SB17-275: Vulnerability Summary for the Week of September 25, 2017

Original release date: October 02, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
google — android drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. 2017-09-25 7.6 CVE-2016-5868
BID
CONFIRM
CONFIRM
ibm — business_process_manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156. 2017-09-26 7.5 CVE-2017-1527
CONFIRM
BID
MISC
nvidia — gpu_driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. 2017-09-22 7.2 CVE-2017-6268
CONFIRM
BID
nvidia — gpu_driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges. 2017-09-22 7.2 CVE-2017-6269
CONFIRM
BID
nvidia — gpu_driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. 2017-09-22 7.2 CVE-2017-6277
CONFIRM
BID
sam2p_project — sam2p Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element. 2017-09-22 7.5 CVE-2017-14636
MISC
sam2p_project — sam2p In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address. 2017-09-22 7.5 CVE-2017-14637
MISC
schneider-electric — u.motion_builder A SQL injection vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. 2017-09-25 7.5 CVE-2017-7973
CONFIRM
BID
schneider-electric — u.motion_builder A path traversal information disclosure vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. 2017-09-25 7.5 CVE-2017-7974
CONFIRM
BID
schneider-electric — u.motion_builder An authentication bypass vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass 2017-09-25 7.5 CVE-2017-9956
CONFIRM
BID
schneider-electric — u.motion_builder A vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials. 2017-09-25 7.5 CVE-2017-9957
CONFIRM
BID
schneider-electric — u.motion_builder An improper access control vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. 2017-09-25 7.2 CVE-2017-9958
CONFIRM
BID
trendmicro — mobile_security SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. 2017-09-22 10.0 CVE-2017-14078
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
trendmicro — mobile_security Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. 2017-09-22 7.5 CVE-2017-14080
MISC
CONFIRM
trendmicro — web_security_virtual_appliance Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. 2017-09-22 9.0 CVE-2017-11396
CONFIRM
xceedium — xsuite Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0. 2017-09-25 7.5 CVE-2015-4667
MISC
BUGTRAQ
EXPLOIT-DB
xceedium — xsuite The MySQL “root” user in Xsuite 2.3.0 and 2.4.3.0 does not have a password set, which allows local users to access databases on the system. 2017-09-25 7.2 CVE-2015-4669
MISC
BUGTRAQ
EXPLOIT-DB

