015-8594
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. 2017-08-18 10.0 CVE-2015-8595
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. 2017-08-18 10.0 CVE-2015-8596
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. 2017-08-18 10.0 CVE-2015-9034
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. 2017-08-18 10.0 CVE-2015-9035
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. 2017-08-18 10.0 CVE-2015-9036
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. 2017-08-18 10.0 CVE-2015-9037
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. 2017-08-18 10.0 CVE-2015-9038
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. 2017-08-18 10.0 CVE-2015-9039
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. 2017-08-18 10.0 CVE-2015-9040
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. 2017-08-18 10.0 CVE-2015-9041
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. 2017-08-18 10.0 CVE-2015-9042
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. 2017-08-18 10.0 CVE-2015-9043
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. 2017-08-18 10.0 CVE-2015-9044
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. 2017-08-18 10.0 CVE-2015-9045
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. 2017-08-18 10.0 CVE-2015-9046
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. 2017-08-18 10.0 CVE-2015-9047
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. 2017-08-18 10.0 CVE-2015-9048
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. 2017-08-18 10.0 CVE-2015-9049
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. 2017-08-18 10.0 CVE-2015-9050
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message. 2017-08-18 10.0 CVE-2015-9051
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. 2017-08-18 10.0 CVE-2015-9052
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. 2017-08-18 10.0 CVE-2015-9053
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. 2017-08-18 10.0 CVE-2015-9054
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. 2017-08-18 10.0 CVE-2015-9055
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. 2017-08-18 10.0 CVE-2015-9060
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. 2017-08-18 10.0 CVE-2015-9061
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. 2017-08-18 10.0 CVE-2015-9062
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. 2017-08-18 10.0 CVE-2015-9063
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. 2017-08-18 10.0 CVE-2015-9064
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. 2017-08-18 10.0 CVE-2015-9065
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. 2017-08-18 10.0 CVE-2015-9066
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. 2017-08-18 10.0 CVE-2015-9067
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. 2017-08-18 10.0 CVE-2015-9068
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. 2017-08-18 10.0 CVE-2015-9069
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9070
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9071
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9072
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. 2017-08-18 10.0 CVE-2015-9073
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. 2017-08-18 10.0 CVE-2016-10343
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. 2017-08-18 10.0 CVE-2016-10344
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. 2017-08-18 10.0 CVE-2016-10346
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. 2017-08-18 10.0 CVE-2016-10347
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. 2017-08-18 10.0 CVE-2016-10380
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. 2017-08-18 10.0 CVE-2016-10381
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. 2017-08-18 10.0 CVE-2016-10382
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. 2017-08-18 9.3 CVE-2016-10383
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl. 2017-08-18 10.0 CVE-2016-10384
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. 2017-08-18 10.0 CVE-2016-10385
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. 2017-08-18 10.0 CVE-2016-10386
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario. 2017-08-18 10.0 CVE-2016-10387
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. 2017-08-18 10.0 CVE-2016-10388
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition. 2017-08-18 9.3 CVE-2016-10389
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. 2017-08-18 10.0 CVE-2016-10390
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. 2017-08-18 10.0 CVE-2016-10391
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. 2017-08-18 10.0 CVE-2016-10392
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. 2017-08-18 10.0 CVE-2016-5871
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. 2017-08-18 10.0 CVE-2016-5872
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701. 2017-08-23 9.3 CVE-2017-0805
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition. 2017-08-18 10.0 CVE-2017-7364
SECTRACK
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. 2017-08-18 9.3 CVE-2017-8253
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. 2017-08-18 9.3 CVE-2017-8255
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. 2017-08-18 7.6 CVE-2017-8262
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. 2017-08-18 9.3 CVE-2017-8263
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write. 2017-08-18 7.6 CVE-2017-8267
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read. 2017-08-18 9.3 CVE-2017-8268
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy(). 2017-08-18 9.3 CVE-2017-9678
BID
CONFIRM
MISC.
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition. 2017-08-18 7.6 CVE-2017-9684
BID
CONFIRM
MISC.
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. 2017-08-18 9.3 CVE-2017-9685
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. 2017-08-22 7.1 CVE-2017-13133
BID
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. 2017-08-23 7.5 CVE-2017-13139
CONFIRM
CONFIRM
kddi — qua_station_firmware Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-2289
JVN
libsass — libsass There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack. 2017-08-18 7.8 CVE-2017-12964
MISC
