SB17-289: Vulnerability Summary for the Week of October 9, 2017

Original release date: October 16, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
phpbugtracker_project — phpbugtracker Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. 2017-10-06 7.5 CVE-2015-2146
MLIST
CONFIRM
phpbugtracker_project — phpbugtracker Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. 2017-10-06 7.5 CVE-2015-2147
MISC
MLIST

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cozmoslabs — profile_builder Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter. 2017-10-06 4.3 CVE-2014-8492
MISC
MISC
docker — docker Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. 2017-10-06 4.6 CVE-2014-0047
MLIST
BID
CONFIRM
formget — easy_contact_form_solution Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php. 2017-10-06 4.3 CVE-2014-7240
MISC
MISC
intelliants — subrion_cms There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database. 2017-10-06 6.8 CVE-2017-15063
MISC
lame_project — lame LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410. 2017-10-06 4.3 CVE-2017-15045
MISC
lame_project — lame LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. 2017-10-06 4.3 CVE-2017-15046
MISC
libcsoap_project — libcsoap nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header. 2017-10-06 5.0 CVE-2015-2297
MLIST
phpbugtracker_project — phpbugtracker Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php. 2017-10-06 6.0 CVE-2015-2142
MLIST
CONFIRM
phpbugtracker_project — phpbugtracker Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters. 2017-10-06 6.8 CVE-2015-2143
MLIST
qnap — qts_helpdesk QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack. 2017-10-06 5.0 CVE-2017-13068
MISC
rapid7 — metasploit The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22. 2017-10-06 4.3 CVE-2017-15084
CONFIRM
tech-banker — gallery_bank Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php. 2017-10-06 4.3 CVE-2014-8758
MISC
MISC
wpmudev — smush_image_compression_and_optimization The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. 2017-10-06 5.0 CVE-2017-15079
CONFIRM
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
openkm — openkm Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. 2017-10-06 3.5 CVE-2014-8957
MISC
BID
MISC
phpbugtracker_project — phpbugtracker Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php. 2017-10-06 3.5 CVE-2015-2144
MLIST
CONFIRM
phpbugtracker_project — phpbugtracker Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. 2017-10-06 3.5 CVE-2015-2145
MLIST
phpbugtracker_project — phpbugtracker Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. 2017-10-06 3.5 CVE-2015-2148
MLIST

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accellion — file_transfer_appliance
 
Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (dot dot) in the statecode cookie. 2017-10-10 not yet calculated CVE-2015-2856
MISC
airtame — airtame
 
/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a “Cookie: PHPSESSID=” header. This can be used to achieve persistent access to the admin panel even after an admin password change. 2017-10-14 not yet calculated CVE-2017-15304
MISC
apache — gridgrain
 
Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path. 2017-10-09 not yet calculated CVE-2017-14614
MLIST
apache — nifi
 
An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release. 2017-10-10 not yet calculated CVE-2017-12623
CONFIRM
apache — openmeetings
 
Apache Openmeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack. 2017-10-12 not yet calculated CVE-2016-8736
MISC
BID
apache — ranger
 
In Apache Ranger before 0.6.2, users with “keyadmin” role should not be allowed to change password for users with “admin” role. 2017-10-13 not yet calculated CVE-2016-6815
BID
CONFIRM
apache — roller
 
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. 2017-10-09 not yet calculated CVE-2014-0030
CONFIRM
MLIST
apache — solr
 
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. 2017-10-14 not yet calculated CVE-2017-12629
MISC
BID
MISC
MISC
MISC
apache– zookeeper
 
Two four letter word commands “wchp/wchc” are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. Apache ZooKeeper thru version 3.4.9 and 3.5.2 suffer from this issue, fixed in 3.4.10, 3.5.3, and later. 2017-10-09 not yet calculated CVE-2017-5637
BID
CONFIRM
MLIST
asterisk — asterisk
 
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the “nat” and “symmetric_rtp” options allow redirecting where Asterisk sends the next RTCP report. 2017-10-09 not yet calculated CVE-2017-14603
CONFIRM
DEBIAN
CONFIRM
atlassian — fisheye_and_crucible
 
Various resources in Atlassian FishEye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. 2017-10-11 not yet calculated CVE-2017-14588
BID
MISC
MISC
atlassian — fisheye_and_crucible
 
The administration user deletion resource in Atlassian FishEye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the uname parameter. 2017-10-11 not yet calculated CVE-2017-14587
MISC
MISC
atutor — lms
 
Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. 2017-10-10 not yet calculated CVE-2015-6521
MLIST
CONFIRM
bamboo — bamboo
 
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo. 2017-10-12 not yet calculated CVE-2017-9514
CONFIRM
cacti — cacti
 
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. 2017-10-10 not yet calculated CVE-2017-15194
SECTRACK
CONFIRM
CONFIRM
cisco — firmware
 
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. 2017-10-12 not yet calculated CVE-2015-6358
CISCO
CERT-VN
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
cybozu — office
 
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via “Cabinet” function. 2017-10-12 not yet calculated CVE-2017-10857
JVN
CONFIRM
dotcms — dotcms
 
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. 2017-10-10 not yet calculated CVE-2017-15219
MISC
dream — multimedia_dreambox_devices
 
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the “Name des Bouquets” field, or the file parameter to the /file URI. 2017-10-12 not yet calculated CVE-2017-15287
MISC
EXPLOIT-DB
emc — network_configuration_manager
 
EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. 2017-10-11 not yet calculated CVE-2017-8017
CONFIRM
BID
SECTRACK
epson — software
 