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — struts Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. 2017-09-25 4.3 CVE-2015-5169
JVN
JVNDB
BID
CONFIRM
CONFIRM
artifex — mupdf Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to “Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61” on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. 2017-09-22 6.8 CVE-2017-14685
MISC
MISC
MISC
artifex — mupdf Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a “User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d” on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. 2017-09-22 6.8 CVE-2017-14686
MISC
MISC
MISC
artifex — mupdf Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to “Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f” on Windows. This occurs because of mishandling of XML tag name comparisons. 2017-09-22 6.8 CVE-2017-14687
MISC
MISC
MISC
foxitsoftware — foxit_reader Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to “Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f.” 2017-09-22 4.6 CVE-2017-14694
BID
MISC
geminabox_project — geminabox geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. 2017-09-25 6.8 CVE-2017-14683
MISC
MISC
genixcms — genixcms In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter. 2017-09-27 4.3 CVE-2017-14761
MISC
genixcms — genixcms In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter. 2017-09-27 4.3 CVE-2017-14762
MISC
genixcms — genixcms In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme. 2017-09-27 6.5 CVE-2017-14763
MISC
genixcms — genixcms In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. 2017-09-27 6.5 CVE-2017-14764
MISC
genixcms — genixcms In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request. 2017-09-27 4.3 CVE-2017-14765
MISC
gnu — binutils The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. 2017-09-25 6.8 CVE-2017-14729
MISC
MISC
MISC
MISC
gnu — binutils The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. 2017-09-26 6.8 CVE-2017-14745
CONFIRM
graphicsmagick — graphicsmagick ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. 2017-09-25 4.3 CVE-2017-14733
CONFIRM
CONFIRM
ibm — business_process_manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807. 2017-09-26 6.5 CVE-2017-1539
CONFIRM
BID
MISC
ibm — websphere_mq IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914. 2017-09-25 4.0 CVE-2017-1235
CONFIRM
BID
MISC
imagemagick — imagemagick The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. 2017-09-25 5.0 CVE-2017-14739
CONFIRM
imagemagick — imagemagick The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. 2017-09-25 4.3 CVE-2017-14741
CONFIRM
irfanview — irfanview IrfanView 4.44 – 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to “Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613.” 2017-09-22 4.6 CVE-2017-14693
MISC
libbpg_project — libbpg The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1. 2017-09-25 6.8 CVE-2017-14734
MISC
libbpg_project — libbpg The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg. 2017-09-27 6.8 CVE-2017-14795
MISC
libbpg_project — libbpg The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg. 2017-09-27 6.8 CVE-2017-14796
MISC
libofx_project — libofx ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. 2017-09-25 4.3 CVE-2017-14731
MISC
nvidia — gpu_driver NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. 2017-09-22 4.9 CVE-2017-6266
CONFIRM
BID
nvidia — gpu_driver NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. 2017-09-22 4.9 CVE-2017-6267
CONFIRM
BID
nvidia — gpu_driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service. 2017-09-22 4.9 CVE-2017-6270
CONFIRM
BID
nvidia — gpu_driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service. 2017-09-22 4.9 CVE-2017-6271
CONFIRM
BID
schneider-electric — citect_anywhere A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric’s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. 2017-09-25 6.8 CVE-2017-7969
CONFIRM
BID
CONFIRM
schneider-electric — citect_anywhere A vulnerability exists in Schneider Electric’s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. 2017-09-25 4.0 CVE-2017-7971
CONFIRM
BID
CONFIRM
schneider-electric — citect_anywhere A vulnerability exists in Schneider Electric’s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes. 2017-09-25 5.2 CVE-2017-7972
CONFIRM
BID
CONFIRM
schneider-electric — u.motion_builder A vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition. 2017-09-25 4.9 CVE-2017-9959
CONFIRM
BID
schneider-electric — u.motion_builder An information disclosure vulnerability exists in Schneider Electric’s U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user. 2017-09-25 5.0 CVE-2017-9960
CONFIRM
BID
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a “Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917.” 2017-09-22 4.4 CVE-2017-14688
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e.” 2017-09-22 4.6 CVE-2017-14689
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to “Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7.” 2017-09-22 4.6 CVE-2017-14690
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to “Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a.” 2017-09-22 4.6 CVE-2017-14691
MISC
stdutility — stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a “User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b.” 2017-09-22 4.4 CVE-2017-14692
MISC
theforeman — foreman Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. 2017-09-25 4.3 CVE-2015-5282
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRM
trendmicro — mobile_security Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. 2017-09-22 6.5 CVE-2017-14079
BID
MISC
MISC
MISC
MISC
CONFIRM
trendmicro — mobile_security Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. 2017-09-22 6.5 CVE-2017-14081
BID
MISC
MISC
CONFIRM
trendmicro — smart_protection_server Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. 2017-09-22 6.5 CVE-2017-11395
MISC
BID
CONFIRM
weechat — logger logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. 2017-09-23 5.0 CVE-2017-14727
BID
CONFIRM
CONFIRM
CONFIRM
wordpress — wordpress Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. 2017-09-23 4.3 CVE-2017-14718
BID
MISC
MISC
wordpress — wordpress Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. 2017-09-23 5.0 CVE-2017-14719
BID
MISC
MISC
MISC
wordpress — wordpress Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. 2017-09-23 4.3 CVE-2017-14720
BID
MISC
MISC
wordpress — wordpress Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. 2017-09-23 4.3 CVE-2017-14721
BID
MISC
MISC
wordpress — wordpress Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. 2017-09-23 5.0 CVE-2017-14722
BID
MISC
MISC
MISC
wordpress — wordpress Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. 2017-09-23 4.3 CVE-2017-14724
BID
MISC
MISC
MISC
wordpress — wordpress Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. 2017-09-23 4.3 CVE-2017-14726
BID
MISC
MISC
MISC
xceedium — xsuite Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. 2017-09-25 5.8 CVE-2015-4668
MISC
BUGTRAQ
EXPLOIT-DB

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
geminabox_project — geminabox geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. 2017-09-25 3.5 CVE-2017-14506
MISC
MISC
ibm — business_process_manager IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461. 2017-09-25 1.9 CVE-2017-1346
CONFIRM
BID
MISC
ibm — business_process_manager IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477. 2017-09-25 3.5 CVE-2017-1424
CONFIRM
BID
MISC
ibm — business_process_manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409. 2017-09-26 3.5 CVE-2017-1530
CONFIRM
BID
MISC
ibm — business_process_manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410. 2017-09-26 3.5 CVE-2017-1531
CONFIRM
BID
MISC
ibm — security_identity_manager IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801. 2017-09-25 2.1 CVE-2017-1362
CONFIRM
BID
MISC
linux — linux_kernel The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. 2017-09-26 2.1 CVE-2017-1000252
CONFIRM
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the “CR8-load exiting” and “CR8-store exiting” L0 vmcs02 controls exist in cases where L1 omits the “use TPR shadow” vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. 2017-09-26 3.6 CVE-2017-12154
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
schneider-electric — citect_anywhere A vulnerability exists in Schneider Electric’s PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components. 2017-09-25 3.3 CVE-2017-7970
CONFIRM
BID
CONFIRM
telaxius — epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. 2017-09-22 3.5 CVE-2017-14712
MISC
telaxius — epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. 2017-09-22 3.5 CVE-2017-14713
MISC
telaxius — epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. 2017-09-22 3.5 CVE-2017-14714
MISC
telaxius — epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. 2017-09-22 3.5 CVE-2017-14715
MISC
telaxius — epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. 2017-09-22 3.5 CVE-2017-14716
MISC
telaxius — epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. 2017-09-22 3.5 CVE-2017-14717
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
antisamy_project — antisamy
 
OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. 2017-09-25 not yet calculated CVE-2017-14735
CONFIRM
apache — geode
 
When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user’s concurrently executing gfsh query, potentially revealing data that the user is not authorized to view. 2017-09-29 not yet calculated CVE-2017-9794
MLIST
apache — mesos
 
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with ‘/’. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. 2017-09-28 not yet calculated CVE-2017-9790
BID
MLIST
apache — mesos
 
When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. 2017-09-28 not yet calculated CVE-2017-7687
BID
MLIST
apache — tika
 
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175. 2017-09-29 not yet calculated CVE-2016-4434
BUGTRAQ
MLIST
apache — xerces
 
During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a “SYSTEM” entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1. 2017-09-27 not yet calculated CVE-2017-12621
BID
SECTRACK
CONFIRM
MLIST
appstudio — appstudio
 
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints. 2017-09-28 not yet calculated CVE-2017-7553
CONFIRM
arcsight — arcsight_esm
 
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the ‘follow schedule’ function. 2017-09-29 not yet calculated CVE-2017-13988
BID
CONFIRM
arcsight — arcsight_esm
 
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. 2017-09-29 not yet calculated CVE-2017-13990
BID
CONFIRM
arcsight — arcsight_esm
 
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. 2017-09-29 not yet calculated CVE-2017-13989
BID
CONFIRM
arcsight — arcsight_esm
 
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. 2017-09-29 not yet calculated CVE-2017-13986
BID
CONFIRM
arcsight — arcsight_esm
 
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. 2017-09-29 not yet calculated CVE-2017-13991
BID
CONFIRM
arcsight — arcsight_esm
 
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. 2017-09-29 not yet calculated CVE-2017-13987
BID
CONFIRM
artifex — gsview
 
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to “Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068.” 2017-09-29 not yet calculated CVE-2017-14945
CONFIRM
artifex — gsview
 
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to “Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e.” 2017-09-29 not yet calculated CVE-2017-14946
CONFIRM
artifex — gsview
 
Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a “Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359.” 2017-09-29 not yet calculated CVE-2017-14947
CONFIRM
blizzard — overwatch
 
Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match. 2017-09-26 not yet calculated CVE-2017-14748
MISC
MISC
botan — botan
 
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key. 2017-09-25 not yet calculated CVE-2017-14737
MISC
MISC
branagh_information_group — ers_data_system
 
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to “com.branaghgroup.ecers.update.UpdateRequest” object deserialization. 2017-09-29 not yet calculated CVE-2017-14702
MISC
broadcom — bcm4355c0_wi-fi_chips
 
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. 2017-09-27 not yet calculated CVE-2017-11121
MISC
BID
MISC
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
broadcom — bcm4355c0_wi-fi_chips
 
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. 2017-09-27 not yet calculated CVE-2017-11120
MISC
BID
MISC
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
cash_back_comparison_script — cash_back_comparison_script
 
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. 2017-09-26 not yet calculated CVE-2017-14703
EXPLOIT-DB
cisco — ios
 
A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179. 2017-09-28 not yet calculated CVE-2017-12235
BID
SECTRACK
CONFIRM
cisco — ios
 
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277. 2017-09-28 not yet calculated CVE-2017-12237
BID
SECTRACK
CONFIRM
cisco — ios
 
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959. 2017-09-28 not yet calculated CVE-2017-12240
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
cisco — ios
 
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334. 2017-09-28 not yet calculated CVE-2017-12233
BID
SECTRACK
CONFIRM
cisco — ios
 
A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809. 2017-09-28 not yet calculated CVE-2017-12232
BID
SECTRACK
CONFIRM
cisco — ios
 
A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device’s operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device’s operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132. 2017-09-28 not yet calculated CVE-2017-12239
BID
SECTRACK
SECTRACK
CONFIRM
cisco — ios
 
A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217. 2017-09-28 not yet calculated CVE-2017-12231
BID
SECTRACK
CONFIRM
cisco — ios
 
