SB17-254: Vulnerability Summary for the Week of September 4, 2017

Original release date: September 11, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ffmpeg — ffmpeg In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large “nb_index_entries” field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file. 2017-09-07 7.1 CVE-2017-14170
CONFIRM
ffmpeg — ffmpeg In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large “table_entries_used” field in the header but does not contain sufficient backing data, is provided, the loop over ‘table_entries_used’ would consume huge CPU resources, since there is no EOF check inside the loop. 2017-09-07 7.1 CVE-2017-14171
CONFIRM
fujixerox — contentsbridge_utility Untrusted search path vulnerability in Installer for ContentsBridge Utility for Windows 7.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 9.3 CVE-2017-10851
CONFIRM
JVN
fujixerox — docuworks Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 and earlier and DocuWorks Viewer Light published in Jul 2017 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 9.3 CVE-2017-10848
CONFIRM
JVN
fujixerox — docuworks Untrusted search path vulnerability in Self-extracting document generated by DocuWorks 8.0.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 9.3 CVE-2017-10849
CONFIRM
JVN
gnome — gedit libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many ‘’ characters. 2017-09-05 7.1 CVE-2017-14108
MISC
MISC
helpdezk — helpdezk HelpDEZk 1.1.1 has SQL Injection in appmodulesadmincontrollersloginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. 2017-09-05 7.5 CVE-2017-14145
MISC
imagemagick — imagemagick The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-09-01 7.1 CVE-2017-12691
CONFIRM
imagemagick — imagemagick The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. 2017-09-01 7.1 CVE-2017-12692
CONFIRM
imagemagick — imagemagick The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. 2017-09-01 7.1 CVE-2017-12693
CONFIRM
imagemagick — imagemagick ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. 2017-09-04 7.5 CVE-2017-14137
CONFIRM
imagemagick — imagemagick ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. 2017-09-04 7.5 CVE-2017-14138
CONFIRM
imagemagick — imagemagick In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large “extent” field in the header but does not contain sufficient backing data, is provided, the loop over “length” would consume huge CPU resources, since there is no EOF check inside the loop. 2017-09-07 7.1 CVE-2017-14172
CONFIRM
CONFIRM
imagemagick — imagemagick In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large “length” field in the header but does not contain sufficient backing data, is provided, the loop over “length” would consume huge CPU resources, since there is no EOF check inside the loop. 2017-09-07 7.1 CVE-2017-14174
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop. 2017-09-07 7.1 CVE-2017-14175
CONFIRM
CONFIRM
mcafee — security_scan_plus A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. 2017-09-01 7.5 CVE-2017-3897
CONFIRM
BID
netapp — data_ontap NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. 2017-09-01 7.5 CVE-2015-7746
CONFIRM
ntt — enkaku_support_tool Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-01 9.3 CVE-2017-10829
CONFIRM
MISC
JVN
rarlab — unrar unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. 2017-09-03 7.5 CVE-2017-14122
MISC
MISC
salesagility — suitecrm Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. 2017-09-06 9.3 CVE-2015-5948
MLIST
MISC
CONFIRM
CONFIRM
sap — netweaver XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. 2017-09-06 7.5 CVE-2015-7241
MISC
BUGTRAQ
BID
EXPLOIT-DB
scrapy — scrapy Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore. 2017-09-05 7.8 CVE-2017-14158
MISC
MISC
simplesamlphp — simplesamlphp The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. 2017-09-01 7.5 CVE-2017-12868
CONFIRM
CONFIRM
simplesamlphp — simplesamlphp SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured. 2017-09-01 7.5 CVE-2017-12873
CONFIRM
CONFIRM
technicolor — td5336_firmware Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. 2017-09-04 10.0 CVE-2017-14127
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
aspl — libaxl Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. 2017-09-06 6.8 CVE-2015-3450
MLIST
BID
beaker-project — beaker XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server’s file system. 2017-09-06 4.0 CVE-2015-3160
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
beaker-project — beaker The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively. 2017-09-06 4.0 CVE-2015-3163
MLIST
BID
CONFIRM
CONFIRM
bento4 — bento4 The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable.cpp in Bento4 mp42ts before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. 2017-09-06 4.3 CVE-2017-12474
MISC
MISC
MISC
bento4 — bento4 The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 mp4encrypt before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. 2017-09-06 4.3 CVE-2017-12475
MISC
MISC
MISC
bento4 — bento4 The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file. 2017-09-06 4.3 CVE-2017-12476
MISC
MISC
MISC
embedthis — goahead GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a “POST / HTTP/1.1” request. 2017-09-05 5.0 CVE-2017-14149
MISC
eyesofnetwork — eonweb In the EyesOfNetwork web interface (aka eonweb) 5.1-0, moduletool_alltoolsinterface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php. 2017-09-03 6.5 CVE-2017-14118
MISC
eyesofnetwork — eonweb In the EyesOfNetwork web interface (aka eonweb) 5.1-0, moduletool_alltoolssnmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter. 2017-09-03 6.5 CVE-2017-14119
MISC
ffmpeg — ffmpeg In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a large “item_num” field such as 0xffffffff, is provided. As a result, the variable “item_num” turns negative, bypassing the check for a large value. 2017-09-07 6.8 CVE-2017-14169
CONFIRM
froxlor — froxlor Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. 2017-09-06 5.0 CVE-2015-5959
MLIST
BID
CONFIRM
gnome — evince backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a “–” command-line option substring, as demonstrated by a –checkpoint-action=exec=bash at the beginning of the filename. 2017-09-05 6.8 CVE-2017-1000083
MISC
BID
MISC
MISC