The Epson “EasyMP” software (tested on version 2.86) is designed to remotely stream a user’s computer to supporting projectors. These devices are authenticated using a unique 4-digit code, displayed on-screen – ensuring only those who can view it are streaming. In addition to the password, each projector (tested on PowerLite Pro G5650W and G6050W) has a hardcoded “backdoor” code (2270), which authenticates to all devices. 2017-10-10 not yet calculated CVE-2017-12860
MISC
epson — software
 
The Epson “EasyMP” software (tested on version 2.86) is designed to remotely stream a user’s computer to supporting projectors. These devices are authenticated using a unique 4-digit code, displayed on-screen – ensuring only those who can view it are streaming. All Epson projectors (tested on PowerLite Pro G5650W and G6050W)supporting the “EasyMP” software are vulnerable to a brute-force vulnerability, allowing any attacker on the network to remotely control and stream to the vulnerable device. 2017-10-10 not yet calculated CVE-2017-12861
MISC
eyesofnetwork — eyesofnetwork
 
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php. 2017-10-10 not yet calculated CVE-2017-15188
MISC
flexense — vx_search_enterprise
 
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code. 2017-10-11 not yet calculated CVE-2017-15220
EXPLOIT-DB
flyspray — flyspray
 
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php. 2017-10-10 not yet calculated CVE-2017-15214
MISC
MISC
MISC
flyspray — flyspray
 
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl. 2017-10-10 not yet calculated CVE-2017-15213
MISC
MISC
MISC
freebsd — sys_amd64
 
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). 2017-10-10 not yet calculated CVE-2015-5675
MISC
BUGTRAQ
BID
SECTRACK
FREEBSD
git — git
 
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. 2017-10-14 not yet calculated CVE-2017-15298
MISC
MISC
gnu — binutils
 
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. 2017-10-10 not yet calculated CVE-2017-15225
CONFIRM
CONFIRM
gnu — libextractor
 
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. 2017-10-11 not yet calculated CVE-2017-15267
MISC
MISC
MISC
gnu — libextractor
 
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. 2017-10-11 not yet calculated CVE-2017-15266
MISC
MISC
MISC
gnu — mpfr
 
Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str. 2017-10-09 not yet calculated CVE-2014-9474
FEDORA
FEDORA
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
MLIST
GENTOO
graphicsmagick — graphicsmagick 
 
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. 2017-10-10 not yet calculated CVE-2017-15238
CONFIRM
CONFIRM
CONFIRM
gurunavi — app_for_ios
 
Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. 2017-10-10 not yet calculated CVE-2015-7778
JVN
JVNDB
BID
hitachi — hibun_confidential_file_decryption
 
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865. 2017-10-12 not yet calculated CVE-2017-10863
CONFIRM
JVN
hitachi — hibun_confidential_file_decryption
 
Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10863. 2017-10-12 not yet calculated CVE-2017-10865
CONFIRM
JVN
hitachi — hibun_confidential_file_viewer
 
Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-10-12 not yet calculated CVE-2017-10864
CONFIRM
JVN
horde — groupware
 
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. 2017-10-10 not yet calculated CVE-2017-15235
MISC
hpe — intelligent_management_center
 
The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. 2017-10-11 not yet calculated CVE-2017-5791
BID
BID
SECTRACK
MISC
MISC
CONFIRM
hpe — operations_orchestration
 
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. 2017-10-10 not yet calculated CVE-2017-8994
BID
CONFIRM
hpe — performance_center
 
HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. 2017-10-11 not yet calculated CVE-2017-5789
BID
BID
SECTRACK
SECTRACK
MISC
MISC
CONFIRM
huawei — fusionserver
 
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. 2017-10-09 not yet calculated CVE-2015-7842
BID
CONFIRM
ibm — financial_transaction_manager_for_ach_services_for_multi-platform
 
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. 2017-10-10 not yet calculated CVE-2017-1538
CONFIRM
BID
MISC
ibm — websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578. 2017-10-10 not yet calculated CVE-2017-1503
CONFIRM
BID
SECTRACK
MISC
identicard — two-reader_controller_configuration_manager
 
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page). 2017-10-09 not yet calculated CVE-2017-14973
MISC
imagemagick — imagemagick
 
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. 2017-10-10 not yet calculated CVE-2017-15218
BID
CONFIRM
imagemagick — imagemagick
 
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. 2017-10-10 not yet calculated CVE-2017-15217
BID
CONFIRM
imagemagick — imagemagick
 
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to “Conditional jump or move depends on uninitialised value(s).” 2017-10-12 not yet calculated CVE-2017-15281
CONFIRM
imagemagick_and_graphicsmagick — imagemagick_and_graphicsmagick
 
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. 2017-10-12 not yet calculated CVE-2017-15277
MISC
MISC
MISC
infocus — mondopad
 
Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim’s NetNTLMv2 hash. 2017-10-09 not yet calculated CVE-2017-14971
MISC
infocus — mondopad
 
InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file. 2017-10-09 not yet calculated CVE-2017-14972
MISC
intel — nuc_firmware
 
Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery. 2017-10-10 not yet calculated CVE-2017-5701
BID
CONFIRM
intel — nuc_firmware

 

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. 2017-10-10 not yet calculated CVE-2017-5722
BID
CONFIRM
intel — nuc_firmware
 
Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory. 2017-10-10 not yet calculated CVE-2017-5721
CONFIRM
intel — nuc_firmware

 

Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage. 2017-10-10 not yet calculated CVE-2017-5700
BID
CONFIRM
ipv6 — ipv6
 
Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional specifically malformed packets may cause follow-on line card resets and lead to an extended service outage. This issue only affects E Series routers with IPv6 licensed and enabled. Routers not configured to process IPv6 traffic are unaffected by this vulnerability. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. 2017-10-13 not yet calculated CVE-2016-4925
BID
SECTRACK
CONFIRM
irfanview — irfanview IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a “Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x00000000000568a4.” 2017-10-11 not yet calculated CVE-2017-15243
MISC
irfanview — irfanview IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a “Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x0000000000057b35.” 2017-10-11 not yet calculated CVE-2017-15261
MISC
irfanview — irfanview IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to “Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a.” 2017-10-11 not yet calculated CVE-2017-15257
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a “Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb.” 2017-10-11 not yet calculated CVE-2017-15252
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a “User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2.” 2017-10-11 not yet calculated CVE-2017-15253
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a “Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5.” 2017-10-11 not yet calculated CVE-2017-15254
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to “Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5.” 2017-10-11 not yet calculated CVE-2017-15241
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a “Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c.” 2017-10-11 not yet calculated CVE-2017-15258
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to “Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59.” 2017-10-11 not yet calculated CVE-2017-15260
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to “Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x00000000000166c4.” 2017-10-11 not yet calculated CVE-2017-15263
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to “Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c.” 2017-10-11 not yet calculated CVE-2017-15262
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4.” 2017-10-11 not yet calculated CVE-2017-15264
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to “Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a.” 2017-10-11 not yet calculated CVE-2017-15259
MISC
irfanview — irfanview
 
IrfanView 4.44 – 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to “Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4.” 2017-10-11 not yet calculated CVE-2017-15239
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to “Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76.” 2017-10-11 not yet calculated CVE-2017-15245
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a “User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe.” 2017-10-11 not yet calculated CVE-2017-15242
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to “Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x0000000000019fc8.” 2017-10-11 not yet calculated CVE-2017-15256
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an “Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.” 2017-10-11 not yet calculated CVE-2017-15244
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a “Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19.” 2017-10-11 not yet calculated CVE-2017-15250
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a “Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef.” 2017-10-11 not yet calculated CVE-2017-15240
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to “Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6.” 2017-10-11 not yet calculated CVE-2017-15248
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a “Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b.” 2017-10-11 not yet calculated CVE-2017-15246
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to “Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000001168a1.” 2017-10-11 not yet calculated CVE-2017-15247
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a “Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0.” 2017-10-11 not yet calculated CVE-2017-15255
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to “Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6.” 2017-10-11 not yet calculated CVE-2017-15249
MISC
irfanview — irfanview
 
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to “Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x00000000000e7326.” 2017-10-11 not yet calculated CVE-2017-15251
MISC
jantek — jtc-200
 
An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication. 2017-10-12 not yet calculated CVE-2016-5791
MISC
jantek — jtc-200
 
A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. 2017-10-12 not yet calculated CVE-2016-5789
MISC
javascript — node
 
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. 2017-10-10 not yet calculated CVE-2015-7384
BID
CONFIRM
CONFIRM
juniper — contrail
 
The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). 2017-10-13 not yet calculated CVE-2017-10616
CONFIRM
juniper — contrail
 
The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE-2017-10617 can be chained together and have a combined CVSSv3 score of 5.8 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N). 2017-10-13 not yet calculated CVE-2017-10617
CONFIRM
juniper — junos_os
 
Juniper Networks Junos OS 16.1R1, and services releases based off of 16.1R1, are vulnerable to the receipt of a crafted BGP Protocol Data Unit (PDU) sent directly to the router, which can cause the RPD routing process to crash and restart. Unlike BGP UPDATEs, which are transitive in nature, this issue can only be triggered by a packet sent directly to the IP address of the router. Repeated crashes of the rpd daemon can result in an extended denial of service condition. This issue only affects devices running Junos OS 16.1R1 and services releases based off of 16.1R1 (e.g. 16.1R1-S1, 16.1R1-S2, 16.1R1-S3). No prior versions of Junos OS are affected by this vulnerability, and this issue was resolved in Junos OS 16.2 prior to 16.2R1. No other Juniper Networks products or platforms are affected by this issue. This issue was found during internal product security testing. 2017-10-13 not yet calculated CVE-2017-10607
CONFIRM
juniper — junos_os
 
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. 2017-10-13 not yet calculated CVE-2017-10623
CONFIRM
juniper — junos_space
 
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. 2017-10-13 not yet calculated CVE-2017-10612
BID
CONFIRM
juniper — junos_space
 
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher. 2017-10-13 not yet calculated CVE-2017-10622
BID
CONFIRM
juniper — junos_space
 
Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. 2017-10-13 not yet calculated CVE-2017-10624
BID
CONFIRM
juniper — srx_series_devices
 
A vulnerability in the pluggable authentication module (PAM) of Juniper Networks Junos OS may allow an unauthenticated network based attacker to potentially execute arbitrary code or crash daemons such as telnetd or sshd that make use of PAM. Affected Juniper Networks Junos OS releases are: 14.1 from 14.1R5 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D50 on EX and QFX series; 14.2 from 14.2R3 prior to 14.2R7-S8, 14.2R8; No other Junos OS releases are affected by this issue. No other Juniper Networks products are affected by this issue. 2017-10-13 not yet calculated CVE-2017-10615
CONFIRM
juniper — srx_series_devices
 
A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined action, to hang the kernel. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55; 12.3X48 prior to 12.3X48-D35; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.2 prior to 14.2R4-S9, 14.2R7-S8, 14.2R8; 15.1 prior to 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue. 2017-10-13 not yet calculated CVE-2017-10613
CONFIRM
juniper — srx_series_devices
 
A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D50; 14.1 prior to 14.1R8-S5, 14.1R9; 14.1X53 prior to 14.1X53-D50; 14.2 prior to 14.2R7-S9, 14.2R8; 15.1 prior to 15.1F2-S16, 15.1F5-S7, 15.1F6-S6, 15.1R5-S2, 15.1R6; 15.1X49 prior to 15.1X49-D90; 15.1X53 prior to 15.1X53-D47; 16.1 prior to 16.1R4-S1, 16.1R5; 16.2 prior to 16.2R1-S3, 16.2R2; 2017-10-13 not yet calculated CVE-2017-10621
CONFIRM
juniper — srx_series_devices
 
