SB17-261: Vulnerability Summary for the Week of September 11, 2017

Original release date: September 18, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
google — android A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. 2017-09-08 9.3 CVE-2017-0752
BID
CONFIRM
google — android A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744. 2017-09-08 9.3 CVE-2017-0753
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311. 2017-09-08 9.3 CVE-2017-0755
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. 2017-09-08 9.3 CVE-2017-0756
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815. 2017-09-08 9.3 CVE-2017-0757
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741. 2017-09-08 9.3 CVE-2017-0758
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268. 2017-09-08 9.3 CVE-2017-0759
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396. 2017-09-08 9.3 CVE-2017-0760
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381. 2017-09-08 9.3 CVE-2017-0761
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264. 2017-09-08 9.3 CVE-2017-0762
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. 2017-09-08 9.3 CVE-2017-0763
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015. 2017-09-08 9.3 CVE-2017-0764
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863. 2017-09-08 9.3 CVE-2017-0765
BID
CONFIRM
google — android A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688. 2017-09-08 9.3 CVE-2017-0766
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407. 2017-09-08 9.3 CVE-2017-0767
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992. 2017-09-08 9.3 CVE-2017-0768
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122. 2017-09-08 9.3 CVE-2017-0769
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812. 2017-09-08 9.3 CVE-2017-0770
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243. 2017-09-08 7.1 CVE-2017-0771
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076. 2017-09-08 7.1 CVE-2017-0772
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911. 2017-09-08 7.1 CVE-2017-0773
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844. 2017-09-08 7.1 CVE-2017-0774
BID
CONFIRM
google — android A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179. 2017-09-08 7.1 CVE-2017-0775
BID
CONFIRM
google — android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227. 2017-09-08 7.8 CVE-2017-0778
BID
CONFIRM
google — android A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976. 2017-09-08 7.1 CVE-2017-0780
BID
CONFIRM
google — android A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946. 2017-09-08 7.1 CVE-2017-0793
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480. 2017-09-08 9.3 CVE-2017-0795
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887. 2017-09-08 9.3 CVE-2017-0796
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854. 2017-09-08 9.3 CVE-2017-0797
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532. 2017-09-08 9.3 CVE-2017-0798
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072. 2017-09-08 9.3 CVE-2017-0799
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988. 2017-09-08 9.3 CVE-2017-0800
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980. 2017-09-08 9.3 CVE-2017-0801
BID
CONFIRM
ibm — db2_connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178. 2017-09-12 7.2 CVE-2017-1451
CONFIRM
BID
SECTRACK
MISC
ibm — db2_connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180. 2017-09-12 7.2 CVE-2017-1452
CONFIRM
BID
SECTRACK
MISC
imagemagick — imagemagick In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. 2017-09-12 7.1 CVE-2017-14325
CONFIRM
imagemagick — imagemagick ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. 2017-09-12 7.1 CVE-2017-14341
CONFIRM
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766. 2017-09-12 7.6 CVE-2017-8751
SECTRACK
CONFIRM
synology — photo_station Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. 2017-09-08 7.5 CVE-2017-11161
CONFIRM
tcpdump — tcpdump The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). 2017-09-14 7.5 CVE-2017-12893
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). 2017-09-14 7.5 CVE-2017-12894
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). 2017-09-14 7.5 CVE-2017-12895
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). 2017-09-14 7.5 CVE-2017-12896
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). 2017-09-14 7.5 CVE-2017-12897
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). 2017-09-14 7.5 CVE-2017-12898
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). 2017-09-14 7.5 CVE-2017-12899
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). 2017-09-14 7.5 CVE-2017-12900
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). 2017-09-14 7.5 CVE-2017-12901
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. 2017-09-14 7.5 CVE-2017-12902
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). 2017-09-14 7.5 CVE-2017-12985
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). 2017-09-14 7.5 CVE-2017-12986
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). 2017-09-14 7.5 CVE-2017-12987
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse(). 2017-09-14 7.5 CVE-2017-12988