gnome — gdk-pixbuf An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. 2017-09-05 6.8 CVE-2017-2862
BID
MISC
gnome — gdk-pixbuf An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. 2017-09-05 6.8 CVE-2017-2870
BID
MISC
gnu — binutils The decode_line_info function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (read_1_byte heap-based buffer over-read and application crash) via a crafted ELF file. 2017-09-04 4.3 CVE-2017-14128
BID
CONFIRM
CONFIRM
gnu — binutils The read_section function in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (parse_comp_unit heap-based buffer over-read and application crash) via a crafted ELF file. 2017-09-04 4.3 CVE-2017-14129
BID
CONFIRM
CONFIRM
gnu — binutils The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (_bfd_elf_attr_strdup heap-based buffer over-read and application crash) via a crafted ELF file. 2017-09-04 4.3 CVE-2017-14130
BID
CONFIRM
CONFIRM
graphicsmagick — graphicsmagick The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403. 2017-09-01 6.8 CVE-2017-14103
MISC
MISC
helpdezk — helpdezk HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezkappuploadshelpdezkattachments directory. 2017-09-05 6.5 CVE-2017-14146
MISC
honda — moto_linc Honda Moto LINC 1.6.1 does not verify SSL certificates. 2017-09-06 4.3 CVE-2015-2943
JVN
JVNDB
ibm — emptoris_strategic_supply_management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657. 2017-09-05 6.8 CVE-2017-1097
CONFIRM
MISC
ibm — inotes IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370. 2017-09-05 4.3 CVE-2017-1129
CONFIRM
CONFIRM
MISC
EXPLOIT-DB
ibm — inotes IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371. 2017-09-05 4.3 CVE-2017-1130
CONFIRM
BID
MISC
EXPLOIT-DB
ibm — qradar_network_security IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376. 2017-09-05 4.3 CVE-2017-1457
CONFIRM
BID
MISC
ibm — qradar_network_security IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377. 2017-09-05 5.5 CVE-2017-1458
CONFIRM
BID
MISC
ibm — qradar_network_security IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 128689. 2017-09-05 5.0 CVE-2017-1491
CONFIRM
MISC
imagemagick — imagemagick ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. 2017-09-04 6.8 CVE-2017-14139
CONFIRM
imagemagick — imagemagick In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation “GetQuantumRange(depth)+1” when “depth” is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large “max_value” value. 2017-09-07 4.3 CVE-2017-14173
CONFIRM
CONFIRM
jasper_project — jasper JasPer 2.0.13 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jas_image_ishomosamp function in libjasper/base/jas_image.c. 2017-09-04 4.3 CVE-2017-14132
MISC
ledger-cli — ledger An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. 2017-09-05 6.8 CVE-2017-2807
BID
MISC
ledger-cli — ledger An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability. 2017-09-05 6.8 CVE-2017-2808
BID
MISC
lexmark — perceptive_document_filters An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution. 2017-09-05 6.8 CVE-2017-2821
BID
MISC
lexmark — perceptive_document_filters An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability. 2017-09-05 6.8 CVE-2017-2822
BID
MISC
libarchive — libarchive libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. 2017-09-06 4.3 CVE-2017-14166
MISC
MISC
libzip_project — libzip The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive. 2017-09-01 4.3 CVE-2017-14107
MISC
MISC
linux — linux_kernel The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. 2017-09-01 4.9 CVE-2017-14106
CONFIRM
CONFIRM
CONFIRM
mcafee — livesafe A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. 2017-09-01 4.3 CVE-2017-3898
CONFIRM
mimedefang — mimedefang MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a “kill `cat /pathname`” command, as demonstrated by the init-script.in and mimedefang-init.in scripts. 2017-09-01 4.6 CVE-2017-14102
MISC
MISC
netapp — clustered_data_ontap NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage controller via unspecified vectors. 2017-09-01 6.5 CVE-2017-12421
CONFIRM
netapp — clustered_data_ontap NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to read data on other Storage Virtual Machines (SVMs) via unspecified vectors. 2017-09-01 4.0 CVE-2017-12423
CONFIRM
netapp — data_ontap NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling. 2017-09-01 4.0 CVE-2016-1895
CONFIRM
netapp — oncommand_unified_manager_for_clustered_data_ontap NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. 2017-09-01 5.0 CVE-2017-14053
CONFIRM
opencv — opencv OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12597. 2017-09-04 4.3 CVE-2017-14136
MISC
MISC
MISC
openjpeg — openjpeg An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution. 2017-09-05 6.8 CVE-2017-14151
BID
MISC
MISC
MISC
openjpeg — openjpeg A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution. 2017-09-05 6.8 CVE-2017-14152
MISC
MISC
MISC
qemu — qemu Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. 2017-09-01 5.0 CVE-2017-13711
MLIST
BID
CONFIRM
MLIST
rarlab — unrar unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. 2017-09-03 5.0 CVE-2017-14120
MISC
MISC
rarlab — unrar The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive. 2017-09-03 6.8 CVE-2017-14121
MISC
MISC
simplesamlphp — infocard_module The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities. 2017-09-01 5.0 CVE-2017-12874
CONFIRM
simplesamlphp — simplesamlphp The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remote attackers to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input. 2017-09-01 5.0 CVE-2017-12869
CONFIRM
simplesamlphp — simplesamlphp SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers. 2017-09-01 4.3 CVE-2017-12870
CONFIRM
simplesamlphp — simplesamlphp The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV). 2017-09-01 4.3 CVE-2017-12871
CONFIRM
CONFIRM
simplesamlphp — simplesamlphp The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input. 2017-09-01 4.3 CVE-2017-12872
CONFIRM
suitecrm — suitecrm SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. 2017-09-06 6.8 CVE-2015-5947
MLIST
CONFIRM
CONFIRM
CONFIRM
vulcanjs — vulcan TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. 2017-09-06 5.0 CVE-2015-3454
MLIST
BID
CONFIRM
MISC
xnau — participants_database The Participants Database plugin before 1.7.5.10 for WordPress has XSS. 2017-09-04 4.3 CVE-2017-14126
MISC
CONFIRM
EXPLOIT-DB