linux — linux_kernel The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. 2017-08-19 7.2 CVE-2017-10662
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. 2017-08-19 7.2 CVE-2017-10663
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
nexusphp — nexusphp NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. 2017-08-21 7.5 CVE-2017-12981
MISC
nexusphp_project — nexusphp SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. 2017-08-18 7.5 CVE-2017-12776
MISC
nih — libzip Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors. 2017-08-23 7.5 CVE-2017-12858
BID
CONFIRM
qnap — ts-212p_firmware Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station. 2017-08-18 7.5 CVE-2017-12582
MISC
rarlab — unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. 2017-08-18 7.5 CVE-2017-12940
MISC
rarlab — unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. 2017-08-18 7.5 CVE-2017-12941
MISC
rarlab — unrar libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. 2017-08-18 7.5 CVE-2017-12942
MISC
teikoku_databank — type_a Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-08-18 9.3 CVE-2017-10824
JVN
wago — wago_i/o_plc_758-870_firmware WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. 2017-08-22 10.0 CVE-2015-6473
MISC
FULLDISC
BID
x.org — libxfont A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. 2017-08-18 7.5 CVE-2007-5199
CONFIRM
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
altools — alzip Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of “AUX” as the initial substring of a filename. 2017-08-19 6.8 CVE-2017-11323
MISC
MISC
apache2triad — apache2triad Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php. 2017-08-23 6.8 CVE-2017-12970
MISC
MISC
BID
apache2triad — apache2triad Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the account parameter to phpsftpd/users.php. 2017-08-23 4.3 CVE-2017-12971
MISC
MISC
BID
asn1c_project — asn1c The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. 2017-08-20 4.3 CVE-2017-12966
MISC
asus — dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. 2017-08-18 6.5 CVE-2017-12592
MISC
asus — dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. 2017-08-18 6.8 CVE-2017-12593
MISC
attic_project — attic attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to “unencrypted / without key file”. 2017-08-18 4.0 CVE-2015-4082
MLIST
BID
CONFIRM
CONFIRM
broken_link_checker_project — broken_link_checker Cross-site scripting (XSS) vulnerability exists in the WordPress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. 2017-08-18 4.3 CVE-2015-5057
MLIST
BID
MISC
ccfile — cc_file_transfer In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many ‘|’ characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787. 2017-08-21 5.0 CVE-2017-12784
MISC
cyrusimap — cyrus_imap Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. 2017-08-22 4.0 CVE-2017-12843
CONFIRM
CONFIRM
FEDORA
CONFIRM
d-link — dir-600_b1_firmware D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. 2017-08-18 5.0 CVE-2017-12943
MISC
django-cms — django_cms Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. 2017-08-18 6.8 CVE-2015-5081
MLIST
CONFIRM
CONFIRM
dokuwiki — dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution. 2017-08-21 4.3 CVE-2017-12979
CONFIRM
dokuwiki — dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element. 2017-08-21 4.3 CVE-2017-12980
CONFIRM
easymodal_project — easy_modal classescontrolleradminmodals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. 2017-08-18 6.5 CVE-2017-12946
MISC
MISC
easymodal_project — easy_modal classescontrolleradminmodals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. 2017-08-18 6.5 CVE-2017-12947
MISC
MISC
exiv2 — exiv2 There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or possibly unspecified other impact. 2017-08-18 6.8 CVE-2017-12955
MISC
exiv2 — exiv2 There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service. 2017-08-18 4.3 CVE-2017-12956
MISC
exiv2 — exiv2 There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service. 2017-08-18 4.3 CVE-2017-12957
MISC
fedoraproject — fedora Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3. 2017-08-22 6.8 CVE-2015-5258
FEDORA
CONFIRM
gnome — librest The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. 2017-08-18 5.0 CVE-2015-2675
REDHAT
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
gnu — binutils The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary. 2017-08-19 4.3 CVE-2017-12967
BID
CONFIRM
gnu — pspp There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 CVE-2017-12958
MISC
gnu — pspp There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack. 2017-08-18 5.0 CVE-2017-12959
MISC
gnu — pspp There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 CVE-2017-12960
MISC
gnu — pspp There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service. 2017-08-18 5.0 CVE-2017-12961
MISC
google — android A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675. 2017-08-18 4.3 CVE-2017-0687
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. 2017-08-18 4.3 CVE-2017-8254
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. 2017-08-18 6.8 CVE-2017-8256
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. 2017-08-18 6.8 CVE-2017-8257
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. 2017-08-18 6.8 CVE-2017-8260
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. 2017-08-18 6.8 CVE-2017-8261
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. 2017-08-18 5.1 CVE-2017-8265
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. 2017-08-18 5.1 CVE-2017-8266
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition. 2017-08-18 5.1 CVE-2017-8270
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write. 2017-08-18 6.8 CVE-2017-8272
BID
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs. 2017-08-18 5.0 CVE-2017-9679
BID
CONFIRM
MISC.
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message. 2017-08-18 5.0 CVE-2017-9680
BID
CONFIRM
MISC.
graphicsmagick — graphicsmagick The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. 2017-08-18 6.8 CVE-2017-12935
MISC
MISC
graphicsmagick — graphicsmagick The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. 2017-08-18 6.8 CVE-2017-12936
MISC
MISC