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). 2017-09-14 7.5 CVE-2017-12991
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print(). 2017-09-14 7.5 CVE-2017-12992
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. 2017-09-14 7.5 CVE-2017-12993
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). 2017-09-14 7.5 CVE-2017-12994
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). 2017-09-14 7.5 CVE-2017-12996
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach(). 2017-09-14 7.5 CVE-2017-12998
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). 2017-09-14 7.5 CVE-2017-12999
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). 2017-09-14 7.5 CVE-2017-13000
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). 2017-09-14 7.5 CVE-2017-13001
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension(). 2017-09-14 7.5 CVE-2017-13002
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). 2017-09-14 7.5 CVE-2017-13003
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). 2017-09-14 7.5 CVE-2017-13004
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). 2017-09-14 7.5 CVE-2017-13005
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions. 2017-09-14 7.5 CVE-2017-13006
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). 2017-09-14 7.5 CVE-2017-13007
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). 2017-09-14 7.5 CVE-2017-13008
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). 2017-09-14 7.5 CVE-2017-13009
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). 2017-09-14 7.5 CVE-2017-13010
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). 2017-09-14 7.5 CVE-2017-13011
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). 2017-09-14 7.5 CVE-2017-13012
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. 2017-09-14 7.5 CVE-2017-13013
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. 2017-09-14 7.5 CVE-2017-13014
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). 2017-09-14 7.5 CVE-2017-13015
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). 2017-09-14 7.5 CVE-2017-13016
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). 2017-09-14 7.5 CVE-2017-13017
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). 2017-09-14 7.5 CVE-2017-13018
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). 2017-09-14 7.5 CVE-2017-13019
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). 2017-09-14 7.5 CVE-2017-13020
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). 2017-09-14 7.5 CVE-2017-13021
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). 2017-09-14 7.5 CVE-2017-13022
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). 2017-09-14 7.5 CVE-2017-13023
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). 2017-09-14 7.5 CVE-2017-13024
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). 2017-09-14 7.5 CVE-2017-13025
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. 2017-09-14 7.5 CVE-2017-13026
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). 2017-09-14 7.5 CVE-2017-13027
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). 2017-09-14 7.5 CVE-2017-13028
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). 2017-09-14 7.5 CVE-2017-13029
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. 2017-09-14 7.5 CVE-2017-13030
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). 2017-09-14 7.5 CVE-2017-13031
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). 2017-09-14 7.5 CVE-2017-13032
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). 2017-09-14 7.5 CVE-2017-13033
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). 2017-09-14 7.5 CVE-2017-13034
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). 2017-09-14 7.5 CVE-2017-13035
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). 2017-09-14 7.5 CVE-2017-13036
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). 2017-09-14 7.5 CVE-2017-13037
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). 2017-09-14 7.5 CVE-2017-13038
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. 2017-09-14 7.5 CVE-2017-13039
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. 2017-09-14 7.5 CVE-2017-13040
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). 2017-09-14 7.5 CVE-2017-13041
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). 2017-09-14 7.5 CVE-2017-13042
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). 2017-09-14 7.5 CVE-2017-13043
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). 2017-09-14 7.5 CVE-2017-13044
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). 2017-09-14 7.5 CVE-2017-13045
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). 2017-09-14 7.5 CVE-2017-13046
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). 2017-09-14 7.5 CVE-2017-13047
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). 2017-09-14 7.5 CVE-2017-13048
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). 2017-09-14 7.5 CVE-2017-13049
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). 2017-09-14 7.5 CVE-2017-13050
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). 2017-09-14 7.5 CVE-2017-13051