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
beaker-project — beaker The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape tags in string literals when producing JSON. 2017-09-06 3.5 CVE-2015-3161
MLIST
BID
CONFIRM
MISC
CONFIRM
beaker-project — beaker Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked cancelled job. 2017-09-06 3.5 CVE-2015-3162
MLIST
BID
CONFIRM
MISC
CONFIRM
linux — linux_kernel The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn’t check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR. 2017-09-05 2.1 CVE-2017-14140
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes. 2017-09-05 2.1 CVE-2017-14156
BID
MISC
MISC
MISC
qemu — qemu QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. 2017-09-01 2.1 CVE-2017-13672
MLIST
BID
CONFIRM
MLIST

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
anchor-cms — anchor-cms
 
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. 2017-09-07 not yet calculated CVE-2015-5060
CONFIRM
apache — hadoop
 
The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. 2017-09-05 not yet calculated CVE-2016-3086
MLIST
BID
apache_directory — ldap_api
 
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors. 2017-09-07 not yet calculated CVE-2015-3250
CONFIRM
MLIST
MLIST
CONFIRM
askbot — askbot
 
Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch. 2017-09-07 not yet calculated CVE-2015-3169
MLIST
BID
CONFIRM
asterisk — asterisk In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an “externnotify” program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection. 2017-09-02 not yet calculated CVE-2017-14100
CONFIRM
SECTRACK
CONFIRM
CONFIRM
asterisk — asterisk
 
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. 2017-09-02 not yet calculated CVE-2017-14098
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
asterisk — asterisk
 
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The “strictrtp” option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The “nat” and “rtp_symmetric” options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well. 2017-09-02 not yet calculated CVE-2017-14099
CONFIRM
SECTRACK
CONFIRM
CONFIRM
MISC
at&t — u-verse_firmware
 
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports. 2017-09-03 not yet calculated CVE-2017-10793
BID
MISC
MISC
at&t — u-verse_firmware
 
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with “nc -l” support. 2017-09-03 not yet calculated CVE-2017-14116
BID
MISC
MISC
at&t — u-verse_firmware
 
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a “Terminal shell v1.0” service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. 2017-09-03 not yet calculated CVE-2017-14115
BID
MISC
MISC
at&t — u-verse_firmware
 
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending x2axcex01 followed by other predictable values. 2017-09-03 not yet calculated CVE-2017-14117
BID
MISC
MISC
azeotech — daqfactory
 
An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path. 2017-09-08 not yet calculated CVE-2017-5147
BID
MISC
azeotech — daqfactory
 
An Incorrect Default Permissions issue was discovered in AzeoTech DAQFactory versions prior to 17.1. Local, non-administrative users may be able to replace or modify original application files with malicious ones. 2017-09-08 not yet calculated CVE-2017-12699
BID
MISC
centreon — centreon
 
Cross-site scripting (XSS) vulnerability in Centreon 2.6.1. 2017-09-07 not yet calculated CVE-2015-7672
MISC
cisco — asyncos_software_for_cisco_security_appliances A vulnerability in the malware detection functionality within Advanced Malware Protection (AMP) of Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated, remote attacker to cause an email attachment containing malware to be delivered to the end user. The vulnerability is due to the failure of AMP to scan certain EML attachments that could contain malware. An attacker could exploit this vulnerability by sending an email with a crafted EML attachment through the targeted device. A successful exploit could allow the attacker to bypass the configured ESA email message and content filtering and allow the malware to be delivered to the end user. Vulnerable Products: This vulnerability affects Cisco AsyncOS Software for Cisco ESA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA. Cisco Bug IDs: CSCuz81533. 2017-09-07 not yet calculated CVE-2017-12218
SECTRACK
CONFIRM
cisco — emergency_responder
 