graphicsmagick — graphicsmagick The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. 2017-08-18 6.8 CVE-2017-12937
MISC
BID
MISC
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. 2017-08-22 4.3 CVE-2017-13063
CONFIRM
CONFIRM
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. 2017-08-22 4.3 CVE-2017-13064
CONFIRM
BID
CONFIRM
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in the function SVGStartElement in coders/svg.c. 2017-08-22 4.3 CVE-2017-13065
CONFIRM
CONFIRM
graphicsmagick — graphicsmagick GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c. 2017-08-22 4.3 CVE-2017-13066
BID
CONFIRM
graphicsmagick — graphicsmagick In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value. 2017-08-23 6.8 CVE-2017-13147
CONFIRM
graphicsmagick — graphicsmagick In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c. 2017-08-23 4.3 CVE-2017-13648
CONFIRM
ibm — security_network_protection_4100_firmware Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-08-22 4.3 CVE-2014-6189
CONFIRM
BID
ibm — websphere_application_server IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576. 2017-08-18 4.3 CVE-2017-1501
CONFIRM
BID
SECTRACK
MISC
igniterealtime — openfire OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. 2017-08-18 5.0 CVE-2014-3451
MISC
MLIST
BUGTRAQ
BID
MISC
imagemagick — imagemagick Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. 2017-08-21 6.8 CVE-2017-12983
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 CVE-2017-13058
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. 2017-08-22 4.3 CVE-2017-13059
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 CVE-2017-13060
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. 2017-08-22 4.3 CVE-2017-13061
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. 2017-08-22 4.3 CVE-2017-13062
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. 2017-08-22 4.3 CVE-2017-13131
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the “dump uncompressed PseudoColor packets” step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. 2017-08-22 4.3 CVE-2017-13132
BID
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.6-6, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. 2017-08-22 4.3 CVE-2017-13134
BID
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. 2017-08-23 4.3 CVE-2017-13140
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file could trigger a memory leak in ReadOnePNGImage in coders/png.c. 2017-08-23 4.3 CVE-2017-13141
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG file could trigger a crash because there was an insufficient check for short files. 2017-08-23 4.3 CVE-2017-13142
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory. 2017-08-23 5.0 CVE-2017-13143
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.7-10, there is a crash (rather than a “width or height exceeds limit” error report) if the image dimensions are too large, as demonstrated by use of the mpc coder. 2017-08-23 4.3 CVE-2017-13144
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. 2017-08-23 4.3 CVE-2017-13145
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c. 2017-08-23 6.8 CVE-2017-13146
CONFIRM
CONFIRM
imagemagick — imagemagick In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. 2017-08-24 4.3 CVE-2017-13658
CONFIRM
CONFIRM
CONFIRM
libsass — libsass There are memory leaks in LibSass 3.4.5 triggered by deeply nested code, such as code with a long sequence of open parenthesis characters, leading to a remote denial of service attack. 2017-08-18 5.0 CVE-2017-12962
MISC
libsass — libsass There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor’s CVE-2017-11555 fix (available from GitHub after 2017-07-24). 2017-08-18 5.0 CVE-2017-12963
MISC
libtiff — libtiff The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation. 2017-08-18 5.0 CVE-2017-12944
CONFIRM
netapp — clustered_data_ontap Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code. 2017-08-18 6.5 CVE-2017-12420
BID
CONFIRM
netapp — data_ontap NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. 2017-08-18 4.3 CVE-2017-12859
BID
CONFIRM
nexusphp_project — nexusphp Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. 2017-08-18 4.3 CVE-2017-12680
MISC
BID
nongnu — icoutils Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code. 2017-08-22 6.8 CVE-2017-5208
MLIST
BID
CONFIRM
open-uri-cached_project — open-uri-cached The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing “openuri-” followed by a crafted UID, and putting Ruby code in said directory once a meta file is created. 2017-08-18 4.6 CVE-2015-3649
MISC
MLIST
BID
MISC
MISC
MISC
paessler — prtg_network_monitor Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-08-18 4.3 CVE-2017-9816
CONFIRM
phpmywind — phpmywind PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. 2017-08-21 4.3 CVE-2017-12984
MISC
podlove — podlove_podcast_publisher libmodulescontributorscontributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. 2017-08-18 6.5 CVE-2017-12949
MISC
pressforward — pressforward CoreAdminPFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. 2017-08-18 4.3 CVE-2017-12948
MISC
pulp_project — pulp Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. 2017-08-18 6.5 CVE-2015-5153
CONFIRM
qodeinteractive — bridge DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript. 2017-08-23 4.3 CVE-2017-13138
MISC
MISC
MISC
razerone — synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. 2017-08-18 4.6 CVE-2017-11652
MISC
razerone — synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. 2017-08-18 4.6 CVE-2017-11653
MISC
resiprocate — resiprocate Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response. 2017-08-18 5.0 CVE-2017-9454
CONFIRM
MLIST
spring_batch_admin_project — spring_batch_admin Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. 2017-08-18 6.8 CVE-2017-12881
MLIST
BID
strongswan — strongswan The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. 2017-08-18 5.0 CVE-2017-11185
BID
CONFIRM
tomaxcom — r60g_firmware ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. 2017-08-18 6.8 CVE-2017-12589
BID
MISC
wago — wago_i/o_plc_758-870_firmware WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. 2017-08-22 5.0 CVE-2015-6472
MISC
FULLDISC
BID