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). 2017-09-14 7.5 CVE-2017-13052
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). 2017-09-14 7.5 CVE-2017-13053
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). 2017-09-14 7.5 CVE-2017-13054
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). 2017-09-14 7.5 CVE-2017-13055
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). 2017-09-14 7.5 CVE-2017-13687
SECTRACK
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). 2017-09-14 7.5 CVE-2017-13688
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). 2017-09-14 7.5 CVE-2017-13689
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. 2017-09-14 7.5 CVE-2017-13690
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). 2017-09-14 7.5 CVE-2017-13725
SECTRACK
CONFIRM
CONFIRM
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
azeotech — daqfactory An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path. 2017-09-08 4.6 CVE-2017-5147
BID
MISC
divinglog — diving_log XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. 2017-09-08 4.3 CVE-2017-9095
MISC
ee — 4gee_wifi_mbb_firmware EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. 2017-09-11 6.8 CVE-2017-14267
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ee — 4gee_wifi_mbb_firmware EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. 2017-09-11 4.3 CVE-2017-14268
MISC
MISC
ee — 4gee_wifi_mbb_firmware EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. 2017-09-11 5.0 CVE-2017-14269
MISC
MISC
ellucian — banner_student Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-09-11 4.3 CVE-2015-4687
MISC
BUGTRAQ
ffmpeg — ffmpeg The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) 2017-09-09 6.8 CVE-2017-14225
BID
MISC
MISC
fortinet — fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. 2017-09-11 4.3 CVE-2017-3132
BID
SECTRACK
CONFIRM
EXPLOIT-DB
fortinet — fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. 2017-09-11 4.3 CVE-2017-3133
BID
SECTRACK
CONFIRM
EXPLOIT-DB
google — android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660. 2017-09-08 4.3 CVE-2017-0776
BID
CONFIRM
google — android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499. 2017-09-08 4.3 CVE-2017-0777
BID
CONFIRM
google — android A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117. 2017-09-08 4.3 CVE-2017-0779
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958. 2017-09-08 5.8 CVE-2017-0784
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101. 2017-09-08 5.8 CVE-2017-0786
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104. 2017-09-08 5.8 CVE-2017-0787
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103. 2017-09-08 5.8 CVE-2017-0788
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102. 2017-09-08 5.8 CVE-2017-0789
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101. 2017-09-08 5.8 CVE-2017-0790
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302. 2017-09-08 5.8 CVE-2017-0791
BID
CONFIRM
google — android A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812. 2017-09-08 6.8 CVE-2017-0794
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818. 2017-09-08 6.8 CVE-2017-0802
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477. 2017-09-08 6.8 CVE-2017-0803
BID
CONFIRM
google — android A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487. 2017-09-08 6.8 CVE-2017-0804
BID
CONFIRM
graphicsmagick — graphicsmagick Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. 2017-09-11 4.3 CVE-2017-14314
CONFIRM
CONFIRM
ibm — db2_connect IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829. 2017-09-12 4.3 CVE-2017-1519
CONFIRM
BID
SECTRACK
MISC
ibm — db2_connect IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. 2017-09-12 4.3 CVE-2017-1520
CONFIRM
BID
SECTRACK
MISC
ibm — qradar_security_information_and_event_manager IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. 2017-09-12 5.0 CVE-2017-1162
CONFIRM
BID
MISC
imagemagick — imagemagick A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. 2017-09-11 4.3 CVE-2017-14248
CONFIRM
imagemagick — imagemagick ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. 2017-09-11 4.3 CVE-2017-14249
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. 2017-09-12 4.3 CVE-2017-14324
CONFIRM
imagemagick — imagemagick In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. 2017-09-12 4.3 CVE-2017-14326
CONFIRM
imagemagick — imagemagick ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. 2017-09-12 4.3 CVE-2017-14342
CONFIRM
imagemagick — imagemagick ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. 2017-09-12 4.3 CVE-2017-14343
CONFIRM
jasper_project — jasper There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. 2017-09-09 5.0 CVE-2017-14229
MISC
nasm — netwide_assembler In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. 2017-09-09 5.0 CVE-2017-14228
MISC
nexusphp_project — nexusphp NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. 2017-09-12 4.3 CVE-2017-14347
MISC
novell — leap The mkdumprd script called “dracut” in the current working directory “.” allows local users to trick the administrator into executing code as root. 2017-09-08 6.9 CVE-2016-5759
SUSE
MLIST