A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements. An exploit could allow the attacker to view or modify entries in some database tables, affecting the integrity of the data. Cisco Bug IDs: CSCvb58973. 2017-09-07 not yet calculated CVE-2017-12227
BID
SECTRACK
CONFIRM
cisco — firepower_management_center
 
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc50771. 2017-09-07 not yet calculated CVE-2017-12220
BID
CONFIRM
cisco — firepower_management_center

 

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. The vulnerability is due to insufficient validation of user-supplied input by the affected software. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code in the context of the affected system. Cisco Bug IDs: CSCvc38983. 2017-09-07 not yet calculated CVE-2017-12221
BID
CONFIRM
cisco — gprs_tunneling_protocol
 
A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation of GPRS Tunneling Protocol packet headers. An attacker could exploit this vulnerability by sending a malformed GPRS Tunneling Protocol packet to an affected device. A successful exploit could allow the attacker to cause the GTPUMGR process on an affected device to restart unexpectedly, resulting in a partial DoS condition. If the GTPUMGR process restarts, there could be a brief impact on traffic passing through the device. Cisco Bug IDs: CSCve07119. 2017-09-07 not yet calculated CVE-2017-12217
BID
SECTRACK
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this vulnerability by polling the affected device IPv6 information. An exploit could allow the attacker to trigger high CPU usage or a reload of the device. Known Affected Releases: Denali-16.3.1. Cisco Bug IDs: CSCvb14640. 2017-09-07 not yet calculated CVE-2017-12211
BID
SECTRACK
CONFIRM
CONFIRM
cisco — ios_and_ios_xe
 
A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506. 2017-09-07 not yet calculated CVE-2017-6627
BID
SECTRACK
CONFIRM
cisco — ios_xe
 
A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949. 2017-09-07 not yet calculated CVE-2017-6796
BID
SECTRACK
CONFIRM
cisco — ios_xe
 
A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751. 2017-09-07 not yet calculated CVE-2017-12213
BID
SECTRACK
CONFIRM
cisco — ios_xe
 
A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device. Cisco Bug IDs: CSCvf10783. 2017-09-07 not yet calculated CVE-2017-6795
BID
SECTRACK
CONFIRM
cisco — iot_field_network_director A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process. This vulnerability affects the following Cisco products: Connected Grid Network Management System, if running a software release prior to IoT-FND Release 4.0; IoT Field Network Director, if running a software release prior to IoT-FND Release 4.0. Cisco Bug IDs: CSCvc77164. 2017-09-07 not yet calculated CVE-2017-6780
BID
CONFIRM
cisco — ir800_integrated_services_router_software
 
A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnerability is due to insufficient sanitization of user input. An attacker who can access an affected router via the console could exploit this vulnerability by entering ROMMON mode and modifying ROMMON variables. A successful exploit could allow the attacker to execute arbitrary code and install a malicious version of Hypervisor firmware on an affected device. Cisco Bug IDs: CSCvb44027. 2017-09-07 not yet calculated CVE-2017-12223
SECTRACK
CONFIRM
cisco — meeting server
 
A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due to the incorrect implementation of the configuration setting Guest access via hyperlinks, which should allow the administrative user to prevent guest users from using hyperlinks to connect to meetings. An attacker could exploit this vulnerability by using a crafted hyperlink to connect to a meeting. An exploit could allow the attacker to connect directly to the meeting with a hyperlink, even though access should be denied. The attacker would still require a valid hyperlink and encoded secret identifier to be connected. Cisco Bug IDs: CSCve20873. 2017-09-07 not yet calculated CVE-2017-12224
BID
SECTRACK
CONFIRM
cisco — meeting_server
 
A vulnerability in the CLI command-parsing code of Cisco Meeting Server could allow an authenticated, local attacker to perform command injection and escalate their privileges to root. The attacker must first authenticate to the application with valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input at the CLI for certain commands. An attacker could exploit this vulnerability by authenticating to the affected application and submitting a crafted CLI command for execution at the Cisco Meeting Server CLI. An exploit could allow the attacker to perform command injection and escalate their privilege level to root. Vulnerable Products: This vulnerability exists in Cisco Meeting Server software versions prior to and including 2.0, 2.1, and 2.2. Cisco Bug IDs: CSCvf53830. 2017-09-07 not yet calculated CVE-2017-6794
BID
SECTRACK
CONFIRM
cisco — prime_collaboration_provisioning_tool
 
A vulnerability in the Inventory Management feature of Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to view sensitive information on the system. The vulnerability is due to insufficient protection of restricted information. An attacker could exploit this vulnerability by accessing unauthorized information via the user interface. Cisco Bug IDs: CSCvd61932. 2017-09-07 not yet calculated CVE-2017-6793
SECTRACK
CONFIRM
cisco — prime_collaboration_provisioning_tool
 