A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47. 2017-10-13 not yet calculated CVE-2017-10614
CONFIRM
juniper — srx_series_devices
 
Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the ‘show security tpm status’ command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue. 2017-10-13 not yet calculated CVE-2017-10606
CONFIRM
juniper — srx_series_devices
 
On SRX Series devices, a crafted ICMP packet embedded within a NAT64 IPv6 to IPv4 tunnel may cause the flowd process to crash. Repeated crashes of the flowd process constitutes an extended denial of service condition for the SRX Series device. This issue only occurs if NAT64 is configured. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D71, 12.3X48 prior to 12.3X48-D55, 15.1X49 prior to 15.1X49-D100 on SRX Series. No other Juniper Networks products or platforms are affected by this issue. 2017-10-13 not yet calculated CVE-2017-10610
CONFIRM
MISC
juniper — srx_series_devices
 
If extended statistics are enabled via ‘set chassis extended-statistics’, when executing any operation that fetches interface statistics, including but not limited to SNMP GET requests, the pfem process or the FPC may crash and restart. Repeated crashes of PFE processing can result in an extended denial of service condition. This issue only affects the following platforms: (1) EX2200, EX3300, XRE200 (2) MX Series routers with MPC7E/8E/9E PFEs installed, and only if ‘extended-statistics’ are enabled under the [edit chassis] configuration. Affected releases are Juniper Networks Junos OS 14.1 prior to 14.1R8-S5, 14.1R9 on MX Series; 14.1X53 prior to 14.1X53-D46, 14.1X53-D50 on EX2200, EX3300, XRE200; 14.2 prior to 14.2R7-S9, 14.2R8 on MX Series; 15.1 prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S3, 15.1R6 on MX Series; 16.1 prior to 16.1R4-S5, 16.1R5, 16.1R6 on MX Series; 16.1X65 prior to 16.1X65-D45 on EX2200, EX3300, XRE200; 16.2 prior to 16.2R2-S1, 16.2R3 on MX Series; 17.1 prior to 17.1R2-S2, 17.1R3 on MX Series; 17.2 prior to 17.2R1-S3, 17.2R2 on MX Series; 17.2X75 prior to 17.2X75-D50 on MX Series; 17.3 prior to 17.3R1-S1, 17.3R2 on MX Series. No other Juniper Networks products or platforms are affected by this issue. 2017-10-13 not yet calculated CVE-2017-10611
CONFIRM
juniper — srx_series_devices
 
When Express Path (formerly known as service offloading) is configured on Juniper Networks SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800 in high availability cluster configuration mode, certain multicast packets might cause the flowd process to crash, halting or interrupting traffic from flowing through the device and triggering RG1+ (data-plane) fail-over to the secondary node. Repeated crashes of the flowd process may constitute an extended denial of service condition. This service is not enabled by default and is only supported in high-end SRX platforms. Affected releases are Juniper Networks Junos OS 12.3X48 prior to 12.3X48-D45, 15.1X49 prior to 15.1X49-D80 on SRX1400, SRX3400, SRX3600, SRX5400, SRX5600, SRX5800. 2017-10-13 not yet calculated CVE-2017-10619
CONFIRM
juniper — srx_series_devices
 
When the ‘bgp-error-tolerance’ feature — designed to help mitigate remote session resets from malformed path attributes — is enabled, a BGP UPDATE containing a specifically crafted set of transitive attributes can cause the RPD routing process to crash and restart. Devices with BGP enabled that do not have ‘bgp-error-tolerance’ configured are not vulnerable to this issue. Affected releases are Juniper Networks Junos OS 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F5-S8, 15.1F6-S7, 15.1R5-S6, 15.1R6-S2, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R5; 16.2 prior to 16.2R1-S5, 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S2, 17.2R2; 17.2X75 prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue. 2017-10-13 not yet calculated CVE-2017-10618
CONFIRM
MISC
MISC
juniper — srx_series_devices
 
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110; 2017-10-13 not yet calculated CVE-2017-10620
CONFIRM
juniper — srx_series_devices
 
Any Juniper Networks SRX series device with one or more ALGs enabled may experience a flowd crash when traffic is processed by the Sun/MS-RPC ALGs. This vulnerability in the Sun/MS-RPC ALG services component of Junos OS allows an attacker to cause a repeated denial of service against the target. Repeated traffic in a cluster may cause repeated flip-flop failure operations or full failure to the flowd daemon halting traffic on all nodes. Only IPv6 traffic is affected by this issue. IPv4 traffic is unaffected. This issues is not seen with to-host traffic. This issue has no relation with HA services themselves, only the ALG service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D55 on SRX; 12.1X47 prior to 12.1X47-D45 on SRX; 12.3X48 prior to 12.3X48-D32, 12.3X48-D35 on SRX; 15.1X49 prior to 15.1X49-D60 on SRX. 2017-10-13 not yet calculated CVE-2017-10608
CONFIRM
juniper — j-web
 
J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). 2017-10-13 not yet calculated CVE-2016-1261
CONFIRM
juniper — j-web
 
Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D40; 12.1X47 prior to 12.1X47-D30; 12.3 prior to 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2X51 prior to 13.2X51-D39, 13.2X51-D40; 13.3 prior to 13.3R9; 14.1 prior to 14.1R6; 14.2 prior to 14.2R6; 15.1 prior to 15.1R3; 15.1X49 prior to 15.1X49-D20; 15.1X53 prior to 15.1X53-D57. 2017-10-13 not yet calculated CVE-2016-4923
BID
CONFIRM
juniper — junos_os
 