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000cb8c.” 2017-09-11 4.6 CVE-2017-14286
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb.” 2017-09-11 4.6 CVE-2017-14287
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x0000000000002ff7.” 2017-09-11 4.6 CVE-2017-14288
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000303e.” 2017-09-11 4.6 CVE-2017-14289
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-09-11 4.6 CVE-2017-14290
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d8.” 2017-09-11 4.6 CVE-2017-14291
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000570e.” 2017-09-11 4.6 CVE-2017-14292
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1.” 2017-09-11 4.6 CVE-2017-14293
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e.” 2017-09-11 4.6 CVE-2017-14294
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e6.” 2017-09-11 4.6 CVE-2017-14296
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35.” 2017-09-11 4.6 CVE-2017-14297
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8.” 2017-09-11 4.6 CVE-2017-14298
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x000000000000384b.” 2017-09-11 4.6 CVE-2017-14299
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x0000000000004479.” 2017-09-11 4.6 CVE-2017-14300
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3.” 2017-09-11 4.6 CVE-2017-14301
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7.” 2017-09-11 4.6 CVE-2017-14302
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047.” 2017-09-11 4.6 CVE-2017-14303
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0.” 2017-09-11 4.6 CVE-2017-14304
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578.” 2017-09-11 4.6 CVE-2017-14305
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10.” 2017-09-11 4.6 CVE-2017-14306
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402.” 2017-09-11 4.6 CVE-2017-14307
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd.” 2017-09-11 4.6 CVE-2017-14308
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8.” 2017-09-11 4.6 CVE-2017-14309
MISC
synology — photo_station Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. 2017-09-08 4.0 CVE-2017-11162
CONFIRM
synology — photo_station Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. 2017-09-08 4.0 CVE-2017-12071
CONFIRM
tcpdump — tcpdump The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). 2017-09-14 5.0 CVE-2017-12989
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. 2017-09-14 5.0 CVE-2017-12990
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). 2017-09-14 5.0 CVE-2017-12995
SECTRACK
CONFIRM
CONFIRM
tcpdump — tcpdump The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). 2017-09-14 5.0 CVE-2017-12997
SECTRACK
CONFIRM
CONFIRM
tcpreplay — tcpreplay tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file. 2017-09-12 6.8 CVE-2017-14266
EXPLOIT-DB
typo3 — typo3 Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. 2017-09-11 6.5 CVE-2017-14251
BID
SECTRACK
CONFIRM
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-09-11 4.6 CVE-2017-14275
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe.” 2017-09-11 4.6 CVE-2017-14276
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at jbig2dec+0x0000000000005956.” 2017-09-11 4.6 CVE-2017-14277
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at jbig2dec+0x0000000000005940.” 2017-09-11 4.6 CVE-2017-14278
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at jbig2dec+0x0000000000005643.” 2017-09-11 4.6 CVE-2017-14279
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d.” 2017-09-11 4.6 CVE-2017-14280
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1.” 2017-09-11 4.6 CVE-2017-14281
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at jbig2dec+0x0000000000005862.” 2017-09-11 4.6 CVE-2017-14282
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a “Read Access Violation starting at jbig2dec+0x0000000000008fe4.” 2017-09-11 4.6 CVE-2017-14283
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c.” 2017-09-11 4.6 CVE-2017-14284
MISC
xnview — xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b.” 2017-09-11 4.6 CVE-2017-14285
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
fortinet — fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in “Applications” under FortiView. 2017-09-11 3.5 CVE-2017-3131
BID
SECTRACK
CONFIRM
EXPLOIT-DB
fortinet — fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via ‘Comments’ while saving Config Revisions. 2017-09-11 3.5 CVE-2017-7734
BID
SECTRACK
CONFIRM
fortinet — fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the “Groups” input while creating or editing User Groups. 2017-09-11 3.5 CVE-2017-7735
BID
SECTRACK
CONFIRM
google — android A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. 2017-09-08 3.3 CVE-2017-0792
BID
CONFIRM
wolfcms — wolf_cms Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a “create-file-popup” action, and the directory name in a “create-directory-popup” action, in the HTTP POST method to the “/plugin/file_manager/” script (aka an /admin/plugin/file_manager/browse// URI). 2017-09-08 3.5 CVE-2017-11611
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alegrocart — alegrocart
 