A vulnerability in the batch provisioning feature in Cisco Prime Collaboration Provisioning Tool could allow an authenticated, remote attacker to overwrite system files as root. The vulnerability is due to lack of input validation of the parameters in BatchFileName and Directory. An attacker could exploit this vulnerability by manipulating the parameters of the batch action file function. Cisco Bug IDs: CSCvd61766. 2017-09-07 not yet calculated CVE-2017-6792
BID
SECTRACK
CONFIRM
cisco — prime_lan_management_solution
 
A vulnerability in the web functionality of the Cisco Prime LAN Management Solution could allow an authenticated, remote attacker to hijack another user’s administrative session, aka a Session Fixation Vulnerability. The vulnerability is due to the reuse of a preauthentication session token as part of the postauthentication session. An attacker could exploit this vulnerability by obtaining the presession token ID. An exploit could allow an attacker to hijack an existing user’s session. Known Affected Releases 4.2(5). Cisco Bug IDs: CSCvf58392. 2017-09-07 not yet calculated CVE-2017-12225
SECTRACK
CONFIRM
CONFIRM
cisco — socialminer
 
A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files and execute remote code within the application. Cisco Bug IDs: CSCvf47946. 2017-09-07 not yet calculated CVE-2017-12216
BID
SECTRACK
CONFIRM
cisco — unified_intelligence_center
 
A vulnerability in the Trust Verification Service (TVS) of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Transport Layer Security (TLS) traffic by the affected software. An attacker could exploit this vulnerability by generating incomplete traffic streams. A successful exploit could allow the attacker to deny access to the TVS for an affected device, resulting in a DoS condition, until an administrator restarts the service. Known Affected Releases 10.0(1.10000.24) 10.5(2.10000.5) 11.0(1.10000.10) 9.1(2.10000.28). Cisco Bug IDs: CSCux21905. 2017-09-07 not yet calculated CVE-2017-6791
BID
SECTRACK
CONFIRM
CONFIRM
cisco — unified_intelligence_center
 
A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client-side cross-site scripting (XSS) attack. The vulnerability occurs because user-supplied data in the DOM input is not validated. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious DOM statements to the affected system. A successful exploit could allow the attacker to affect the integrity of the system by manipulating the database. Known Affected Releases 11.0(1)ES10. Cisco Bug IDs: CSCvf18325. 2017-09-07 not yet calculated CVE-2017-6789
BID
SECTRACK
CONFIRM
CONFIRM
cisco — unity_connection
 
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user’s browser in the context of an affected site. Known Affected Releases 10.5(2). Cisco Bug IDs: CSCvf25345. 2017-09-07 not yet calculated CVE-2017-12212
BID
SECTRACK
CONFIRM
CONFIRM
cisco — yes_set-top_boxes
 
A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the firmware of an affected device fails to handle certain XML values that are passed to the HTTP RPC service listening on the local subnet of the device. An attacker could exploit this vulnerability by submitting a malformed request to an affected device. A successful attack could cause the affected device to restart, resulting in a DoS condition. Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action. Vulnerable Products: This vulnerability affects YesMaxTotal, YesMax HD, and YesQuattro STB devices. Cisco Bug IDs: CSCvd08812. 2017-09-07 not yet calculated CVE-2017-6631
BID
CONFIRM
concrete5 — concrete5
 
SQL injection vulnerability in Concrete5 5.7.3.1. 2017-09-07 not yet calculated CVE-2015-4724
MISC
concrete5 — concrete5
 
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. 2017-09-07 not yet calculated CVE-2015-4721
MISC
d-link — dir-600l
 
Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors. 2017-09-07 not yet calculated CVE-2016-10405
CONFIRM
dayrui — finecms
 
The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field. 2017-09-07 not yet calculated CVE-2017-14192
MISC
dayrui — finecms
 
The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. 2017-09-07 not yet calculated CVE-2017-14194
MISC
dayrui — finecms
 
The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. 2017-09-07 not yet calculated CVE-2017-14193
MISC
dayrui — finecms
 
The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer. 2017-09-07 not yet calculated CVE-2017-14195
MISC
devscripts — devscripts
 
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. 2017-09-06 not yet calculated CVE-2015-5705
FEDORA
FEDORA
MLIST
CONFIRM
CONFIRM
CONFIRM
diving_log — diving_log
 
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. 2017-09-08 not yet calculated CVE-2017-9095
MISC
django — django
 
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn’t affect most production sites since you shouldn’t run with “DEBUG = True” (which makes this page accessible) in your production settings. 2017-09-07 not yet calculated CVE-2017-12794
BID
SECTRACK
CONFIRM
epicor_crs — retail_store
 
The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell. 2017-09-06 not yet calculated CVE-2015-2210
MISC
BUGTRAQ
etherpad — etherpad
 
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. 2017-09-07 not yet calculated CVE-2015-4085
MLIST
CONFIRM
ffmpeg — ffmpeg In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large “ict” field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-09-08 not yet calculated CVE-2017-14223
CONFIRM
ffmpeg — ffmpeg
 
The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) 2017-09-09 not yet calculated CVE-2017-14225
MISC
MISC
ffmpeg — ffmpeg
 
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large “item_count” field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-09-08 not yet calculated CVE-2017-14222
CONFIRM
fiberhome — user_end_routers_an1020-25
 
An issue was discovered on FiberHome User End Routers bearing model number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password. 2017-09-07 not yet calculated CVE-2017-14147
MISC
glibc — glibc
 
The DNS stub resolver in the GNU C Library (glibc) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation. 2017-09-07 not yet calculated CVE-2017-12133
FEDORA
CONFIRM
CONFIRM
gongjin_electronics — t&w_wifi_repeater_be126
 
T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg. 2017-09-07 not yet calculated CVE-2017-13713
MISC
EXPLOIT-DB
google — android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741. 2017-09-08 not yet calculated CVE-2017-0758
BID
CONFIRM
google — android A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744. 2017-09-08 not yet calculated CVE-2017-0753
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911. 2017-09-08 not yet calculated CVE-2017-0773
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122. 2017-09-08 not yet calculated CVE-2017-0769
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101. 2017-09-08 not yet calculated CVE-2017-0786
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243. 2017-09-08 not yet calculated CVE-2017-0771
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815. 2017-09-08 not yet calculated CVE-2017-0757
BID
CONFIRM
google — android A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117. 2017-09-08 not yet calculated CVE-2017-0779
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103. 2017-09-08 not yet calculated CVE-2017-0788
BID
CONFIRM
google — android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499. 2017-09-08 not yet calculated CVE-2017-0777
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477. 2017-09-08 not yet calculated CVE-2017-0803
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381. 2017-09-08 not yet calculated CVE-2017-0761
BID
CONFIRM
google — android A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. 2017-09-08 not yet calculated CVE-2017-0792
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268. 2017-09-08 not yet calculated CVE-2017-0759
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480. 2017-09-08 not yet calculated CVE-2017-0795
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854. 2017-09-08 not yet calculated CVE-2017-0797
BID
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844. 2017-09-08 not yet calculated CVE-2017-0774
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532. 2017-09-08 not yet calculated CVE-2017-0798
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887. 2017-09-08 not yet calculated CVE-2017-0796
BID
CONFIRM
google — android
 
A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946. 2017-09-08 not yet calculated CVE-2017-0793
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072. 2017-09-08 not yet calculated CVE-2017-0799
BID
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076. 2017-09-08 not yet calculated CVE-2017-0772
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818. 2017-09-08 not yet calculated CVE-2017-0802
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992. 2017-09-08 not yet calculated CVE-2017-0768
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988. 2017-09-08 not yet calculated CVE-2017-0800
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101. 2017-09-08 not yet calculated CVE-2017-0790
BID
CONFIRM
google — android
 
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227. 2017-09-08 not yet calculated CVE-2017-0778
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812. 2017-09-08 not yet calculated CVE-2017-0770
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812. 2017-09-08 not yet calculated CVE-2017-0794
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980. 2017-09-08 not yet calculated CVE-2017-0801
BID
CONFIRM
google — android
 
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660. 2017-09-08 not yet calculated CVE-2017-0776
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102. 2017-09-08 not yet calculated CVE-2017-0789
BID
CONFIRM
google — android
 
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179. 2017-09-08 not yet calculated CVE-2017-0775
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407. 2017-09-08 not yet calculated CVE-2017-0767
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015. 2017-09-08 not yet calculated CVE-2017-0764
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264. 2017-09-08 not yet calculated CVE-2017-0762
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688. 2017-09-08 not yet calculated CVE-2017-0766
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. 2017-09-08 not yet calculated CVE-2017-0763
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863. 2017-09-08 not yet calculated CVE-2017-0765
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302. 2017-09-08 not yet calculated CVE-2017-0791
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396. 2017-09-08 not yet calculated CVE-2017-0760
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958. 2017-09-08 not yet calculated CVE-2017-0784
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. 2017-09-08 not yet calculated CVE-2017-0752
BID
CONFIRM
google — android
 
A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. 2017-09-08 not yet calculated CVE-2017-0756
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311. 2017-09-08 not yet calculated CVE-2017-0755
BID
CONFIRM
google — android
 
A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976. 2017-09-08 not yet calculated CVE-2017-0780
BID
CONFIRM
google — android
 
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104. 2017-09-08 not yet calculated CVE-2017-0787
BID
CONFIRM
graphicsmagick — graphicsmagick
 
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has an issue where memory allocation is excessive because it depends only on a length field in a header. This may lead to remote denial of service in the MagickMalloc function in magick/memory.c. 2017-09-06 not yet calculated CVE-2017-14165
MISC
MISC
huawei — e5756s
 
Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. 2017-09-07 not yet calculated CVE-2015-4629
BID
CONFIRM
ibm — content_navigator_&_cmis
 
IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577. 2017-09-07 not yet calculated CVE-2017-1502
CONFIRM
MISC
ibm — emptoris_supplier_lifecycle_management
 
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658. 2017-09-07 not yet calculated CVE-2017-1098
CONFIRM
MISC
ibm — flex_system
 
Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware 3.4.0000 and earlier. 2017-09-07 not yet calculated CVE-2014-9565
BID
CONFIRM
ibm — websphere_portal_web_content_manager
 
IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558. 2017-09-07 not yet calculated CVE-2017-1189
CONFIRM
SECTRACK
MISC
idapauth-fork — idapauth-fork
 
Idapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username. 2017-09-06 not yet calculated CVE-2015-7294
MLIST
MLIST
CONFIRM
CONFIRM
imagemagick — imagemagick
 
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. 2017-09-08 not yet calculated CVE-2017-14224
CONFIRM
intel — firmware_for_multiple_products
 
Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 can be upgraded to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges. 2017-09-05 not yet calculated CVE-2017-5698
CONFIRM
intelbras — wireless_n_router_firmware
 
XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an “airbase-ng -e” command. 2017-09-07 not yet calculated CVE-2017-14219
MISC
EXPLOIT-DB
jasper — jasper
 
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of JasPer 2.0.13. It will lead to a remote denial of service attack. 2017-09-09 not yet calculated CVE-2017-14229
MISC
joomla! — joomla!
 
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php. 2017-09-07 not yet calculated CVE-2013-7428
FULLDISC
CONFIRM
MLIST
MLIST
joomla! — joomla!
 
Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename. 2017-09-08 not yet calculated CVE-2017-2550
MISC
kamailio — kamailio
 
The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. 2017-09-07 not yet calculated CVE-2015-1590
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
lexmark — scan_to_network
 
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet. 2017-09-07 not yet calculated CVE-2017-13771
MISC
FULLDISC
libgd2 — libgd2
 
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors. 2017-09-07 not yet calculated CVE-2017-6362
DEBIAN
CONFIRM
CONFIRM
FEDORA
libwpd — libwpd
 
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. 2017-09-09 not yet calculated CVE-2017-14226
MISC
MISC
MISC
MISC
MISC
MISC
lightdm — lightdm
 
Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address. 2017-09-06 not yet calculated CVE-2015-8316
MLIST
CONFIRM
CONFIRM
linux — linux_kernel
 
The driver_override implementation in drivers/base/platform.c in the Linux kernel before 4.12.1 allows local users to gain privileges by leveraging a race condition between a read operation and a store operation that involve different overrides. 2017-09-08 not yet calculated CVE-2017-12146
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The mkdumprd script called “dracut” in the current working directory “.” allows local users to trick the administrator into executing code as root. 2017-09-08 not yet calculated CVE-2016-5759
SUSE
MLIST
linux — linux_kernel
 
Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. 2017-09-06 not yet calculated CVE-2015-5186
MLIST
BID
CONFIRM
CONFIRM
mediatek — mediatek A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487. 2017-09-08 not yet calculated CVE-2017-0804
BID
CONFIRM
mongodb — libbson
 
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. 2017-09-09 not yet calculated CVE-2017-14227
MISC
MISC
MISC
mongoose_web_server — mongoose_web_server
 
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely. 2017-09-07 not yet calculated CVE-2017-11567
MISC
FULLDISC
EXPLOIT-DB
mp3gain — mp3gain
 
The “mpglibDBL/layer3.c” file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file. 2017-09-07 not yet calculated CVE-2017-12912
MISC
mp3gain — mp3gain
 
The “apetag.c” file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file. 2017-09-07 not yet calculated CVE-2017-12911
MISC
mp4tools — aacplusenc
 
DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 allows remote attackers to cause a denial of service (invalid memory write, SEGV on unknown address 0x000000000030, and application crash) or possibly have unspecified other impact via a crafted .wav file, aka a NULL pointer dereference. 2017-09-07 not yet calculated CVE-2017-14181
MISC
MISC
nasm — nasm In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. 2017-09-09 not yet calculated CVE-2017-14228
MISC
national_instruments — labview
 
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution. 2017-09-05 not yet calculated CVE-2017-2779
CONFIRM
BID
MISC
MISC
nexsusphp — nexsusphp
 
Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors. 2017-09-07 not yet calculated CVE-2017-12838
MISC
nexsusphp — nexsusphp
 
Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. 2017-09-07 not yet calculated CVE-2017-12906
MISC
MISC
ocaml — ocaml
 
OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 “but with much less impact.” 2017-09-07 not yet calculated CVE-2017-9779
CONFIRM
MLIST
opendreambox — opendreambox
 
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI. 2017-09-04 not yet calculated CVE-2017-14135
MISC
openjpeg — openjpeg
 
A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152. 2017-09-06 not yet calculated CVE-2017-14164
MISC
MISC
MISC
openldap — openldap
 
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a “kill `cat /pathname`” command, as demonstrated by openldap-initscript. 2017-09-05 not yet calculated CVE-2017-14159
MISC
opw_fuel_management_systems — sitesentinel_integra_consoles

 

A Missing Authentication for Critical Function issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. An attacker may create an application user account to gain administrative privileges. 2017-09-08 not yet calculated CVE-2017-12733
BID
MISC
opw_fuel_management_systems — sitesentinel_integra_consoles
 
A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The application is vulnerable to injection of malicious SQL queries via the input from the client. 2017-09-08 not yet calculated CVE-2017-12731
BID
MISC
ossec — ossec
 
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. 2017-09-07 not yet calculated CVE-2015-3222
MISC
MLIST
BID
CONFIRM
palo_alto — pan-os Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation. 2017-09-07 not yet calculated CVE-2017-12416
CONFIRM
BID
SECTRACK
palo_alto — pan_os
 