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
asus — dsl-n10s_firmware ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. 2017-08-18 3.5 CVE-2017-12591
MISC
cacti — cacti lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. 2017-08-21 3.5 CVE-2017-12978
SECTRACK
CONFIRM
CONFIRM
CONFIRM
google — android In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. 2017-08-18 2.6 CVE-2017-9682
BID
CONFIRM
MISC.
ibm — rational_requirements_composer IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246. 2017-08-18 3.5 CVE-2017-1338
CONFIRM
BID
MISC
qemu — qemu QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. 2017-08-23 2.1 CVE-2017-12809
MLIST
BID
MLIST
spring_batch_admin_project — spring_batch_admin Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. 2017-08-18 3.5 CVE-2017-12882
MLIST
BID

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accellion — file_transfer_appliance
 
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. 2017-08-22 not yet calculated CVE-2015-2857
MISC
MISC
MISC
EXPLOIT-DB
apache — pony_mail
 
Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. 2017-08-22 not yet calculated CVE-2016-4460
CONFIRM
BID
atlassian — crucible
 
The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file. 2017-08-24 not yet calculated CVE-2017-9509
MISC
MISC
atlassian — crucible
 
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter. 2017-08-24 not yet calculated CVE-2017-9507
MISC
MISC
atlassian — fisheye_and_crucible
 