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). 2017-09-25 not yet calculated CVE-2010-3050
CISCO
cisco — ios
 
A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008. 2017-09-28 not yet calculated CVE-2017-12236
BID
SECTRACK
CONFIRM
cisco — ios
 
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709. 2017-09-28 not yet calculated CVE-2017-12234
BID
SECTRACK
CONFIRM
cisco — ios
 
A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069. 2017-09-28 not yet calculated CVE-2017-12222
BID
SECTRACK
CONFIRM
cisco — ios
 
A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuz46036. 2017-09-28 not yet calculated CVE-2017-12229
BID
SECTRACK
CONFIRM
cisco — ios
 
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062. 2017-09-28 not yet calculated CVE-2017-12230
BID
SECTRACK
CONFIRM
cisco — ios
 
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927. 2017-09-28 not yet calculated CVE-2017-12238
BID
SECTRACK
CONFIRM
cisco — ios
 
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). 2017-09-25 not yet calculated CVE-2010-3049
CISCO
cisco — ios
 
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. 2017-09-25 not yet calculated CVE-2011-4667
CISCO
CISCO
cisco — ios
 
A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device. This vulnerability affects the following Cisco products if they are running Cisco IOS XE Software Release 3.7.0E, 3.7.1E, 3.7.2E, 3.7.3E, 3.7.4E, or 3.7.5E: Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, Cisco New Generation Wireless Controllers (NGWC) 3850. Cisco Bug IDs: CSCvd73746. 2017-09-28 not yet calculated CVE-2017-12226
BID
SECTRACK
SECTRACK
CONFIRM
cisco — ios
 
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171. 2017-09-28 not yet calculated CVE-2017-12228
SECTRACK
CONFIRM
citrix — citrix_web_interface
 
Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter. 2017-09-27 not yet calculated CVE-2015-7349
MISC
CONFIRM
CONFIRM
citrix — netscaler_application_delivery_controller_and_netscaler_gateway
 
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. 2017-09-26 not yet calculated CVE-2017-14602
BID
CONFIRM
claydip — laravel_airbnb_clone
 
Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. 2017-09-26 not yet calculated CVE-2017-14704
EXPLOIT-DB
comicsmart — ganma!
 
GANMA! App for iOS does not verify SSL certificates. 2017-09-25 not yet calculated CVE-2015-7785
JVN
JVNDB
cyberlink — labelprint
 
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file. 2017-09-23 not yet calculated CVE-2017-14627
MISC
EXPLOIT-DB
debian — fso
 
The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. 2017-09-25 not yet calculated CVE-2014-8156
MLIST
BID
XF
debian — inspircd
 
inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836. 2017-09-25 not yet calculated CVE-2012-6696
DEBIAN
MLIST
CONFIRM
devscripts — devscripts
 
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. 2017-09-25 not yet calculated CVE-2015-5704
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
digium — asterisk_gui
 
An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. 2017-09-25 not yet calculated CVE-2017-14001
BID
MISC
egroupware — egroupware _community_edition
 
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. 2017-09-29 not yet calculated CVE-2017-14920
MISC
MISC
elastic — x-pack_security
 
An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either ‘delete’ or ‘index’ permissions on an index in a cluster, they may be able to issue both delete and index requests against that index. 2017-09-28 not yet calculated CVE-2017-8447
MISC
elasticsearch — elastic_cloud_enterprise
 
The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data. 2017-09-28 not yet calculated CVE-2017-8444
MISC
elasticsearch — kibana
 
Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. 2017-09-28 not yet calculated CVE-2017-11479
MISC
elasticsearch — x-pack_alerting
 
An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges. 2017-09-28 not yet calculated CVE-2017-8448
MISC
exiv2 — exiv2
 
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2017-09-28 not yet calculated CVE-2017-14862
MISC
exiv2 — exiv2
 
There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. 2017-09-28 not yet calculated CVE-2017-14858
MISC
exiv2 — exiv2
 
There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. 2017-09-28 not yet calculated CVE-2017-14866
MISC
exiv2 — exiv2
 
A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2017-09-28 not yet calculated CVE-2017-14863
MISC
exiv2 — exiv2
 
There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. 2017-09-28 not yet calculated CVE-2017-14860
MISC
exiv2 — exiv2
 
There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. 2017-09-28 not yet calculated CVE-2017-14861
MISC
exiv2 — exiv2
 
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2017-09-28 not yet calculated CVE-2017-14864
MISC
exiv2 — exiv2
 
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. 2017-09-28 not yet calculated CVE-2017-14859
MISC
exiv2 — exiv2
 
There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. 2017-09-28 not yet calculated CVE-2017-14865
MISC
exiv2 — exiv2
 
In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack. 2017-09-28 not yet calculated CVE-2017-14857
MISC
eyesofnetwork — eyesofnetwork_web_interface
 
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php. 2017-09-26 not yet calculated CVE-2017-14753
BID
MISC
faleemi — wireless-ip-camera
 
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. 2017-09-26 not yet calculated CVE-2017-14743
MISC
ffmpeg — ffmpeg
 
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. 2017-09-27 not yet calculated CVE-2017-14767
BID
CONFIRM
filerun — filerun
 
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). 2017-09-29 not yet calculated CVE-2017-14738
MISC
MISC
EXPLOIT-DB
freeipa — freeipa
 
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. 2017-09-27 not yet calculated CVE-2017-11191
MISC
gentoo — gentoo
 
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has “chown -R” calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. 2017-09-25 not yet calculated CVE-2017-14730
CONFIRM
CONFIRM
CONFIRM
CONFIRM
git — git
 
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. 2017-09-28 not yet calculated CVE-2017-14867
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
gnu — binutils
 
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. 2017-09-29 not yet calculated CVE-2017-14932
CONFIRM
CONFIRM
gnu — binutils
 
Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. 2017-09-29 not yet calculated CVE-2017-14930
CONFIRM
gnu — binutils
 
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. 2017-09-29 not yet calculated CVE-2017-14938
MISC
MISC
MISC
gnu — binutils
 
process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. 2017-09-29 not yet calculated CVE-2017-14934
CONFIRM
CONFIRM
gnu — binutils
 
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. 2017-09-29 not yet calculated CVE-2017-14939
MISC
MISC
MISC
gnu — binutils
 
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. 2017-09-29 not yet calculated CVE-2017-14933
CONFIRM
CONFIRM
CONFIRM
gnu — binutils
 
scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. 2017-09-29 not yet calculated CVE-2017-14940
MISC
MISC
MISC
google — android
 
Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. 2017-09-25 not yet calculated CVE-2014-8889
MISC
FULLDISC
BUGTRAQ
BID
MISC
google — android
 
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. 2017-09-25 not yet calculated CVE-2014-0997
MISC
FULLDISC
BUGTRAQ
BID
MISC
EXPLOIT-DB
google — android
 
The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. 2017-09-29 not yet calculated CVE-2017-14582
MISC
google — android
 
Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. 2017-09-27 not yet calculated CVE-2015-1537
BID
CONFIRM
MISC
google — android
 
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. 2017-09-25 not yet calculated CVE-2015-5666
JVN
JVNDB
BID
google — android
 
The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. 2017-09-27 not yet calculated CVE-2015-1526
BID
MISC
google — googlemaps
 
The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the ‘url’ parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428. 2017-09-27 not yet calculated CVE-2014-9686
FULLDISC
MISC
MLIST
hp — hpe_sitescope
 
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. 2017-09-29 not yet calculated CVE-2017-14349
BID
CONFIRM
hpe — application_performance_management_platform An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. 2017-09-29 not yet calculated CVE-2017-13983
CONFIRM
hpe — application_performance_management_platform
 
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. 2017-09-29 not yet calculated CVE-2017-13985
CONFIRM
hpe — application_performance_management_platform
 
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. 2017-09-29 not yet calculated CVE-2017-13984
CONFIRM
hpe — application_performance_management_platform
 
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. 2017-09-29 not yet calculated CVE-2017-13982
CONFIRM
hpe — application_performance_management_platform
 
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. 2017-09-29 not yet calculated CVE-2017-14350
BID
CONFIRM
hpe — hp_ucmdb_configuration_manager
 
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. 2017-09-29 not yet calculated CVE-2017-14351
CONFIRM
hpe — hp_ucmdb_configuration_manager
 
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. 2017-09-29 not yet calculated CVE-2017-14352
CONFIRM
huawei — s7700_and_s9700_and_s9300
 
Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. 2017-09-25 not yet calculated CVE-2015-7846
BID
CONFIRM
huawei — uap2105
 
Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. 2017-09-25 not yet calculated CVE-2015-6592
BID
CONFIRM
ibm — api_connect
 
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. 2017-09-25 not yet calculated CVE-2017-1555
CONFIRM
BID
MISC
ibm — api_connect
 
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291. 2017-09-25 not yet calculated CVE-2017-1551
CONFIRM
MISC
ibm — business_process_manager
 
IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478. 2017-09-26 not yet calculated CVE-2017-1425
CONFIRM
BID
MISC
ibm — security_identity_manager_adapters
 
IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621. 2017-09-27 not yet calculated CVE-2017-1483
CONFIRM
BID
MISC
ibm — security_identity_manager_virtual_appliance
 
IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394. 2017-09-27 not yet calculated CVE-2017-1407
CONFIRM
BID
MISC
ibm — websphere_datapower_appliances
 
IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2017-09-27 not yet calculated CVE-2017-1591
CONFIRM
BID
MISC
ibm — websphere_portal
 
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. 2017-09-27 not yet calculated CVE-2017-1577
CONFIRM
BID
SECTRACK
MISC
inedo — proget
 
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. 2017-09-29 not yet calculated CVE-2017-14944
CONFIRM
intelbras — wireless_router
 
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie. 2017-09-29 not yet calculated CVE-2017-14942
MISC
EXPLOIT-DB
jerryscript — jerryscript
 
JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized characters cause incorrect 0x00 characters in bytecode.literal data. 2017-09-26 not yet calculated CVE-2017-14749
MISC
jsoup — jsoup
 
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. 2017-09-25 not yet calculated CVE-2015-6748
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
kde — kmail
 
KDE KMail does not encrypt attachments in emails when “automatic encryption” is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. 2017-09-27 not yet calculated CVE-2014-8878
MLIST
BID
CONFIRM
CONFIRM
kupu — kupu
 
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. 2017-09-25 not yet calculated CVE-2015-7317
MLIST
CONFIRM
CONFIRM
CONFIRM
laravel — laravel
 
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. 2017-09-27 not yet calculated CVE-2017-14775
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. 2017-09-25 not yet calculated CVE-2015-5327
MLIST
CONFIRM
CONFIRM
magento — magento
 
Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field. 2017-09-25 not yet calculated CVE-2015-8707
CONFIRM
mahara — mahara
 
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user’s account. 2017-09-25 not yet calculated CVE-2017-9551
CONFIRM
CONFIRM
man-db — man-db
 
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. 2017-09-27 not yet calculated CVE-2015-1336
MISC
MISC
MISC
MLIST
BID
CONFIRM
MISC
GENTOO
microsoft — windows_app_studio
 
It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio. 2017-09-28 not yet calculated CVE-2017-7554
CONFIRM
millicore — millicore
 
The file editor in millicore allows files to be executed, as well as created. An attacker could use this flaw to compromise other users, or teams projects stored in source control management of the RHMAP Core installation. 2017-09-28 not yet calculated CVE-2017-7552
CONFIRM
mojoomla — annual_maintenance_contract_(amc)_management_system
 
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. 2017-09-27 not yet calculated CVE-2017-14841
EXPLOIT-DB
multitech_faxfinder — multitech_faxfinder
 
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext. 2017-09-29 not yet calculated CVE-2016-10512
MISC
node.js — node.js
 
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to “..” handling was incompatible with the pathname validation used by unspecified community modules. 2017-09-27 not yet calculated CVE-2017-14849
BID
CONFIRM
CONFIRM
norton — remove_and_reinstall
 
Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability. 2017-09-27 not yet calculated CVE-2017-13676
BID
CONFIRM
nvidia — gpu_display_driver
 
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges. 2017-09-22 not yet calculated CVE-2017-6272
CONFIRM
BID
october_cms — october_cms
 
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. 2017-09-27 not yet calculated CVE-2015-5613
MLIST
CONFIRM
CONFIRM
ogaki_kyoritsu_bank — smartphone_passbook
 
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. 2017-09-26 not yet calculated CVE-2015-0874
JVN
JVNDB
BID
openexif — openexif
 
ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file. 2017-09-29 not yet calculated CVE-2017-14931
MISC
MISC
openhpi — openhpi
 
openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption). 2017-09-26 not yet calculated CVE-2015-3248
FEDORA
CONFIRM
CONFIRM
opentext — documentum_administrator
 
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. 2017-09-27 not yet calculated CVE-2017-14524
FULLDISC
CONFIRM
opentext — documentum_administrator
 
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. 2017-09-27 not yet calculated CVE-2017-14526
FULLDISC
CONFIRM
opentext — documentum_webtop
 
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. 2017-09-27 not yet calculated CVE-2017-14527
FULLDISC
CONFIRM
opentext — documentum_webtop
 
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. 2017-09-27 not yet calculated CVE-2017-14525
FULLDISC
CONFIRM
percona — percona_toolkit
 
The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. 2017-09-28 not yet calculated CVE-2015-1027
CONFIRM
CONFIRM
percona — percona_toolkit
 
The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com. 2017-09-28 not yet calculated CVE-2014-2029
MLIST
CONFIRM
CONFIRM
perl — perl
 
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. 2017-09-27 not yet calculated CVE-2017-12814
BID
CONFIRM
CONFIRM
CONFIRM
philips — hue_bridge
 