XML external entity (XXE) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to obtain sensitive information, cause a denial of service, or conduct server-side request forgery (SSRF) attacks via unspecified vectors. 2017-09-07 not yet calculated CVE-2017-9458
CONFIRM
BID
SECTRACK
pivotal — cloud_foundry
 
The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.0 through 1.6.13 allows remote authenticated users with privileges in one zone to gain privileges and perform operations on a different zone via unspecified vectors. 2017-09-07 not yet calculated CVE-2016-0732
CONFIRM
pivotal — cloud_foundry
 
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, an XXE (XML External Entity) attack was discovered in the Single Sign-On service dashboard. Privileged users can in some cases upload malformed XML leading to exposure of data on the Single Sign-On service broker file system. 2017-09-08 not yet calculated CVE-2017-8040
BID
CONFIRM
pivotal — cloud_foundry
 
In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name. 2017-09-08 not yet calculated CVE-2017-8041
BID
CONFIRM
pragyan — pragyan
 
SQL injection vulnerability in Pragyan CMS 3.0. 2017-09-07 not yet calculated CVE-2015-4627
MISC
qemu — qemu
 
Integer overflow in the load_multiboot function in hw/i386/multiboot.c in QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. 2017-09-08 not yet calculated CVE-2017-14167
MLIST
MLIST
qtwebkit — qt5
 
qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. 2017-09-07 not yet calculated CVE-2015-8079
MLIST
CONFIRM
CONFIRM
ruby — ruby
 
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. 2017-09-06 not yet calculated CVE-2014-6438
MLIST
SECTRACK
CONFIRM
CONFIRM
safrengo — safrengo
 
SQL injection vulnerability in Sefrengo before 1.6.5 beta2. 2017-09-07 not yet calculated CVE-2015-5052
CONFIRM
simple-php-captcha — simple-php-captcha
 
simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side. 2017-09-06 not yet calculated CVE-2015-6250
MLIST
CONFIRM
CONFIRM
soreco — xpert_line
 
Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. 2017-09-07 not yet calculated CVE-2015-3442
MISC
FULLDISC
BUGTRAQ
BID
MISC
spina — spina
 
Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75. 2017-09-07 not yet calculated CVE-2015-4619
MLIST
BID
MISC
strongswan — strongswan
 
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. 2017-09-07 not yet calculated CVE-2015-3991
FEDORA
FEDORA
BID
CONFIRM
CONFIRM
svn-workbench — svn-workbench
 
svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the “Command Shell” menu item while in the directory trunk/$(xeyes). 2017-09-06 not yet calculated CVE-2015-0853
MISC
MLIST
MISC
MISC
CONFIRM
symantec — proxyclient
 
Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. 2017-09-01 not yet calculated CVE-2017-13674
BID
CONFIRM
synology — photo_station Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. 2017-09-08 not yet calculated CVE-2017-12071
CONFIRM
synology — photo_station
 
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. 2017-09-08 not yet calculated CVE-2017-11162
CONFIRM
synology — photo_station
 
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. 2017-09-08 not yet calculated CVE-2017-11161
CONFIRM
tinfoil — devise-two-factor
 
Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not “burn” a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user’s login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step. 2017-09-06 not yet calculated CVE-2015-7225
MLIST
MLIST
BID
MISC
CONFIRM
CONFIRM
wibu_systems — codemeter
 
Cross-site scripting (XSS) vulnerability in the “advanced settings – time server” module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the “server name” field in actions/ChangeConfiguration.html. 2017-09-07 not yet calculated CVE-2017-13754
FULLDISC
BUGTRAQ
EXPLOIT-DB
MISC
wolf_cms — wolf_cms
 
Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a “create-file-popup” action, and the directory name in a “create-directory-popup” action, in the HTTP POST method to the “/plugin/file_manager/” script (aka an /admin/plugin/file_manager/browse// URI). 2017-09-08 not yet calculated CVE-2017-11611
MISC
wordpress — wordpress
 
SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. 2017-09-07 not yet calculated CVE-2017-9834
MISC
EXPLOIT-DB
wordpress — wordpress
 
Cross-site request forgery (CSRF) vulnerability in Google Analyticator WordPress Plugin before 6.4.9.3 rev @1183563. 2017-09-07 not yet calculated CVE-2015-4697
MLIST
MLIST
BID
MISC
MISC
wordpress — wordpress
 
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. 2017-09-07 not yet calculated CVE-2015-3314
MISC
MLIST
MLIST
BID
CONFIRM
EXPLOIT-DB
wordpress — wordpress
 
SQL injection vulnerability in WordPress Community Events plugin before 1.4. 2017-09-07 not yet calculated CVE-2015-3313
MISC
MLIST
MLIST
BID
CONFIRM
EXPLOIT-DB
yast — yast
 
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks. 2017-09-08 not yet calculated CVE-2011-3177
CONFIRM
CONFIRM
zoho — manageengine_firewall_analyzer
 
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the “Group Chat” section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp. 2017-09-04 not yet calculated CVE-2017-14123
MISC
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.