The mostActiveCommitters.do resource in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks. 2017-08-24 not yet calculated CVE-2017-9512
MISC
MISC
MISC
atlassian — fisheye_and_crucible
 
The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system. 2017-08-24 not yet calculated CVE-2017-9511
MISC
MISC
MISC
atlassian — fisheye_and_crucible
 
Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file. 2017-08-24 not yet calculated CVE-2017-9508
MISC
MISC
MISC
atlassian — fisheye
 
The repository changelog resource in Atlassian FishEye before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the start date and end date parameters. 2017-08-24 not yet calculated CVE-2017-9510
MISC
MISC
atlassian — oauth_plugin
 
The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 allows remote attackers to access the content of internal network resources and/or perform an XSS attack via Server Side Request Forgery (SSRF). 2017-08-23 not yet calculated CVE-2017-9506
MISC
MISC
automated_logic_corporation — alc_webctrl
 
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. 2017-08-25 not yet calculated CVE-2017-9640
BID
MISC
automated_logic_corporation — alc_webctrl
 
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. 2017-08-25 not yet calculated CVE-2017-9650
BID
MISC
EXPLOIT-DB
automated_logic_corporation — alc_webctrl
 
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. 2017-08-25 not yet calculated CVE-2017-9644
BID
MISC
EXPLOIT-DB
bitrix — bitrix
 
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) “by” parameter to admin/orion.extfeedbackform_efbf_forms.php. 2017-08-24 not yet calculated CVE-2015-8355
BUGTRAQ
MISC
bmc_patrol — bmc_patrol
 
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring. 2017-08-22 not yet calculated CVE-2017-13130
MISC
cloud4wi — cloud4wi
 
Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI. 2017-08-24 not yet calculated CVE-2015-4699
FULLDISC
MISC
CONFIRM
cloud_foundry_foundation — capi
 
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure. 2017-08-21 not yet calculated CVE-2017-8037
CONFIRM
codiad — codiad
 
components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. 2017-08-20 not yet calculated CVE-2017-11366
MISC
MISC
MISC
MISC
connect2id — nimbus_jose+jwt
 
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation. 2017-08-20 not yet calculated CVE-2017-12974
CONFIRM
CONFIRM
CONFIRM
connect2id — nimbus_jose+jwt
 
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. 2017-08-20 not yet calculated CVE-2017-12972
CONFIRM
CONFIRM
CONFIRM
connect2id — nimbus_jose+jwt
 
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. 2017-08-20 not yet calculated CVE-2017-12973
CONFIRM
CONFIRM
CONFIRM
d-link — d-link_firmware D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allows remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session’s cookie to username=admin. 2017-08-25 not yet calculated CVE-2014-7857
MISC
FULLDISC
CONFIRM
BUGTRAQ
BID
d-link — d-link_firmware The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. 2017-08-25 not yet calculated CVE-2014-7860
MISC
FULLDISC
CONFIRM
BUGTRAQ
BID
d-link — d-link_firmware The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. 2017-08-25 not yet calculated CVE-2014-7858
MISC
FULLDISC
CONFIRM
BUGTRAQ
BID
d-link — d-link_firmware
 
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed “Host” and “Referer” header values. 2017-08-25 not yet calculated CVE-2014-7859
MISC
FULLDISC
CONFIRM
BUGTRAQ
BID
dayrui_finecms — dayrui_finecms
 
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. 2017-08-25 not yet calculated CVE-2017-13697
MISC
dnsdist — dnsdist
 
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. 2017-08-22 not yet calculated CVE-2017-7557
MISC
fortinet — fortimanager
 
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. 2017-08-22 not yet calculated CVE-2015-3617
BID
SECTRACK
CONFIRM
git-annex — git-annex
 
git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. 2017-08-20 not yet calculated CVE-2017-12976
CONFIRM
CONFIRM
CONFIRM
gnu — gnu
 
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. 2017-08-25 not yet calculated CVE-2015-1395
FEDORA
FEDORA
MLIST
BID
UBUNTU
MISC
CONFIRM
CONFIRM
CONFIRM
gnu — gnu
 
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. 2017-08-25 not yet calculated CVE-2014-9637
CONFIRM
FEDORA
FEDORA
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM

ibm — flex_system_en6131_ethernet_and_ib6131_infiniband_switch_firmware

 

CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters. 2017-08-25 not yet calculated CVE-2014-9564
BID
CONFIRM
ibm — maas360_dtm
 
IBM MaaS360 DTM all versions up to 3.81 does not perform proper verification for user rights of certain applications which could disclose sensitive information. IBM X-Force ID: 127412. 2017-08-22 not yet calculated CVE-2017-1422
CONFIRM
BID
MISC
icewarp — icewarp_mail_server
 
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name. 2017-08-23 not yet calculated CVE-2017-12844
MISC
kaspersky — kaspersky_internet_security_for_android
 
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. 2017-08-25 not yet calculated CVE-2017-12817
CONFIRM
kaspersky — kaspersky_internet_security_for_android
 
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. 2017-08-25 not yet calculated CVE-2017-12816
CONFIRM
linux — kernal
 
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. 2017-08-19 not yet calculated CVE-2017-10661
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
linux — kernel The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 not yet calculated CVE-2017-13694
MISC
MISC
linux — kernel
 
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 not yet calculated CVE-2017-13693
MISC
MISC
linux — kernel
 
net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. NOTE: this does not affect any stable release. 2017-08-24 not yet calculated CVE-2017-13686
CONFIRM
CONFIRM
linux — kernel
 
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. 2017-08-25 not yet calculated CVE-2017-13695
MISC
MISC
lxdm — lxdm
 
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. 2017-08-24 not yet calculated CVE-2015-8308
MLIST
CONFIRM
micro_focus — enterprise_developer_and_enterprise_server
 
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. 2017-08-21 not yet calculated CVE-2017-5187
MISC
micro_focus — enterprise_developer_and_enterprise_server
 
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. 2017-08-21 not yet calculated CVE-2017-7421
MISC
micro_focus — enterprise_developer_and_enterprise_server
 
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default. 2017-08-21 not yet calculated CVE-2017-7423
MISC
micro_focus — enterprise_developer_and_enterprise_server
 
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). 2017-08-21 not yet calculated CVE-2017-7420
MISC
micro_focus — enterprise_developer_and_enterprise_server
 
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. 2017-08-21 not yet calculated CVE-2017-7424
MISC
micro_focus — enterprise_developer_and_enterprise_server
 
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default. 2017-08-21 not yet calculated CVE-2017-7422
MISC
misp — misp
 
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. 2017-08-24 not yet calculated CVE-2017-13671
CONFIRM
mktexlsr — mktexlsr
 
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700. 2017-08-25 not yet calculated CVE-2015-5701
MLIST
MISC
CONFIRM
CONFIRM
CONFIRM
mktexlsr — mktexlsr
 
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. 2017-08-25 not yet calculated CVE-2015-5700
MLIST
MISC
CONFIRM
CONFIRM
CONFIRM
mrd-305-din — mrd-305-din
 
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. 2017-08-25 not yet calculated CVE-2016-5816
MISC
multicoreware — multicoreware
 
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906. 2017-08-24 not yet calculated CVE-2017-13666
MISC
nagios — nagios_core
 
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a “kill `cat /pathname/nagios.lock`” command. 2017-08-23 not yet calculated CVE-2017-12847
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
newsbeuter — newsbeuter
 
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL. 2017-08-23 not yet calculated CVE-2017-12904
DEBIAN
CONFIRM
CONFIRM
MLIST
nexusphp — nexusphp
 
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. 2017-08-24 not yet calculated CVE-2017-12679
MISC
nexusphp — nexusphp
 
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php. 2017-08-24 not yet calculated CVE-2017-13669
MISC
noviware — noviware
 
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow. 2017-08-22 not yet calculated CVE-2017-12787
EXPLOIT-DB
noviware — noviware
 
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data. 2017-08-22 not yet calculated CVE-2017-12786
EXPLOIT-DB
noviware — noviware
 
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the “show log cli” command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection. 2017-08-22 not yet calculated CVE-2017-12785
EXPLOIT-DB
ntp — ntp
 
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. 2017-08-24 not yet calculated CVE-2015-5146
CONFIRM
FEDORA
FEDORA
FEDORA
CONFIRM
DEBIAN
BID
SECTRACK
CONFIRM
GENTOO
onos — onos
 
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870). 2017-08-24 not yet calculated CVE-2015-7516
MLIST
BID
MISC
CONFIRM
CONFIRM
openjpeg — openjpeg
 
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. 2017-08-21 not yet calculated CVE-2017-12982
MISC
MISC
MISC
openstack — ocata_and_newton
 
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee. 2017-08-18 not yet calculated CVE-2017-12440
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openstack-tripleo-image-elements — openstack-tripleo-image-elements
 
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. 2017-08-22 not yet calculated CVE-2016-2102
CONFIRM
osisoft — pi_web_api
 
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. 2017-08-25 not yet calculated CVE-2017-7930
BID
MISC
osisoft — pi_web_api
 
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. 2017-08-25 not yet calculated CVE-2017-7934
BID
MISC
osisoft — pi_web_api
 
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated. 2017-08-25 not yet calculated CVE-2017-7926
BID
MISC
paessler — prtg_network_monitor
 
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML. 2017-08-24 not yet calculated CVE-2017-12879
MISC
CONFIRM
php-fpm — php-fpm
 
php-fpm allows local users to write to or create arbitrary files via a symlink attack. 2017-08-25 not yet calculated CVE-2015-3211
CONFIRM
phpmybackuppro — phpmybackuppro
 
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180. 2017-08-25 not yet calculated CVE-2015-4181
MLIST
phpmybackuppro — phpmybackuppro
 
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050. 2017-08-25 not yet calculated CVE-2015-4180
MLIST
polycom — multiple_products
 
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone’s memory which could contain an administrator’s password or other sensitive information. 2017-08-25 not yet calculated CVE-2017-12857
CONFIRM
pyjwt — pyjwt
 
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `—–BEGIN RSA PUBLIC KEY—–` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch. 2017-08-24 not yet calculated CVE-2017-11424
CONFIRM
python — kerberos
 
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. 2017-08-25 not yet calculated CVE-2015-3206
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
python — python
 
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. 2017-08-24 not yet calculated CVE-2014-4616
CONFIRM
SUSE
MLIST
BID
MISC
CONFIRM
MISC
GENTOO
red_hat — enterprise_virtualization_manager
 
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when “boot protocol” is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. 2017-08-24 not yet calculated CVE-2015-5293
CONFIRM
CONFIRM
red_hat — jboss_enterprise_application_platform
 
Get requests in JBoss Enterprise Application Platform (EAP) 7 disclose internal IP addresses to remote attackers. 2017-08-22 not yet calculated CVE-2016-6311
CONFIRM
rhev — rhev
 
oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. 2017-08-22 not yet calculated CVE-2016-6310
BID
CONFIRM
riverbed — opnet_app_response_xpert
 
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. 2017-08-26 not yet calculated CVE-2017-7693
MISC
salt — salt
 
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. 2017-08-25 not yet calculated CVE-2015-4017
MLIST
CONFIRM
CONFIRM
CONFIRM
saltstack — saltstack
 
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. 2017-08-23 not yet calculated CVE-2017-12791
BID
MISC
MISC
CONFIRM
CONFIRM
CONFIRM

samsung — galaxy_s4

 

The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. 2017-08-24 not yet calculated CVE-2015-1800
MLIST
MLIST
MLIST
BID

samsung — galaxy_s4

 

The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. 2017-08-24 not yet calculated CVE-2015-1801
MLIST
MLIST
BID
samsung — galaxy_s6
 
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. 2017-08-24 not yet calculated CVE-2015-7896
MISC
BID
CONFIRM
EXPLOIT-DB
spidercontrol — scada_microbrowser
 
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. 2017-08-25 not yet calculated CVE-2017-12707
BID
MISC
spidercontrol — scada_web_server
 
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. 2017-08-25 not yet calculated CVE-2017-12694
BID
MISC
supervisor — supervisor
 