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. 2017-09-11 not yet calculated CVE-2015-9227
MISC
FULLDISC
MISC
EXPLOIT-DB
alegrocart — alegrocart
 
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. 2017-09-11 not yet calculated CVE-2015-9226
MISC
FULLDISC
MISC
EXPLOIT-DB
ansible — vault
 
An exploitable vulnerability exists in the yaml loading functionality of Ansible Vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. 2017-09-14 not yet calculated CVE-2017-2809
BID
CONFIRM
CONFIRM
CONFIRM
MISC
anydesk — anydesk
 
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. 2017-09-12 not yet calculated CVE-2017-14397
CONFIRM
apache — brooklyn
 
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability. 2017-09-13 not yet calculated CVE-2016-8744
CONFIRM
MLIST
apache — brooklyn
 
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker’s commands as the user. There is known to be a proof-of-concept exploit using this vulnerability. 2017-09-13 not yet calculated CVE-2016-8737
BID
CONFIRM
MLIST
apache — brooklyn
 
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user’s resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability. 2017-09-13 not yet calculated CVE-2017-3165
BID
CONFIRM
MLIST
apache — spark
 
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later. 2017-09-13 not yet calculated CVE-2017-12612
BID
MISC
apache — struts
 
The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. 2017-09-15 not yet calculated CVE-2017-9805
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apache — traffic_server
 
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. 2017-09-13 not yet calculated CVE-2015-5206
MLIST
apache — traffic_server
 
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. 2017-09-13 not yet calculated CVE-2015-5168
MLIST
apache — wicket Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. 2017-09-15 not yet calculated CVE-2014-7808
MLIST
MISC
apple — ios In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default “Bluetooth On” value must be present in Settings. 2017-09-12 not yet calculated CVE-2017-14315
BID
MISC
axesstel — mu553s_modem _router _firmware
 
On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the “Basic Settings” page. 2017-09-13 not yet calculated CVE-2017-13724
MISC
axesstel — mu553s_modem _router _firmware
 
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account. 2017-09-13 not yet calculated CVE-2017-11351
MISC
axesstel — mu553s_modem _router _firmware
 
Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. 2017-09-13 not yet calculated CVE-2017-11350
MISC
beijing_hanbang – hanbanggaoke_devices
 
On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. 2017-09-12 not yet calculated CVE-2017-14335
MISC
bento4 — bento4
 
In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14258
CONFIRM
bento4 — bento4
 
In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14260
CONFIRM
bento4 — bento4
 
In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14259
CONFIRM
bento4 — bento4
 
In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14261
CONFIRM
bento4 — bento4
 
In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14257
CONFIRM

blackcat-cms — blackcat_cms

 

In BlackCat CMS 1.2.2, unrestricted file upload is possible in backendmediaajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. 2017-09-12 not yet calculated CVE-2017-14399
MISC
blackwave — dive_assistant
 
XXE in Dive Assistant – Template Builder in Blackwave Dive Assistant – Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. 2017-09-12 not yet calculated CVE-2017-8918
MISC
blue_coat — malware_analysis_appliance_and_malware_analyzer_g2
 
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. 2017-09-11 not yet calculated CVE-2015-4523
CONFIRM
bluez — bluez
 
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. 2017-09-12 not yet calculated CVE-2017-1000250
BID
CONFIRM
MISC
celery_flower — celery_flower
 
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a “kill `cat /pathname`” command. 2017-09-15 not yet calculated CVE-2017-14483
CONFIRM
cisco — meeting_server
 
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server of the affected system. This vulnerability affects Cisco Meeting Server (CMS) deployments that are running a CMS Software release prior to Release 2.0.16, 2.1.11, or 2.2.6. Cisco Bug IDs: CSCvf51127. 2017-09-13 not yet calculated CVE-2017-12249
BID
SECTRACK
CONFIRM
corega — cg-wlr300nm
 
CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-09-15 not yet calculated CVE-2017-10813
MISC
JVN
corega — cg-wlr300nm
 
Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. 2017-09-15 not yet calculated CVE-2017-10814
MISC
JVN
cyrus — cyrus_imap
 
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a ‘LIST “” “Other Users”‘ command. 2017-09-10 not yet calculated CVE-2017-14230
CONFIRM
CONFIRM
CONFIRM
CONFIRM

d-link — d-link

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions. 2017-09-13 not yet calculated CVE-2017-14427
MISC

d-link — d-link

 

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. 2017-09-13 not yet calculated CVE-2017-14419
MISC

d-link — d-link

 

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. 2017-09-13 not yet calculated CVE-2017-14426
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. 2017-09-13 not yet calculated CVE-2017-14415
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. 2017-09-13 not yet calculated CVE-2017-14413
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. 2017-09-13 not yet calculated CVE-2017-14424
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. 2017-09-13 not yet calculated CVE-2017-14416
MISC

d-link — d-link

 

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic. 2017-09-13 not yet calculated CVE-2017-14430
MISC
d-link — d-link
 
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. 2017-09-13 not yet calculated CVE-2017-14421
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions. 2017-09-13 not yet calculated CVE-2017-14428
MISC

d-link — d-link

 

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. 2017-09-13 not yet calculated CVE-2017-14423
MISC

d-link — d-link

 

The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. 2017-09-13 not yet calculated CVE-2017-14418
MISC

d-link — d-link

 