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. 2017-09-30 not yet calculated CVE-2017-14797
MISC
php-fusion_9 — php-fusion_9
 
Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. 2017-09-25 not yet calculated CVE-2015-8375
MISC
MLIST
CONFIRM
CONFIRM
plone — plone
 
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. 2017-09-25 not yet calculated CVE-2015-7318
MLIST
CONFIRM
CONFIRM
CONFIRM
plone — plone
 
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator. 2017-09-25 not yet calculated CVE-2015-7315
MLIST
CONFIRM
CONFIRM
CONFIRM
plone — plone
 
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. 2017-09-25 not yet calculated CVE-2015-7316
MLIST
CONFIRM
MISC
CONFIRM
poppler — poppler
 
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. 2017-09-29 not yet calculated CVE-2017-14926
CONFIRM
poppler — poppler
 
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. 2017-09-29 not yet calculated CVE-2017-14928
CONFIRM
poppler — poppler
 
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. 2017-09-29 not yet calculated CVE-2017-14927
CONFIRM
poppler — poppler
 
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. 2017-09-29 not yet calculated CVE-2017-14929
CONFIRM
protobuf — protobuf
 
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. 2017-09-25 not yet calculated CVE-2015-5237
MLIST
CONFIRM
CONFIRM
pulp — pulp-consumer-client
 
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server’s TLS certificate signatures when retrieving the server’s public key upon registration. 2017-09-25 not yet calculated CVE-2015-5263
MISC
MLIST
CONFIRM
CONFIRM
pulse_secure — pulse_one_on-premise
 
Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. 2017-09-29 not yet calculated CVE-2017-14935
CONFIRM
red_hat — enterprise_virtualization
 
redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. 2017-09-25 not yet calculated CVE-2015-7544
CONFIRM
REDHAT
red_hat — enterprise_virtualization
 
ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. 2017-09-25 not yet calculated CVE-2014-8170
CONFIRM
MISC
red_hat — jboss_a-mq The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies. 2017-09-25 not yet calculated CVE-2015-5183
CONFIRM
red_hat — jboss_a-mq
 
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. 2017-09-25 not yet calculated CVE-2015-5181
REDHAT
CONFIRM
REDHAT
red_hat — jboss_a-mq
 
The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact. 2017-09-25 not yet calculated CVE-2015-5184
CONFIRM
red_hat — jboss_a-mq
 
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. 2017-09-25 not yet calculated CVE-2015-5182
CONFIRM

red_hat — openshift_enterprise_2
 

 

selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. 2017-09-25 not yet calculated CVE-2015-0238
CONFIRM
CONFIRM
red_hat — openshift
 
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. 2017-09-27 not yet calculated CVE-2015-8249
MISC
MISC
MISC
EXPLOIT-DB
saltstack — salt
 
Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt’s ssh_client. 2017-09-26 not yet calculated CVE-2017-5200
CONFIRM
CONFIRM
CONFIRM
saltstack — salt
 
When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. 2017-09-26 not yet calculated CVE-2017-5192
CONFIRM
CONFIRM
CONFIRM
sap — enterprise_portal
 
Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. 2017-09-28 not yet calculated CVE-2017-10701
BID
BID
BID
MISC
schneider_electric — clearscada
 
Schneider Electric’s ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. 2017-09-25 not yet calculated CVE-2017-9962
CONFIRM
schneider_electric — pro-face_gp_pro_ex
 
A vulnerability exists in Schneider Electric’s Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. 2017-09-25 not yet calculated CVE-2017-9961
CONFIRM
BID
smarterstats — smarterstats
 
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. 2017-09-29 not yet calculated CVE-2017-14620
MISC
systemd — systemd
 
Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. 2017-09-25 not yet calculated CVE-2015-7510
CONFIRM
CONFIRM
CONFIRM
tcpdump — tcpdump
 
print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). 2017-09-27 not yet calculated CVE-2015-3138
SUSE
CONFIRM
CONFIRM
CONFIRM
teamwork — job_links
 
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. 2017-09-27 not yet calculated CVE-2017-14838
EXPLOIT-DB
teamwork — photo_fusion TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. 2017-09-27 not yet calculated CVE-2017-14839
EXPLOIT-DB
teamwork — ticketplus
 
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. 2017-09-27 not yet calculated CVE-2017-14840
EXPLOIT-DB
testlink — testlink
 
SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. 2017-09-26 not yet calculated CVE-2015-7390
BUGTRAQ
testlink — testlink
 
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php. 2017-09-26 not yet calculated CVE-2015-7391
BUGTRAQ
tiki — tiki
 
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. 2017-09-29 not yet calculated CVE-2017-14924
MISC
MISC
MISC
tiki — tiki
 
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site. 2017-09-29 not yet calculated CVE-2017-14925
MISC
MISC
MISC
tine — tine
 
Stored XSS vulnerability via IMG element at “Filename” of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. 2017-09-29 not yet calculated CVE-2017-14921
MISC
MISC
MISC
MISC
MISC
tine — tine
 
Stored XSS vulnerability via IMG element at “History” of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. 2017-09-29 not yet calculated CVE-2017-14922
MISC
MISC
MISC
MISC
MISC
tine — tine
 
Stored XSS vulnerability via IMG element at “Leadname” of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. 2017-09-29 not yet calculated CVE-2017-14923
MISC
MISC
MISC
MISC
MISC
ubuntu — ubuntu
 
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method. 2017-09-27 not yet calculated CVE-2015-3643
MLIST
MLIST
BID
MISC
UBUNTU
UBUNTU
EXPLOIT-DB
ueditor — ueditor
 
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. 2017-09-26 not yet calculated CVE-2017-14744
MISC
unify — openstage_and_openscape_desk_phones
 
OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. 2017-09-25 not yet calculated CVE-2015-8251
CERT-VN
CONFIRM
CONFIRM
CONFIRM
unisys — libra
 
Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption. 2017-09-29 not yet calculated CVE-2017-13684
CONFIRM
vebto — pixie_image_editor
 
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. 2017-09-25 not yet calculated CVE-2017-12905
FULLDISC
wesnoth — battle_for_wesnoth
 
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. 2017-09-26 not yet calculated CVE-2015-5069
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
wesnoth — battle_for_wesnoth
 
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. 2017-09-26 not yet calculated CVE-2015-5070
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
wordpress — wordpress
 
The Intense WP “WP Jobs” plugin 1.5 for WordPress has XSS, related to the Job Qualification field. 2017-09-26 not yet calculated CVE-2017-14751
MISC
BID
MISC
wordpress — wordpress
 
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. 2017-09-29 not yet calculated CVE-2015-9233
MISC
MISC
MISC
wordpress — wordpress
 
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. 2017-09-27 not yet calculated CVE-2017-14844
EXPLOIT-DB
wordpress — wordpress
 
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. 2017-09-29 not yet calculated CVE-2015-9234
MISC
MISC
MISC
wordpress — wordpress
 
SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the “id” parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. 2017-09-25 not yet calculated CVE-2017-14125
FULLDISC
MISC
wordpress — wordpress
 
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. 2017-09-27 not yet calculated CVE-2017-14847
EXPLOIT-DB
wordpress — wordpress
 
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. 2017-09-27 not yet calculated CVE-2017-14845
EXPLOIT-DB
wordpress — wordpress
 
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. 2017-09-27 not yet calculated CVE-2017-14842
EXPLOIT-DB
wordpress — wordpress
 
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. 2017-09-27 not yet calculated CVE-2017-14843
EXPLOIT-DB
wordpress — wordpress
 
SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. 2017-09-27 not yet calculated CVE-2017-14760
MISC
wordpress — wordpress
 
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php. 2017-09-27 not yet calculated CVE-2017-14622
BID
MISC
CONFIRM
wordpress — wordpress
 
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. 2017-09-27 not yet calculated CVE-2017-14846
EXPLOIT-DB
wordpress — wordpress
 
Vulnerability in WordPress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. 2017-09-27 not yet calculated CVE-2017-2551
MISC
CONFIRM
wordpress — wordpress
 
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. 2017-09-23 not yet calculated CVE-2017-14725
BID
MISC
MISC
MISC
wordpress — wordpress
 
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php. 2017-09-28 not yet calculated CVE-2017-14507
EXPLOIT-DB
wordpress — wordpress
 
The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number. 2017-09-27 not yet calculated CVE-2017-14766
MISC
MISC
MISC
wordpress — wordpress
 
Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. 2017-09-23 not yet calculated CVE-2017-14723
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress
 
Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter. 2017-09-26 not yet calculated CVE-2015-7670
BUGTRAQ
CONFIRM
MISC
zkteco — zktime_web
 
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens. 2017-09-26 not yet calculated CVE-2017-13129
BUGTRAQ
FULLDISC
zope_and_plone — zope_and_plone
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. 2017-09-25 not yet calculated CVE-2015-7293
MISC
CONFIRM
CONFIRM
EXPLOIT-DB
zte — microwave_nr8000_series_products
 
All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products – NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. 2017-09-27 not yet calculated CVE-2017-10932
CONFIRM
zyxel — multiple_products
 
ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. 2017-09-27 not yet calculated CVE-2015-7256
CERT-VN
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.