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. 2017-08-23 not yet calculated CVE-2017-11610
DEBIAN
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
symantec — vip_access_for_desktop
 
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the application will generally follow a specific search path to locate the DLL. The exploitation of the vulnerability manifests as a simple file write (or potentially an over-write) which results in a foreign executable running under the context of the application. 2017-08-21 not yet calculated CVE-2017-6329
BID
CONFIRM
synology — photo_station_uploader
 
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory. 2017-08-23 not yet calculated CVE-2017-11159
CONFIRM
synology — photo_station
 
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. 2017-08-24 not yet calculated CVE-2017-9555
CONFIRM
synology — synology_dns_server
 
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. 2017-08-24 not yet calculated CVE-2017-12074
CONFIRM
telerik — telerik.web.ui
 
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. 2017-08-23 not yet calculated CVE-2017-11357
CONFIRM
telerik — telerik.web.ui
 
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. 2017-08-23 not yet calculated CVE-2017-11317
CONFIRM
tidy — tidy
 
In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. 2017-08-25 not yet calculated CVE-2017-13692
CONFIRM
ubuntu — apport
 
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges. 2017-08-25 not yet calculated CVE-2015-1325
MLIST
BID
UBUNTU
EXPLOIT-DB
ubuntu — apport
 
apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, or before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allows local users to write to arbitrary files and gain root privileges. 2017-08-25 not yet calculated CVE-2015-1324
BID
UBUNTU
CONFIRM
ubuntu — concurrent_versions_system
 
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by “-oProxyCommand=id;localhost:/bar.” 2017-08-24 not yet calculated CVE-2017-12836
MLIST
DEBIAN
MLIST
MLIST
BID
UBUNTU
MISC
unity_technologies — unity_editor
 
A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. 2017-08-18 not yet calculated CVE-2017-12939
BID
CONFIRM
unrealircd — unrealircd
 
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a “kill `cat /pathname`” command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command. 2017-08-23 not yet calculated CVE-2017-13649
MISC
util-linux — util-linux
 
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. 2017-08-23 not yet calculated CVE-2015-5224
MLIST
BID
CONFIRM
CONFIRM
westermo — multiple_routers
 
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. 2017-08-25 not yet calculated CVE-2017-12709
BID
MISC
westermo — multiple_routers
 
A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. 2017-08-25 not yet calculated CVE-2017-12703
BID
MISC
wordpress — photo_gallery_plugin
 
The Web-Dorado “Photo Gallery by WD – Responsive Photo Gallery” plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by administrators via the tag_id parameter. 2017-08-20 not yet calculated CVE-2017-12977
MISC
MISC
xen — xen
 
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. 2017-08-24 not yet calculated CVE-2017-12136
MLIST
BID
SECTRACK
CONFIRM
MISC
CONFIRM
xen — xen
 
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. 2017-08-24 not yet calculated CVE-2017-12137
MLIST
BID
SECTRACK
CONFIRM
MISC
CONFIRM
xen — xen
 
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. 2017-08-24 not yet calculated CVE-2017-12135
MLIST
MLIST
BID
SECTRACK
CONFIRM
MISC
CONFIRM
xen — xen
 
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. 2017-08-24 not yet calculated CVE-2017-12134
MLIST
BID
SECTRACK
CONFIRM
MISC
CONFIRM
zen_cart — zen_cart
 
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. 2017-08-24 not yet calculated CVE-2015-8352
BUGTRAQ
MISC
CONFIRM
zend-diactoros — zend-diactoros
 
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. 2017-08-25 not yet calculated CVE-2015-3257
BID
CONFIRM
zte_adsl — w300_modems
 
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. 2017-08-24 not yet calculated CVE-2015-7259
MISC
MISC
FULLDISC
EXPLOIT-DB
zte_adsl — w300_modems
 
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. 2017-08-24 not yet calculated CVE-2015-7258
MISC
MISC
FULLDISC
EXPLOIT-DB
zte_adsl — w300_modems
 
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from “support” to “admin”. 2017-08-24 not yet calculated CVE-2015-7257
MISC
MISC
FULLDISC
EXPLOIT-DB

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.