An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 15.1 prior to 15.1F5; 14.1 prior to 14.1R8 2017-10-13 not yet calculated CVE-2016-4924
BID
CONFIRM
juniper — junos_os
 
Certain combinations of Junos OS CLI commands and arguments have been found to be exploitable in a way that can allow unauthorized access to the operating system. This may allow any user with permissions to run these CLI commands the ability to achieve elevated privileges and gain complete control of the device. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X46 prior to 12.1X46-D60; 12.1X47 prior to 12.1X47-D45; 12.3 prior to 12.3R12; 12.3X48 prior to 12.3X48-D35; 13.2 prior to 13.2R9; 13.3 prior to 13.3R4-S11, 13.3R9; 14.1 prior to 14.1R4-S12, 14.1R7; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R5; 15.1 prior to 15.1F4, 15.1R3; 15.1X49 prior to 15.1X49-D60; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70. 2017-10-13 not yet calculated CVE-2016-4922
BID
SECTRACK
CONFIRM
juniper — junos_os
 
By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion and kernel panic. The issue is triggered by traffic destined to the router. Transit traffic does not trigger the vulnerability. This issue only affects devices with IPv6 enabled and configured. Devices not configured to process IPv6 traffic are unaffected by this vulnerability. This issue was found during internal product security testing. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.3 prior to 12.3R3-S4; 12.3X48 prior to 12.3X48-D30; 13.3 prior to 13.3R10, 13.3R4-S11; 14.1 prior to 14.1R2-S8, 14.1R4-S12, 14.1R8; 14.1X53 prior to 14.1X53-D28, 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R3-S10, 14.2R4-S7, 14.2R6; 15.1 prior to 15.1F2-S5, 15.1F5-S2, 15.1F6, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D57, 15.1X53-D70. 2017-10-13 not yet calculated CVE-2016-4921
BID
SECTRACK
CONFIRM
juniper — junos_space
 
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. 2017-10-13 not yet calculated CVE-2016-1265
CONFIRM
jwt-scala — jwt-scala
 
jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token. 2017-10-12 not yet calculated CVE-2017-10862
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user. 2017-10-10 not yet calculated CVE-2017-15210
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. 2017-10-10 not yet calculated CVE-2017-15211
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. 2017-10-10 not yet calculated CVE-2017-15206
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. 2017-10-10 not yet calculated CVE-2017-15209
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user. 2017-10-10 not yet calculated CVE-2017-15212
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. 2017-10-10 not yet calculated CVE-2017-15207
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. 2017-10-10 not yet calculated CVE-2017-15204
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user. 2017-10-10 not yet calculated CVE-2017-15205
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. 2017-10-10 not yet calculated CVE-2017-15203
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. 2017-10-10 not yet calculated CVE-2017-15196
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. 2017-10-10 not yet calculated CVE-2017-15195
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. 2017-10-10 not yet calculated CVE-2017-15200
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. 2017-10-10 not yet calculated CVE-2017-15208
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. 2017-10-10 not yet calculated CVE-2017-15201
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. 2017-10-10 not yet calculated CVE-2017-15202
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. 2017-10-10 not yet calculated CVE-2017-15197
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user. 2017-10-10 not yet calculated CVE-2017-15198
MISC
MISC
MISC
MISC
kanboard — kanboard
 
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. 2017-10-10 not yet calculated CVE-2017-15199
MISC
MISC
MISC
MISC
lansweeper — lansweeper
 
XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705. 2017-10-10 not yet calculated CVE-2017-13706
MISC
FULLDISC
CONFIRM
lava — ether-serial_link
 
An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator. 2017-10-11 not yet calculated CVE-2017-14003
BID
MISC
libcurl — libcurl
 
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it – the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. 2017-10-06 not yet calculated CVE-2017-1000254
BID
SECTRACK
CONFIRM
CONFIRM
libjpeg-turbo — libjpeg-turbo
 
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. 2017-10-10 not yet calculated CVE-2017-15232
MISC
MISC
libjpeg-turbo — libjpeg-turbo
 
libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial of service (crash) via a crafted JPEG file, related to the Exif marker. 2017-10-10 not yet calculated CVE-2014-9092
FEDORA
FEDORA
FEDORA
FEDORA
MISC
MLIST
BID
CONFIRM
MISC
libmp3splt — libmp3splt
 
plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file. 2017-10-09 not yet calculated CVE-2017-15185
MISC
MISC
MISC
EXPLOIT-DB
libxfont — libxfont
 
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an Xserver for a buffer over-read, for information disclosure or a crash of the X server. 2017-10-11 not yet calculated CVE-2017-13722
CONFIRM
CONFIRM
CONFIRM
CONFIRM
libxfont — libxfont
 
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of fonts, leading to information disclosure or a crash (denial of service). This occurs because ‘’ characters are incorrectly skipped in situations involving ? characters. 2017-10-11 not yet calculated CVE-2017-13720
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — code_aurora_forum_android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively. Android ID: A-36817548. References: QC-CR#2058447, QC-CR#2054770. 2017-10-10 not yet calculated CVE-2017-11060
BID
CONFIRM
linux — code_aurora_forum_android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address sanity check which may potentially lead to the use of an out-of-range pointer offset. 2017-10-10 not yet calculated CVE-2017-11067
BID
CONFIRM
linux — code_aurora_forum_android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively. Android ID: A-36815952. References: QC-CR#2054770, QC-CR#2058447, QC-CR#2066628, QC-CR#2087785 2017-10-10 not yet calculated CVE-2017-11064
BID
CONFIRM
linux — code_aurora_forum_android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address. 2017-10-10 not yet calculated CVE-2017-11057
BID
CONFIRM
linux — code_aurora_forum_android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow. 2017-10-10 not yet calculated CVE-2017-11059
BID
CONFIRM
linux — code_aurora_forum_android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur. 2017-10-10 not yet calculated CVE-2017-11052
BID
CONFIRM
linux — code_aurora_forum_android In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver. 2017-10-10 not yet calculated CVE-2017-9706
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of “0” to the debugfs file that controls ipa ipc log which will lead to the double-free in ipc_log_context_destroy(). Another issue is the Use-After-Free which can happen due to the race condition when the ipc log is deallocated via the debugfs call during a log print. 2017-10-10 not yet calculated CVE-2017-9687
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur. 2017-10-10 not yet calculated CVE-2017-11054
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently attributes are not validated in __wlan_hdd_cfg80211_do_acs which can potentially lead to a buffer overread. 2017-10-10 not yet calculated CVE-2017-11062
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when the pktlogconf tool gives a pktlog buffer of size less than the minimal possible source data size in the host driver, a buffer overflow can potentially occur. 2017-10-10 not yet calculated CVE-2017-11050
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero. 2017-10-10 not yet calculated CVE-2017-11051
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur. 2017-10-10 not yet calculated CVE-2017-11063
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used. 2017-10-10 not yet calculated CVE-2017-9686
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large. 2017-10-10 not yet calculated CVE-2017-9683
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur. 2017-10-10 not yet calculated CVE-2017-9715
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a buffer over-read can occur. 2017-10-10 not yet calculated CVE-2017-11055
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qos map configure action frame, a buffer overflow can potentially occur in ConvertQosMapsetFrame(). 2017-10-10 not yet calculated CVE-2017-11053
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is directly accessed in kernel space potentially leading to a page fault. 2017-10-10 not yet calculated CVE-2017-11056
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request. 2017-10-10 not yet calculated CVE-2017-9714
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur. 2017-10-10 not yet calculated CVE-2017-9717
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer over-read can occur. 2017-10-10 not yet calculated CVE-2017-11061
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur. 2017-10-10 not yet calculated CVE-2017-11046
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table. 2017-10-10 not yet calculated CVE-2017-9697
BID
CONFIRM
linux — code_aurora_forum_android
 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur. 2017-10-10 not yet calculated CVE-2017-11048
BID
CONFIRM
linux — kernel
 
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192. 2017-10-11 not yet calculated CVE-2017-15274
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. 2017-10-14 not yet calculated CVE-2017-15299
MISC
MISC
MISC
MISC
linux — linux_kernel
 
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an “MMU potential stack buffer overrun.” 2017-10-11 not yet calculated CVE-2017-12188
BID
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel. 2017-10-11 not yet calculated CVE-2017-12192
CONFIRM
MISC
microsoft — chakracore ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11808
BID
SECTRACK
CONFIRM
microsoft — chakracore ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11809
BID
SECTRACK
CONFIRM
microsoft — chakracore ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11806
BID
SECTRACK
CONFIRM
microsoft — chakracore ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11807
BID
SECTRACK
CONFIRM
microsoft — chakracore
 
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11797
BID
CONFIRM
microsoft — chakracore
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11811
BID
SECTRACK
CONFIRM
microsoft — chakracore
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11812
BID
SECTRACK
CONFIRM
microsoft — chakracore
 
ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11796
BID
SECTRACK
CONFIRM
microsoft — chakracore
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11805
BID
SECTRACK
CONFIRM
microsoft — chakracore
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11799
BID
SECTRACK
CONFIRM
microsoft — chakracore
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11804
BID
SECTRACK
CONFIRM
microsoft — chakracore
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11802
BID
SECTRACK
CONFIRM
microsoft — chakracore
 
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11801
BID
CONFIRM
microsoft — chakracore
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812. 2017-10-13 not yet calculated CVE-2017-11821
BID
SECTRACK
CONFIRM
microsoft — edge Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11800
BID
SECTRACK
CONFIRM
microsoft — edge
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11798
BID
SECTRACK
CONFIRM
microsoft — edge
 
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user’s system, due to how Microsoft Edge handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-8726 and CVE-2017-11803. 2017-10-13 not yet calculated CVE-2017-11794
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user’s system, due to how Internet Explorer handles objects in memory, aka “Internet Explorer Information Disclosure Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11790
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka “Internet Explorer Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11813. 2017-10-13 not yet calculated CVE-2017-11822
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11810
BID
SECTRACK
CONFIRM
microsoft — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11792, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11793
BID
SECTRACK
CONFIRM
microsoft — lync
 
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka “Skype for Business Elevation of Privilege Vulnerability.” 2017-10-13 not yet calculated CVE-2017-11786
BID
SECTRACK
CONFIRM
microsoft — multiple_products
 
Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory. 2017-10-13 not yet calculated CVE-2017-11826
BID
SECTRACK
CONFIRM
microsoft — office
 
Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for Mac allow an attacker to use a specially crafted file to perform actions in the security context of the current user, due to how Microsoft Office handles files in memory, aka “Microsoft Office Remote Code Execution Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11825
BID
SECTRACK
CONFIRM
microsoft — outlook
 
Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka “Microsoft Outlook Information Disclosure Vulnerability.” 2017-10-13 not yet calculated CVE-2017-11776
BID
SECTRACK
CONFIRM
microsoft — outlook

 

Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka “Microsoft Outlook Security Feature Bypass Vulnerability.” 2017-10-13 not yet calculated CVE-2017-11774
BID
SECTRACK
CONFIRM
microsoft — sharepoint

 

Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka “Microsoft Office SharePoint XSS Vulnerability”. This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820. 2017-10-13 not yet calculated CVE-2017-11775
BID
SECTRACK
CONFIRM
microsoft — sharepoint
 
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka “Microsoft Office SharePoint XSS Vulnerability”. This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777. 2017-10-13 not yet calculated CVE-2017-11820
BID
SECTRACK
CONFIRM
microsoft — sharepoint
 
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka “Microsoft Office SharePoint XSS Vulnerability”. This CVE ID is unique from CVE-2017-11775 and CVE-2017-11820. 2017-10-13 not yet calculated CVE-2017-11777
BID
SECTRACK
CONFIRM
microsoft — windows The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles objects in memory, aka “Windows Graphics Component Elevation of Privilege Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11824
BID
SECTRACK
CONFIRM
microsoft — windows The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka “Windows Security Feature Bypass”. 2017-10-13 not yet calculated CVE-2017-8715
BID
SECTRACK
CONFIRM
microsoft — windows Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. 2017-10-13 not yet calculated CVE-2017-11829
BID
SECTRACK
CONFIRM
microsoft — windows The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka “Windows Information Disclosure Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11817
BID
SECTRACK
CONFIRM
microsoft — windows The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka “Microsoft Graphics Information Disclosure Vulnerability”. 2017-10-13 not yet calculated CVE-2017-8693
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka “Windows Elevation of Privilege Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11783
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka “Windows SMB Remote Code Execution Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11780
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka “Windows DNSAPI Remote Code Execution Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11779
BID
SECTRACK
CONFIRM
microsoft — windows

 

The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka “TRIE Remote Code Execution Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11769
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka “Microsoft Graphics Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-11763. 2017-10-13 not yet calculated CVE-2017-11762
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka “Windows Search Remote Code Execution Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11771
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka “Windows SMB Information Disclosure Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11815
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11814. 2017-10-13 not yet calculated CVE-2017-11785
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka “Windows Storage Security Feature Bypass Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11818
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11765, CVE-2017-11785, and CVE-2017-11814. 2017-10-13 not yet calculated CVE-2017-11784
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785. 2017-10-13 not yet calculated CVE-2017-11814
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka “Windows GDI Information Disclosure Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11816
BID
SECTRACK
CONFIRM
microsoft — windows
 
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. 2017-10-13 not yet calculated CVE-2017-11792
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka “Microsoft JET Database Engine Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8718. 2017-10-13 not yet calculated CVE-2017-8717
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka “Microsoft JET Database Engine Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-8717. 2017-10-13 not yet calculated CVE-2017-8718
BID
SECTRACK
CONFIRM
microsoft — windows

 

The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka “Microsoft Search Information Disclosure Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11772
BID
SECTRACK
CONFIRM
microsoft — windows

 

The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814. 2017-10-13 not yet calculated CVE-2017-11765
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803. 2017-10-13 not yet calculated CVE-2017-8726
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8689. 2017-10-13 not yet calculated CVE-2017-8694
BID
SECTRACK
CONFIRM
microsoft — windows

 

The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka “Microsoft Graphics Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-11763. 2017-10-13 not yet calculated CVE-2017-11763
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2017-8694. 2017-10-13 not yet calculated CVE-2017-8689
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services Framework handles objects in memory, aka “Windows Shell Memory Corruption Vulnerability”. 2017-10-13 not yet calculated CVE-2017-8727
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka “Windows Subsystem for Linux Denial of Service Vulnerability”. 2017-10-13 not yet calculated CVE-2017-8703
BID
SECTRACK
CONFIRM
microsoft — windows
 
Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka “Windows Shell Remote Code Execution Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11819
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka “Windows SMB Elevation of Privilege Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11782
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka “Windows SMB Denial of Service Vulnerability”. 2017-10-13 not yet calculated CVE-2017-11781
BID
SECTRACK
CONFIRM
microsoft — windows
 
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka “Microsoft Windows Security Feature Bypass”. 2017-10-13 not yet calculated CVE-2017-11823
BID
SECTRACK
CONFIRM
mirasys — video_management_system
 
Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality. 2017-10-12 not yet calculated CVE-2017-15290
MISC
MISC
misp — misp
 
MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js. 2017-10-10 not yet calculated CVE-2017-15216
CONFIRM
CONFIRM
nexusphp — nexusphp
 
XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. 2017-10-14 not yet calculated CVE-2017-15305
MISC
MISC
niconico — app_for_iOS
 
niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. 2017-10-10 not yet calculated CVE-2015-5639
MISC
JVN
JVNDB
BID
octobercms — octobercms
 
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account. 2017-10-12 not yet calculated CVE-2017-15284
MISC
EXPLOIT-DB
opentext — documentum_content_server
 
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker’s repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem. 2017-10-13 not yet calculated CVE-2017-15014
MISC
opentext — documentum_content_server
 
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and “editable” (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. 2017-10-13 not yet calculated CVE-2017-15013
MISC
opentext — documentum_content_server
 
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. 2017-10-13 not yet calculated CVE-2017-15276
MISC
opentext — documentum_content_server
 
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. 2017-10-13 not yet calculated CVE-2017-15012
MISC
piwigo — piwigo
 
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php. 2017-10-10 not yet calculated CVE-2016-10513
CONFIRM
CONFIRM
CONFIRM
piwigo — url_check_format
 
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a ” character, or a URL beginning with a substring other than the http:// or https:// substring. 2017-10-10 not yet calculated CVE-2016-10514
CONFIRM
CONFIRM
CONFIRM
pure_storage — purity
 
Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the “host” parameter on the ‘System > Configuration > SNMP > Add SNMP Trap Manager’ screen. 2017-10-11 not yet calculated CVE-2017-7352
MISC
qemu — qemu
 
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. 2017-10-12 not yet calculated CVE-2017-15268
CONFIRM
MLIST
qemu — qemu
 
Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. 2017-10-09 not yet calculated CVE-2017-15038
MLIST
MLIST
rakuten — rakuten_card
 
Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. 2017-10-10 not yet calculated CVE-2015-2988
JVN
JVNDB
BID
rsa_archer — grc_platform
 
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user’s browser session in the context of the affected RSA Archer application. 2017-10-11 not yet calculated CVE-2017-8016
CONFIRM
SECTRACK
rsa_archer — grc_platform
 
RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records. 2017-10-11 not yet calculated CVE-2017-14369
CONFIRM
BID
SECTRACK
rsa_archer — grc_platform
 
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user’s browser session in the context of the affected RSA Archer application. 2017-10-11 not yet calculated CVE-2017-14370
CONFIRM
SECTRACK
rsa_archer — grc_platform
 
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in the user’s browser session in the context of the affected RSA Archer application. 2017-10-11 not yet calculated CVE-2017-14372
CONFIRM
BID
SECTRACK
rsa_archer — grc_platform
 
RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user’s browser session in the context of the affected RSA Archer application. 2017-10-11 not yet calculated CVE-2017-14371
CONFIRM
BID
SECTRACK
rsa_archer — grc_platform
 
RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server. 2017-10-11 not yet calculated CVE-2017-8025
CONFIRM
BID
SECTRACK
rubygems — rubygems
 
RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. 2017-10-11 not yet calculated CVE-2017-0903
MISC
MISC
MISC
MISC
ruckus_wireless — zonedirector_controller
 
Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system. 2017-10-13 not yet calculated CVE-2017-6223
CONFIRM
ruckus_wireless — zonedirector_controller
 
Ruckus Wireless ZoneDirector Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x (less than 10.0.1.0.17 MR1 release) and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating system by appending those commands in the Common Name field in the Certificate Generation Request. 2017-10-13 not yet calculated CVE-2017-6224
CONFIRM
salt — salt
 
salt before 2015.5.5 leaks git usernames and passwords to the log. 2017-10-10 not yet calculated CVE-2015-6918
CONFIRM
CONFIRM
sdl — sdl
 
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. 2017-10-11 not yet calculated CVE-2017-2888
BID
MISC
sdl — sdl
 
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. 2017-10-11 not yet calculated CVE-2017-2887
BID
MISC
seagate — blackarmor_nas
 
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. 2017-10-11 not yet calculated CVE-2013-6924
MISC
BID
XF
shaarli — shaarli
 
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users. 2017-10-10 not yet calculated CVE-2017-15215
MISC
MISC
MISC
silverstripe — silverstripe _cms
 
Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks. 2017-10-12 not yet calculated CVE-2017-12849
CONFIRM
sqlite — sqlite
 
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized. 2017-10-12 not yet calculated CVE-2017-15286
MISC
sudo– sudoers_plugin
 
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. 2017-10-10 not yet calculated CVE-2015-8239
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
symantec — endpoint_encryption
 
A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. 2017-10-10 not yet calculated CVE-2017-13679
BID
CONFIRM
symantec — endpoint_encryption
 
A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. 2017-10-10 not yet calculated CVE-2017-13675
BID
CONFIRM
sync_breeze — enterprise
 
Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login. 2017-10-09 not yet calculated CVE-2017-14980
MISC
teampass — teampass
 
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. 2017-10-12 not yet calculated CVE-2017-15278
CONFIRM
CONFIRM
CONFIRM
tiandy — ip_cameras
 
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt. 2017-10-10 not yet calculated CVE-2017-15236
MISC
trapeze — transitmaster
 
Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the “webwatch.(REDACTED).com” server mentioned in the reference. 2017-10-10 not yet calculated CVE-2017-14943
MISC
ui-dialog — ui-dialog
 
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. 2017-10-10 not yet calculated CVE-2008-7315
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
umbraco_cms — umbraco_cms
 
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs. 2017-10-12 not yet calculated CVE-2017-15280
CONFIRM
CONFIRM
umbraco_cms — umbraco_cms
 
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the “page name” (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs. 2017-10-12 not yet calculated CVE-2017-15279
CONFIRM
CONFIRM
windows — internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka “Internet Explorer Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-11822. 2017-10-13 not yet calculated CVE-2017-11813
BID
SECTRACK
CONFIRM
wireshark — wireshark In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. 2017-10-10 not yet calculated CVE-2017-15191
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. 2017-10-10 not yet calculated CVE-2017-15190
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. 2017-10-10 not yet calculated CVE-2017-15193
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. 2017-10-10 not yet calculated CVE-2017-15189
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wireshark — wireshark
 
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level. 2017-10-10 not yet calculated CVE-2017-15192
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
wordpress — wordpress
 
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file. 2017-10-12 not yet calculated CVE-2016-9263
MISC
wordpress — wordpress
 
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters. 2017-10-06 not yet calculated CVE-2015-2673
MISC
x-cart — x-cart
 
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an “Add File Via URL” action, and change the image’s Description URL to reference the .php URL in the attachments/ directory. 2017-10-12 not yet calculated CVE-2017-15285
MISC
x.org_foundation — x.org_server
 
In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. 2017-10-09 not yet calculated CVE-2017-13723
MLIST
BID
CONFIRM
MLIST
x.org_foundation — x.org_server
 
In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. 2017-10-09 not yet calculated CVE-2017-13721
MLIST
BID
CONFIRM
MLIST
zend_framework — zend_framework
 
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. 2017-10-10 not yet calculated CVE-2015-7503
CONFIRM
CONFIRM
zyxel — zyxel
 
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. 2017-10-10 not yet calculated CVE-2017-15226
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.