The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-09-13 not yet calculated CVE-2017-14420
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. 2017-09-13 not yet calculated CVE-2017-14425
MISC
d-link — d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers’ installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. 2017-09-13 not yet calculated CVE-2017-14422
MISC

d-link — d-link

 

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. 2017-09-13 not yet calculated CVE-2017-14414
MISC

d-link — d-link

 

register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. 2017-09-13 not yet calculated CVE-2017-14417
MISC

d-link — d-link

 

The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. 2017-09-13 not yet calculated CVE-2017-14429
MISC
dolibarr — erp_crm
 
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. 2017-09-11 not yet calculated CVE-2017-14238
CONFIRM
dolibarr — erp_crm
 
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. 2017-09-11 not yet calculated CVE-2017-14241
CONFIRM
dolibarr — erp_crm
 
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. 2017-09-11 not yet calculated CVE-2017-14242
CONFIRM

dolibarr — erp_crm

 

There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. 2017-09-11 not yet calculated CVE-2017-14240
CONFIRM
dolibarr — erp_crm
 
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. 2017-09-11 not yet calculated CVE-2017-14239
CONFIRM
drupal — drupal
 
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. 2017-09-13 not yet calculated CVE-2015-2749
CONFIRM
DEBIAN
MLIST
BID
CONFIRM
CONFIRM
drupal — drupal
 
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. 2017-09-11 not yet calculated CVE-2015-7877
CONFIRM
MISC
drupal — drupal
 
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the “//” initial sequence. 2017-09-13 not yet calculated CVE-2015-2750
CONFIRM
CONFIRM
DEBIAN
MLIST
BID
CONFIRM
drupal — drupal
 
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the “Register other accounts” permission and knowledge of usernames. 2017-09-13 not yet calculated CVE-2015-7880
MLIST
BID
MISC
CONFIRM
drupal — drupal
 
Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. 2017-09-11 not yet calculated CVE-2015-7879
MLIST
BID
CONFIRM
MISC
eclipse — kura
 
The network enabled distribution of Kura before 2.1.0 takes control over the device’s firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox “exec” command. As the process is running as “root” full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address. 2017-09-11 not yet calculated CVE-2017-7649
CONFIRM
CONFIRM
ellucian — banner_student
 
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka “Weak Password Reset.” 2017-09-11 not yet calculated CVE-2015-4689
MISC
BUGTRAQ
ellucian — banner_student
 
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. 2017-09-11 not yet calculated CVE-2015-5054
MISC
BUGTRAQ
ellucian — banner_student
 
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. 2017-09-11 not yet calculated CVE-2015-4688
MISC
BUGTRAQ
elux_rp — elux_rp
 
In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions. 2017-09-13 not yet calculated CVE-2017-14124
CONFIRM

emc — appsync

 

EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. 2017-09-12 not yet calculated CVE-2017-8015
CONFIRM
BID
eyesofnetwork — eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. 2017-09-12 not yet calculated CVE-2017-14403
MISC
eyesofnetwork — eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring. 2017-09-12 not yet calculated CVE-2017-14404
MISC
eyesofnetwork — eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. 2017-09-12 not yet calculated CVE-2017-14405
MISC
eyesofnetwork — eyesofnetwork
 
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. 2017-09-11 not yet calculated CVE-2017-14252
MISC
eyesofnetwork — eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the “ACCOUNT CREATION” section, related to lack of input validation in include/function.php. 2017-09-12 not yet calculated CVE-2017-14402
MISC
eyesofnetwork — eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the “ACCOUNT UPDATE” section. 2017-09-12 not yet calculated CVE-2017-14401
MISC
eyesofnetwork — eyesofnetwork
 
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. 2017-09-11 not yet calculated CVE-2017-14247
MISC
ffmpeg — ffmpeg
 
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large “ict” field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-09-08 not yet calculated CVE-2017-14223
BID
CONFIRM
ffmpeg — ffmpeg
 
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large “item_count” field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-09-08 not yet calculated CVE-2017-14222
BID
CONFIRM
file() — file()
 
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). 2017-09-11 not yet calculated CVE-2017-1000249
CONFIRM
CONFIRM
fujitsu — fence-explorer
 
Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-15 not yet calculated CVE-2017-10855
MISC
JVN
genixcms — genixcms
 
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin