SB17-303: Vulnerability Summary for the Week of October 23, 2017

Original release date: October 30, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “libc” component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted string that is mishandled by the glob function. 2017-10-22 7.8 CVE-2017-7086
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Wi-Fi” component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. 2017-10-22 7.5 CVE-2017-7103
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Wi-Fi” component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. 2017-10-22 10.0 CVE-2017-7105
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Wi-Fi” component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. 2017-10-22 10.0 CVE-2017-7108
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Wi-Fi” component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. 2017-10-22 10.0 CVE-2017-7110
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Wi-Fi” component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. 2017-10-22 10.0 CVE-2017-7112
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Kernel” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-10-22 9.3 CVE-2017-7114
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the “Wi-Fi” component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition. 2017-10-22 9.3 CVE-2017-7115
BID
SECTRACK
MISC
CONFIRM
CONFIRM
EXPLOIT-DB
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. iCloud before 7.0 on Windows is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “SQLite” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-10-22 9.3 CVE-2017-7127
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party “SQLite” product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-10-22 7.5 CVE-2017-7128
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party “SQLite” product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-10-22 7.5 CVE-2017-7129
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party “SQLite” product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-10-22 7.5 CVE-2017-7130
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Exchange ActiveSync” component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account. 2017-10-22 7.1 CVE-2017-7088
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “IOFireWireFamily” component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. 2017-10-22 9.3 CVE-2017-7077
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party “file” product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-10-22 7.5 CVE-2017-7121
BID
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party “file” product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-10-22 7.5 CVE-2017-7122
BID
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party “file” product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-10-22 7.5 CVE-2017-7123
BID
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party “file” product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-10-22 7.5 CVE-2017-7124
BID
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party “file” product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-10-22 7.5 CVE-2017-7125
BID
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party “file” product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. 2017-10-22 7.5 CVE-2017-7126
BID
SECTRACK
CONFIRM
gnu — glibc The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. 2017-10-20 7.5 CVE-2017-15670
BID
CONFIRM
gnu — glibc The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. 2017-10-22 7.5 CVE-2017-15804
BID
CONFIRM
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apache — derby In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file. 2017-10-23 5.0 CVE-2010-2232
CONFIRM
BID
CONFIRM
apple — apple_support An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the “Analytics” component. It allows remote attackers to obtain sensitive analytics information by leveraging its presence in a cleartext HTTP transmission to an Adobe Marketing Cloud server operated for Apple, as demonstrated by information about the installation date and time. 2017-10-22 5.0 CVE-2017-7147
BID
CONFIRM
MISC
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Security” component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate. 2017-10-22 5.0 CVE-2017-7080
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7081
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “CFNetwork Proxies” component. It allows remote attackers to cause a denial of service. 2017-10-22 4.0 CVE-2017-7083
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7087
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the “WebKit” component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing. 2017-10-22 4.3 CVE-2017-7089
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme. 2017-10-22 5.0 CVE-2017-7090
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7091
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7092
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7093
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7094
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7095
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7096
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7098
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7099
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7100
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7102
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7104
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7107
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted web content that incorrectly interacts with the Application Cache policy. 2017-10-22 4.3 CVE-2017-7109
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7111
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the “Wi-Fi” component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic. 2017-10-22 5.0 CVE-2017-7116
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7117
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple — apple_tv An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. 2017-10-22 6.8 CVE-2017-7120
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple — icloud An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the “WebKit” component. It allows remote attackers to spoof the address bar. 2017-10-22 4.3 CVE-2017-7106
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “iBooks” component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file. 2017-10-22 4.3 CVE-2017-7072
BID
SECTRACK
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the “Mail Drafts” component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions. 2017-10-22 5.0 CVE-2017-7078
BID
SECTRACK
CONFIRM
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Mail MessageUI” component. It allows attackers to cause a denial of service (memory corruption) via a crafted image. 2017-10-22 4.3 CVE-2017-7097
BID
SECTRACK
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Messages” component. It allows remote attackers to cause a denial of service (crash) via a crafted image. 2017-10-22 4.3 CVE-2017-7118
BID
SECTRACK
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Bluetooth” component. It allows attackers to obtain sensitive Contact card information via a crafted app. 2017-10-22 4.3 CVE-2017-7131
BID
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “MobileBackup” component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted. 2017-10-22 5.0 CVE-2017-7133
BID
SECTRACK
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Keyboard Suggestions” component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions. 2017-10-22 5.0 CVE-2017-7140
BID
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Time” component. The “Setting Time Zone” feature mishandles the possibility of using location data. 2017-10-22 5.0 CVE-2017-7145
BID
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Security” component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling. 2017-10-22 5.0 CVE-2017-7146
BID
CONFIRM
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Location Framework” component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable. 2017-10-22 4.3 CVE-2017-7148
BID
CONFIRM
apple — itunes An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the “Data Sync” component. It allows attackers to access iOS backups (written by iTunes) via a crafted app. 2017-10-22 4.3 CVE-2017-7079
BID
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “AppSandbox” component. It allows attackers to cause a denial of service via a crafted app. 2017-10-22 4.3 CVE-2017-7074
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the “ld64” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file. 2017-10-22 6.8 CVE-2017-7076
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Application Firewall” component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting after an upgrade. 2017-10-22 4.3 CVE-2017-7084
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “IOFireWireFamily” component. It allows attackers to bypass intended memory-read restrictions via a crafted app. 2017-10-22 4.3 CVE-2017-7119
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Mail” component. It allows remote attackers to bypass an intended off value of the “Load remote content in messages” setting, and consequently discover an e-mail recipient’s IP address, via an HTML email message. 2017-10-22 5.0 CVE-2017-7141
BID
SECTRACK
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the “Safari” component. It allows remote attackers to spoof the address bar. 2017-10-22 4.3 CVE-2017-7085
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
apple — safari An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the “WebKit Storage” component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites. 2017-10-22 5.0 CVE-2017-7142
BID
SECTRACK
CONFIRM
apple — safari An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. The issue involves the “WebKit” component. It allows remote attackers to track Safari Private Browsing users by leveraging cookie mishandling. 2017-10-22 4.3 CVE-2017-7144
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
apple — xcode An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the “ld64” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file. 2017-10-22 6.8 CVE-2017-7134
BID
SECTRACK
CONFIRM
apple — xcode An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the “ld64” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file. 2017-10-22 6.8 CVE-2017-7135
BID
SECTRACK
CONFIRM
apple — xcode An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the “ld64” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file. 2017-10-22 6.8 CVE-2017-7136
BID
SECTRACK
CONFIRM
apple — xcode An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the “ld64” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file. 2017-10-22 6.8 CVE-2017-7137
BID
SECTRACK
CONFIRM
foxitsoftware — foxit_reader Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to “Data from Faulting Address controls subsequent Write Address starting at frdvpr_drv!DrvQueryDriverInfo+0x000000000002c851.” 2017-10-22 6.8 CVE-2017-15770
BID
MISC
foxitsoftware — foxit_reader Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to “Data from Faulting Address controls subsequent Write Address starting at msvcrt!memmove+0x0000000000000158.” 2017-10-22 6.8 CVE-2017-15771
BID
MISC
gnu — glibc The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). 2017-10-20 4.3 CVE-2017-15671
BID
CONFIRM
ibm — daeja_viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could allow an unauthenticated attacker to inject data into log files made to look legitimate. IBM X-Force ID: 123850. 2017-10-24 5.0 CVE-2017-1210
CONFIRM
MISC
ibm — daeja_viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to a denial of service when viewing or opening a large file. IBM X-Force ID: 123852. 2017-10-24 4.3 CVE-2017-1212
CONFIRM
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a “Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000009ae0.” 2017-10-22 6.8 CVE-2017-15750
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a “Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000009f39.” 2017-10-22 6.8 CVE-2017-15751
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to “Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d6b0.” 2017-10-22 6.8 CVE-2017-15752
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x00000000000029c2.” 2017-10-22 6.8 CVE-2017-15753
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x0000000000013968.” 2017-10-22 6.8 CVE-2017-15754
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address controls Branch Selection starting at verifier!AVrfpDphFindBusyMemoryNoCheck+0x0000000000000091.” 2017-10-22 6.8 CVE-2017-15755
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to “Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d7c4.” 2017-10-22 6.8 CVE-2017-15756
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x00000000000029ba.” 2017-10-22 6.8 CVE-2017-15757
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to “Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d75b.” 2017-10-22 6.8 CVE-2017-15758
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001b3f3.” 2017-10-22 6.8 CVE-2017-15759
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001ce82.” 2017-10-22 6.8 CVE-2017-15760
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001ecaa.” 2017-10-22 6.8 CVE-2017-15761
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV near NULL starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001f31b.” 2017-10-22 6.8 CVE-2017-15762
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to “Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001eca0.” 2017-10-22 6.8 CVE-2017-15763
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a “Read Access Violation starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001e6b0.” 2017-10-22 6.8 CVE-2017-15764
MISC
irfanview — babacad4image IrfanView 4.50 – 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001f0a0.” 2017-10-22 6.8 CVE-2017-15766
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a “Read Access Violation starting at CADIMAGE+0x00000000003d246f.” 2017-10-22 6.8 CVE-2017-15737
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a “Read Access Violation starting at CADIMAGE+0x00000000003d22d8.” 2017-10-22 6.8 CVE-2017-15738
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to “Data from Faulting Address controls subsequent Write Address starting at CADIMAGE+0x00000000000042d5.” 2017-10-22 6.8 CVE-2017-15739
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to “Data from Faulting Address controls Code Flow starting at CADIMAGE+0x000000000033228e.” 2017-10-22 6.8 CVE-2017-15740
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Possible Stack Corruption starting at CADIMAGE+0x00000000003d2378.” 2017-10-22 6.8 CVE-2017-15741
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a “Read Access Violation starting at CADIMAGE+0x00000000003d2328.” 2017-10-22 6.8 CVE-2017-15742
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address may be used as a return value starting at CADIMAGE+0x00000000003d24a0.” 2017-10-22 6.8 CVE-2017-15743
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “Read Access Violation on Control Flow starting at CADIMAGE+0x00000000003d35a7.” 2017-10-22 6.8 CVE-2017-15744
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000002ca2e.” 2017-10-22 6.8 CVE-2017-15745
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x00000000003d21b3.” 2017-10-22 6.8 CVE-2017-15746
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “Data Execution Prevention Violation starting at Unknown Symbol @ 0x0000700b00260112 called from CADIMAGE+0x00000000003d35ad.” 2017-10-22 6.8 CVE-2017-15747
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV starting at CADIMAGE+0x000000000000613a.” 2017-10-22 6.8 CVE-2017-15748
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x00000000000348b9.” 2017-10-22 6.8 CVE-2017-15749
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at CADIMAGE+0x00000000003e9462.” 2017-10-22 6.8 CVE-2017-15765
MISC
irfanview — cadimage IrfanView 4.50 – 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV near NULL starting at CADIMAGE+0x00000000003d5b52.” 2017-10-22 6.8 CVE-2017-15767
MISC
irfanview — irfanview IrfanView version 4.50 – 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to “Data from Faulting Address controls Branch Selection starting at image000007f7_42060000+0x0000000000094113.” 2017-10-22 6.8 CVE-2017-15768
MISC
irfanview — irfanview IrfanView 4.50 – 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dds file, related to “Read Access Violation starting at FORMATS!ReadBLP_W+0x0000000000001b22.” 2017-10-22 6.8 CVE-2017-15769
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a “Read Access Violation starting at ntdll!LdrpResCompareResourceNames+0x0000000000000120.” 2017-10-22 6.8 CVE-2017-15790
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to “Data from Faulting Address controls Branch Selection starting at ntdll!LdrpResCompareResourceNames+0x00000000000000de.” 2017-10-22 6.8 CVE-2017-15791
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to “Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceTypesInternal+0x00000000000007b2.” 2017-10-22 6.8 CVE-2017-15792
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to “Data from Faulting Address controls subsequent Write Address starting at ntdll!memcpy+0x00000000000000a5.” 2017-10-22 6.8 CVE-2017-15793
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a “Read Access Violation starting at ntdll!LdrpResSearchResourceInsideDirectory+0x0000000000000257.” 2017-10-22 6.8 CVE-2017-15794
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a “Read Access Violation starting at ntdll!LdrpSearchResourceSection_U+0x00000000000002bd.” 2017-10-22 6.8 CVE-2017-15795
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a “Read Access Violation starting at ntdll!LdrpSearchResourceSection_U+0x0000000000000386.” 2017-10-22 6.8 CVE-2017-15796
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a “Read Access Violation on Block Data Move starting at TOOLS!IVLoadImage_W+0x00000000000020b9.” 2017-10-22 6.8 CVE-2017-15797
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to “Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceNamesInternal+0x0000000000000609.” 2017-10-22 6.8 CVE-2017-15798
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to “Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceNamesInternal+0x000000000000074a.” 2017-10-22 6.8 CVE-2017-15799
MISC
irfanview — irfanview IrfanView version 4.50 (64bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to “Data from Faulting Address controls subsequent Write Address starting at ntdll!memcpy+0x00000000000000a0.” 2017-10-22 6.8 CVE-2017-15800
MISC
irssi — irssi Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on. 2017-10-22 5.0 CVE-2017-15227
CONFIRM
CONFIRM
irssi — irssi Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string. 2017-10-22 5.0 CVE-2017-15228
CONFIRM
CONFIRM
irssi — irssi In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468. 2017-10-22 5.0 CVE-2017-15721
CONFIRM
CONFIRM
irssi — irssi In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. 2017-10-22 5.0 CVE-2017-15722
CONFIRM
CONFIRM
irssi — irssi In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message. 2017-10-22 5.0 CVE-2017-15723
CONFIRM
CONFIRM
labwiki_project — labwiki Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php. 2017-10-23 4.3 CVE-2011-4333
MLIST
MLIST
labwiki_project — labwiki edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter. 2017-10-23 6.5 CVE-2011-4334
MLIST
MLIST
phpmyfaq — phpmyfaq In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment. 2017-10-22 4.3 CVE-2017-15727
CONFIRM
phpmyfaq — phpmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. 2017-10-22 6.8 CVE-2017-15729
CONFIRM
phpmyfaq — phpmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. 2017-10-22 6.8 CVE-2017-15730
CONFIRM
phpmyfaq — phpmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php. 2017-10-22 6.8 CVE-2017-15731
CONFIRM
phpmyfaq — phpmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php. 2017-10-22 6.8 CVE-2017-15732
CONFIRM
phpmyfaq — phpmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php. 2017-10-22 6.8 CVE-2017-15733
CONFIRM
phpmyfaq — phpmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php. 2017-10-22 6.8 CVE-2017-15734
CONFIRM
phpmyfaq — phpmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for modifying a glossary. 2017-10-22 6.8 CVE-2017-15735
CONFIRM
phpmyfaq — phpmyfaq In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. 2017-10-23 6.8 CVE-2017-15808
CONFIRM
phpmyfaq — phpmyfaq In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag. 2017-10-23 4.3 CVE-2017-15809
CONFIRM
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d.” 2017-10-22 6.8 CVE-2017-15772
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a “Read Access Violation starting at CADImage+0x0000000000285d79.” 2017-10-22 6.8 CVE-2017-15773
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to “Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a.” 2017-10-22 6.8 CVE-2017-15774
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000259aa4.” 2017-10-22 6.8 CVE-2017-15775
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1.” 2017-10-22 6.8 CVE-2017-15776
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV near NULL starting at CADImage+0x0000000000288750.” 2017-10-22 6.8 CVE-2017-15777
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a “Read Access Violation starting at CADImage+0x0000000000285de7.” 2017-10-22 6.8 CVE-2017-15778
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to “Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0.” 2017-10-22 6.8 CVE-2017-15779
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a “Read Access Violation starting at CADImage+0x0000000000285dad.” 2017-10-22 6.8 CVE-2017-15780
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76.” 2017-10-22 6.8 CVE-2017-15781
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV starting at CADImage+0x00000000000032eb.” 2017-10-22 6.8 CVE-2017-15782
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to “Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1.” 2017-10-22 6.8 CVE-2017-15783
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an “Illegal Instruction Violation starting at xnview+0x0000000000370074.” 2017-10-22 6.8 CVE-2017-15784
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79.” 2017-10-22 6.8 CVE-2017-15785
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a “Read Access Violation starting at CADImage+0x00000000001a78db.” 2017-10-22 6.8 CVE-2017-15786
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “Data Execution Prevention Violation starting at xnview+0x0000000000580063.” 2017-10-22 6.8 CVE-2017-15787
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV starting at CADImage+0x0000000000002d83.” 2017-10-22 6.8 CVE-2017-15788
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a “User Mode Write AV starting at CADImage+0x00000000000048e7.” 2017-10-22 6.8 CVE-2017-15789
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e.” 2017-10-22 6.8 CVE-2017-15801
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to “Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087.” 2017-10-22 6.8 CVE-2017-15802
MISC
xnview — xnview XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to “Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150.” 2017-10-22 6.8 CVE-2017-15803
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — iphone_os An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the “Phone” component. It allows attackers to obtain sensitive information by leveraging a timing bug to read a secure-content screenshot that occurred during a locking action. 2017-10-22 2.1 CVE-2017-7139
BID
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Screen Lock” component. It allows physically proximate attackers to read Application Firewall prompts. 2017-10-22 2.1 CVE-2017-7082
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Directory Utility” component. It allows local users to discover the Apple ID of the computer’s owner. 2017-10-22 2.1 CVE-2017-7138
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the “Captive Network Assistant” component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user’s awareness. 2017-10-22 2.1 CVE-2017-7143
BID
SECTRACK
CONFIRM
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the “StorageKit” component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value. 2017-10-22 2.1 CVE-2017-7149
BID
SECTRACK
MISC
MISC
CONFIRM
MISC
apple — mac_os_x An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the “Security” component. It allows attackers to bypass the keychain access prompt, and consequently extract passwords, via a synthetic click. 2017-10-22 2.1 CVE-2017-7150
BID
SECTRACK
CONFIRM
ibm — daeja_viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123849. 2017-10-24 3.5 CVE-2017-1209
CONFIRM
MISC
ibm — daeja_viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851. 2017-10-24 1.9 CVE-2017-1211
CONFIRM
BID
MISC
phpmyfaq — phpmyfaq In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords. 2017-10-22 3.5 CVE-2017-15728
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — flash
 
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. 2017-10-22 not yet calculated CVE-2017-11292
BID
SECTRACK
CONFIRM
GENTOO
advantech — web_op
 
A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A maliciously crafted project file may be able to trigger a heap-based buffer overflow, which may crash the process and allow an attacker to execute arbitrary code. 2017-10-25 not yet calculated CVE-2017-12705
BID
MISC
apache — james
 
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation. Release 3.0.1 upgrades the incriminated library. 2017-10-20 not yet calculated CVE-2017-12628
BID
MLIST
apache — portable_runtime_apr
 
Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. 2017-10-23 not yet calculated CVE-2017-12618
MLIST
BID
apache — portable_runtime_apr
 
When apr_exp_time*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. 2017-10-23 not yet calculated CVE-2017-12613
BID
MLIST
apache — xml-rpc
 
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. 2017-10-27 not yet calculated CVE-2016-5002
MLIST
BID
SECTRACK
MISC
XF
apache — xml-rpc
 
The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element. 2017-10-27 not yet calculated CVE-2016-5003
MLIST
BID
BID
SECTRACK
MISC
XF
apache — activemq_apollo
 
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. 2017-10-27 not yet calculated CVE-2014-3579
CONFIRM
MLIST
BID
XF
CONFIRM
apache — activemq
 
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. 2017-10-27 not yet calculated CVE-2014-3600
CONFIRM
MLIST
BID
XF
CONFIRM
apache — cordova_android
 
Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables (preferences) via a crafted intent: URL. 2017-10-27 not yet calculated CVE-2015-1835
MISC
BID
CONFIRM
apache — ofbiz
 
Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors. 2017-10-26 not yet calculated CVE-2012-1622
MLIST
CONFIRM
argo_software_design — argosoft_mini_mail_server
 
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop. 2017-10-24 not yet calculated CVE-2017-15223
EXPLOIT-DB
artica — pandora
 
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page’s graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX). 2017-10-27 not yet calculated CVE-2017-15937
MISC
artica — pandora
 
In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. 2017-10-27 not yet calculated CVE-2017-15936
MISC
artica — pandora
 
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. 2017-10-27 not yet calculated CVE-2017-15935
MISC
artica — pandora
 
Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. 2017-10-27 not yet calculated CVE-2017-15934
MISC
axigen — mail_server
 
Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email attachment. 2017-10-23 not yet calculated CVE-2015-5379
MISC
BUGTRAQ
MISC
CONFIRM
axis_communications — axis_2100_network_camera
 
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214. 2017-10-25 not yet calculated CVE-2017-15885
MISC
ayukov_nftpd — ayukov_nftpd
 
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code. 2017-10-24 not yet calculated CVE-2017-15222
EXPLOIT-DB
bchunk — bchunk bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. 2017-10-28 not yet calculated CVE-2017-15954
MISC
bchunk — bchunk
 
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an “Access violation near NULL on destination operand” and crash when processing a malformed CUE (.cue) file. 2017-10-28 not yet calculated CVE-2017-15955
MISC
bchunk — bchunk
 
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. 2017-10-28 not yet calculated CVE-2017-15953
MISC
bomgar — remote_support
 
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%ProgramData permissions. 2017-10-26 not yet calculated CVE-2017-5996
SECTRACK
MISC
busybox — busybox
 
The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. 2017-10-24 not yet calculated CVE-2017-15873
MISC
MISC
busybox — busybox
 
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. 2017-10-24 not yet calculated CVE-2017-15874
MISC
cisco — amp_for_endpoints
 
The Cisco AMP For Endpoints application allows an authenticated, local attacker to access a static key value stored in the local application software. The vulnerability is due to the use of a static key value stored in the application used to encrypt the connector protection password. An attacker could exploit this vulnerability by gaining local, administrative access to a Windows host and stopping the Cisco AMP for Endpoints service. Cisco Bug IDs: CSCvg42904. 2017-10-22 not yet calculated CVE-2017-12317
BID
CONFIRM
cisco — small_business_sa520_and_sa540_devices
 
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. 2017-10-23 not yet calculated CVE-2017-15805
MISC
cisco — webex_meetings_server
 
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643. 2017-10-24 not yet calculated CVE-2014-0691
CONFIRM
cloud_foundry — runtime
 
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links. 2017-10-24 not yet calculated CVE-2015-5172
CONFIRM
cloud_foundry — runtime
 
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions. 2017-10-24 not yet calculated CVE-2015-5171
CONFIRM
cloud_foundry — runtime
 
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka “Cross Domain Referer Leakage.” 2017-10-24 not yet calculated CVE-2015-5173
CONFIRM
cloud_foundry — runtime
 
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks. 2017-10-24 not yet calculated CVE-2015-5170
BID
CONFIRM
cumulus_linux — cumulus_linux
 
The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label. 2017-10-22 not yet calculated CVE-2015-5699
FULLDISC
d-link — dgs-1500_ax_devices
 
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access. 2017-10-25 not yet calculated CVE-2017-15909
CONFIRM
CONFIRM
CONFIRM
CONFIRM
debian — ubuntu 
 
foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs. 2017-10-23 not yet calculated CVE-2011-2684
MISC
MLIST
MISC
MISC
MISC
e-sic — e-sic
 
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via ‘=”or’ values for the username and password. 2017-10-23 not yet calculated CVE-2017-15379
MISC
EXPLOIT-DB
e-sic — e-sic
 
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). 2017-10-23 not yet calculated CVE-2017-15378
MISC
EXPLOIT-DB
e-sic — e-sic
 
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). 2017-10-23 not yet calculated CVE-2017-15381
EXPLOIT-DB
e-sic — e-sic
 
XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester’s registration area) via the nome parameter. 2017-10-23 not yet calculated CVE-2017-15380
MISC
EXPLOIT-DB
edgeofmyseat.com — perch
 
Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account. 2017-10-27 not yet calculated CVE-2017-15948
MISC
extreme_networks — extreme_exos Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values. 2017-10-23 not yet calculated CVE-2017-14332
CONFIRM
extreme_networks — extreme_exos
 
Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot. 2017-10-23 not yet calculated CVE-2017-14328
CONFIRM
extreme_networks — extreme_exos
 
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitrary files. 2017-10-23 not yet calculated CVE-2017-14327
CONFIRM
extreme_networks — extreme_exos
 
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process. 2017-10-23 not yet calculated CVE-2017-14330
CONFIRM
extreme_networks — extreme_exos
 
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell. 2017-10-23 not yet calculated CVE-2017-14329
CONFIRM
extreme_networks — extreme_exos
 
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the “exsh restricted shell” protection mechanism and obtain an interactive shell. 2017-10-23 not yet calculated CVE-2017-14331
CONFIRM
eyesofnetwork — eyesofnetwork
 
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. 2017-10-27 not yet calculated CVE-2017-15933
MISC
eyesofnetwork — eyesofnetwork
 
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group). 2017-10-24 not yet calculated CVE-2017-15880
MISC
MISC
eyou_mail_system — eyou_mail_system
 
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. 2017-10-24 not yet calculated CVE-2014-1203
FULLDISC
f5 — multiple_products
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 – 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system. 2017-10-27 not yet calculated CVE-2017-6157
SECTRACK
CONFIRM
f5 — multiple_products
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device. 2017-10-27 not yet calculated CVE-2017-6162
SECTRACK
CONFIRM
f5 — multiple_products
 
In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable. 2017-10-27 not yet calculated CVE-2017-6160
SECTRACK
CONFIRM
f5 — multiple_products
 
In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile, and the client initiates a number of concurrent streams beyond the advertised limit can cause a disruption of service. Remote client initiating stream beyond the advertised limit can cause a disruption of service. The Traffic Management Microkernel (TMM) data plane is exposed to this issue; the control plane is not exposed. 2017-10-27 not yet calculated CVE-2017-6163
SECTRACK
CONFIRM
f5 — multiple_products
 
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic. 2017-10-27 not yet calculated CVE-2017-6159
SECTRACK
CONFIRM
f5 — multiple_products
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 – 12.1.2, 11.6.0 – 11.6.1, 11.4.0 – 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion. 2017-10-27 not yet calculated CVE-2017-6161
SECTRACK
SECTRACK
CONFIRM
f5 — multiple_products
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the “/var/log/ltm” log file. 2017-10-20 not yet calculated CVE-2017-6165
BID
SECTRACK
CONFIRM
f5 — multiple_programs
 
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS profile may not be properly cleaned up, potentially leading to resource starvation. Connections may be left in the connection table which then can only be removed by restarting TMM. Over time this may lead to the BIG-IP being unable to process further connections. 2017-10-27 not yet calculated CVE-2017-0303
SECTRACK
CONFIRM
ffmpeg — ffmpeg
 
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. 2017-10-24 not yet calculated CVE-2017-15186
MLIST
BID
fortinet — fortimail
 
A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests. 2017-10-26 not yet calculated CVE-2017-7732
BID
SECTRACK
CONFIRM
fortinet — fortios
 
A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI “Login Disclaimer” redir parameter. 2017-10-27 not yet calculated CVE-2017-7733
BID
SECTRACK
CONFIRM
fortinet — fortios
 
A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 allows an authenticated user to cause the web GUI to be temporarily unresponsive, via passing a specially crafted payload to the ‘params’ parameter of the JSON web API. 2017-10-27 not yet calculated CVE-2017-14182
BID
SECTRACK
CONFIRM
fortinet — fortiwlc
 
An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests. 2017-10-26 not yet calculated CVE-2017-7341
BID
CONFIRM
fortinet — fortiwlc
 
A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters “refresh” and “branchtotable” present in HTTP POST requests. 2017-10-26 not yet calculated CVE-2017-7335
BID
CONFIRM
gentoo_linux — gentoo_linux
 
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. 2017-10-27 not yet calculated CVE-2017-15945
CONFIRM
gnu — binutils
 
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023. 2017-10-27 not yet calculated CVE-2017-15939
MISC
MISC
MISC
gnu — binutils
 
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash). 2017-10-27 not yet calculated CVE-2017-15938
MISC
MISC
MISC
gnu — libextractor
 
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c. 2017-10-26 not yet calculated CVE-2017-15922
MISC
BID
gnu — wget
 
The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk’s length, but doesn’t check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. 2017-10-27 not yet calculated CVE-2017-13089
CONFIRM
BID
SECTRACK
MISC
gnu — wget
 
The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk’s length, but doesn’t check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer. 2017-10-27 not yet calculated CVE-2017-13090
CONFIRM
BID
SECTRACK
MISC
google — chrome Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5064
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5115
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5112
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5066
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. 2017-10-27 not yet calculated CVE-2017-5114
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5110
BID
MISC
MISC
GENTOO
google — chrome Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5069
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. 2017-10-27 not yet calculated CVE-2017-5111
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5063
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe’d via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5107
BID
MISC
MISC
GENTOO
google — chrome A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension. 2017-10-27 not yet calculated CVE-2017-5062
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5091
BID
MISC
MISC
GENTOO
google — chrome Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. 2017-10-27 not yet calculated CVE-2017-5084
BID
MISC
MISC
GENTOO
google — chrome Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2017-10-27 not yet calculated CVE-2017-5105
BID
MISC
MISC
GENTOO
google — chrome A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5100
BID
MISC
MISC
GENTOO
google — chrome Insufficient validation of untrusted input in Blink’s mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument. 2017-10-27 not yet calculated CVE-2017-5078
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2017-10-27 not yet calculated CVE-2017-5106
BID
MISC
MISC
GENTOO
google — chrome Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5073
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5088
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2017-10-27 not yet calculated CVE-2017-5086
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5083
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5082
BID
SECTRACK
MISC
MISC
GENTOO
MISC
google — chrome
 
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5109
BID
MISC
MISC
GENTOO
google — chrome
 
A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5056
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5103
BID
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in interstitials in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to spoof the contents of the omnibox via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5104
BID
MISC
MISC
GENTOO
google — chrome
 
A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5055
BID
MISC
MISC
GENTOO
google — chrome
 
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5054
BID
MISC
MISC
GENTOO
google — chrome
 
Insufficient validation of untrusted input in Skia in Google Chrome prior to 60.0.3112.78 for Linux allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5097
BID
MISC
MISC
GENTOO
google — chrome
 
A race condition in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5061
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents. 2017-10-27 not yet calculated CVE-2017-5096
BID
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5101
BID
MISC
MISC
GENTOO
google — chrome
 
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5102
BID
MISC
MISC
GENTOO
google — chrome
 
Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file. 2017-10-27 not yet calculated CVE-2017-5108
BID
MISC
MISC
GENTOO
google — chrome
 
Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file. 2017-10-27 not yet calculated CVE-2017-5095
BID
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5093
BID
MISC
MISC
GENTOO
google — chrome
 
Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. 2017-10-27 not yet calculated CVE-2017-5057
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5113
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5092
BID
MISC
MISC
GENTOO
google — chrome
 
Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5094
BID
MISC
MISC
GENTOO
google — chrome
 
A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5058
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.115 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name containing a U+0620 character, aka Apple rdar problem 32458012. 2017-10-27 not yet calculated CVE-2017-5090
BID
MISC
google — chrome
 
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5059
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. 2017-10-27 not yet calculated CVE-2017-5087
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5070
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name. 2017-10-27 not yet calculated CVE-2017-5089
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Mac allowed a remote attacker to potentially gain privilege elevation via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5099
BID
MISC
MISC
GENTOO
google — chrome
 
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5071
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. 2017-10-27 not yet calculated CVE-2017-5052
BID
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page. 2017-10-27 not yet calculated CVE-2017-5072
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5067
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5098
BID
MISC
MISC
GENTOO
google — chrome
 
Lack of an appropriate action on page navigation in Blink in Google Chrome prior to 58.0.3029.81 for Windows and Mac allowed a remote attacker to potentially confuse a user into making an incorrect security decision via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5065
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Lack of verification of an extension’s locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files. 2017-10-27 not yet calculated CVE-2017-5081
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5079
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5080
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, related to Bluetooth. 2017-10-27 not yet calculated CVE-2017-5074
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5122
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Insufficient validation of untrusted input in Skia in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5077
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase. 2017-10-27 not yet calculated CVE-2017-5121
BID
SECTRACK
MISC
MISC
MISC
GENTOO
google — chrome
 
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5068
BID
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5075
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2017-10-27 not yet calculated CVE-2017-5060
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. 2017-10-27 not yet calculated CVE-2017-5053
BID
MISC
MISC
MISC
GENTOO
google — chrome
 
Inappropriate use of www mismatch redirects in browser navigation in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially downgrade HTTPS requests to HTTP via a crafted HTML page. In other words, Chrome could transmit cleartext even though the user had entered an https URL, because of a misdesigned workaround for cases where the domain name in a URL almost matches the domain name in an X.509 server certificate (but differs in the initial “www.” substring). 2017-10-27 not yet calculated CVE-2017-5120
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5117
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5119
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5116
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. 2017-10-27 not yet calculated CVE-2017-5076
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark. 2017-10-27 not yet calculated CVE-2017-5085
BID
SECTRACK
MISC
MISC
GENTOO
google — chrome
 
Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to javascript scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. 2017-10-27 not yet calculated CVE-2017-5118
BID
SECTRACK
MISC
MISC
GENTOO
graphicsmagick — graphicsmagick
 
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer. 2017-10-27 not yet calculated CVE-2017-15930
CONFIRM
CONFIRM
CONFIRM
hexis — hawkeye
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist. 2017-10-23 not yet calculated CVE-2015-2878
BUGTRAQ
BUGTRAQ
EXPLOIT-DB
ibm — doors_next_generation
 
IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188. 2017-10-25 not yet calculated CVE-2017-1169
CONFIRM
BID
MISC
ibm — infosphere_master_data_management
 
IBM InfoSphere Master Data Management – Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892. 2017-10-24 not yet calculated CVE-2017-1523
BID
MISC
CONFIRM
ibm — jazz_foundation
 
An unspecified vulnerability in IBM Jazz Foundation based applications might allow the display of stack trace information to an attacker. IBM X-Force ID: 124523. 2017-10-25 not yet calculated CVE-2017-1241
CONFIRM
BID
MISC
ibm — jazz_foundation
 
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036. 2017-10-25 not yet calculated CVE-2017-1164
CONFIRM
BID
MISC
ibm — openpages_grc_platform
 
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 114712. 2017-10-24 not yet calculated CVE-2016-3049
CONFIRM
BID
MISC
ibm — rsa_dm
 
IBM RSA DM contains unspecified vulnerability in CLM Applications with potential for information leakage. IBM X-Force ID: 125157. 2017-10-25 not yet calculated CVE-2017-1295
CONFIRM
MISC
ibm — system_storage_storwize_v7000_unified
 
IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126868. 2017-10-24 not yet calculated CVE-2017-1375
CONFIRM
BID
MISC
ibm — team_concert
 
IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856. 2017-10-25 not yet calculated CVE-2017-1363
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable the secure cookie attribute. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123907. 2017-10-26 not yet calculated CVE-2017-1228
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generates an error message in error logs that includes sensitive information about its environment which could be used in further attacks against the system. IBM X-Force ID: 123905. 2017-10-26 not yet calculated CVE-2017-1226
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 123911. 2017-10-26 not yet calculated CVE-2017-1232
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attackers to expose sensitive information by guessing tokens or identifiers. IBM X-Force ID: 123909. 2017-10-26 not yet calculated CVE-2017-1230
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129831. 2017-10-26 not yet calculated CVE-2017-1521
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862. 2017-10-26 not yet calculated CVE-2017-1222
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123860. 2017-10-26 not yet calculated CVE-2017-1220
CONFIRM
BID
MISC
ibm — tivoli_endpoint_manager
 
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123904. 2017-10-26 not yet calculated CVE-2017-1225
CONFIRM
BID
MISC
ibm — websphere_application_server
 
IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF. 2017-10-24 not yet calculated CVE-2017-1583
CONFIRM
BID
MISC
idemia — morphosmart
 
The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. 2017-10-23 not yet calculated CVE-2017-15567
MISC
ignite_realtime — openfire
 
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. 2017-10-26 not yet calculated CVE-2017-15911
MISC
MISC
image_metrology — spip
 
Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php. 2017-10-22 not yet calculated CVE-2017-15736
CONFIRM
joomla! — joomla!
 
In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. 2017-10-27 not yet calculated CVE-2017-15946
MISC
keystonejs — keystonejs
 
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. 2017-10-24 not yet calculated CVE-2017-15879
CONFIRM
MISC
EXPLOIT-DB
keystonejs — keystonejs
 
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. 2017-10-24 not yet calculated CVE-2017-15878
MISC
BID
CONFIRM
MISC
EXPLOIT-DB
keystonejs — keystonejs
 
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the “content brief” or “content extended” field, a different vulnerability than CVE-2017-15878. 2017-10-24 not yet calculated CVE-2017-15881
MISC
BID
MISC
MISC
lenovo — multiple_products
 
System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process. 2017-10-26 not yet calculated CVE-2017-3771
CONFIRM
letodms — letodms
 
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. 2017-10-23 not yet calculated CVE-2012-4568
CONFIRM
MLIST
MLIST
letodms — letodms
 
Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-10-23 not yet calculated CVE-2012-4569
CONFIRM
MLIST
MLIST
BID
letodms — letodms
 
Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php. 2017-10-23 not yet calculated CVE-2012-4567
CONFIRM
MLIST
MLIST
BID
letodms — letodms
 
SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 2017-10-23 not yet calculated CVE-2012-4570
CONFIRM
MLIST
MLIST
BID
linux — linux_kernel
 
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the “negative” state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls. 2017-10-27 not yet calculated CVE-2017-15951
CONFIRM
CONFIRM
CONFIRM
logitech — media_server
 
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI. 2017-10-23 not yet calculated CVE-2017-15687
MISC
EXPLOIT-DB
london_trust_media — private_internet_access_application
 
The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file. 2017-10-26 not yet calculated CVE-2017-15882
MISC
mediawiki — mediawiki
 
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php. 2017-10-26 not yet calculated CVE-2012-4378
MLIST
MLIST
MISC
CONFIRM
MLIST
CONFIRM
mediawiki — mediawiki
 
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. 2017-10-26 not yet calculated CVE-2012-4377
MLIST
MLIST
MISC
CONFIRM
MLIST
CONFIRM
msa — vot.ar
 
The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag. 2017-10-23 not yet calculated CVE-2015-6839
MISC
MISC
CONFIRM
MISC
node.js — node.js
 
The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe. 2017-10-23 not yet calculated CVE-2013-7377
MLIST
MLIST
MISC
node.js — node.js
 
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. 2017-10-23 not yet calculated CVE-2014-3744
MLIST
MLIST
BID
CONFIRM
MISC
node.js — node.js
 
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command. 2017-10-23 not yet calculated CVE-2014-3741
MLIST
MLIST
CONFIRM
MISC
openmrs — openmrs
 
The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system commands by crafting malicious XML payloads, as demonstrated by a single admin/reports/reportSchemaXml.form request. 2017-10-23 not yet calculated CVE-2017-12796
MISC
MISC
MISC
openslp.org — openslp
 
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. 2017-10-22 not yet calculated CVE-2015-5177
CONFIRM
BID
SECTRACK
CONFIRM
DEBIAN
openssh — openssh
 
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. 2017-10-25 not yet calculated CVE-2017-15906
CONFIRM
CONFIRM
osticket.com — osticket osTicket 1.10.1 provides a functionality to upload ‘html’ files with associated formats. However, it does not properly validate the uploaded file’s contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content. 2017-10-23 not yet calculated CVE-2017-15580
MISC
paessler — prtg_network_monitor
 
In Paessler PRTG Network Monitor 17.3.33.2830, it’s possible to create a Map as a read-only user, by forging a request and sending it to the server. 2017-10-26 not yet calculated CVE-2017-15917
MISC
pallets/wekzeug — pallets/wekzeug
 
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message. 2017-10-23 not yet calculated CVE-2016-10516
MISC
MISC
panasonic — kx-hjb1000_home_unit_devices
 
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. 2017-10-20 not yet calculated CVE-2017-2132
BID
JVN
panasonic — kx-hjb1000_home_unit_devices
 
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. 2017-10-20 not yet calculated CVE-2017-2133
BID
JVN
panasonic — kx-hjb1000_home_unit_devices
 
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. 2017-10-20 not yet calculated CVE-2017-2131
BID
JVN
phpcollab — phpcollab
 
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php. 2017-10-26 not yet calculated CVE-2017-15907
MISC
phpsugar — phpmelody
 
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. 2017-10-24 not yet calculated CVE-2017-15081
MISC
MISC
phpwcms — phpwcms
 
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. 2017-10-24 not yet calculated CVE-2017-15872
CONFIRM
CONFIRM
radare2 — radare2
 
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. 2017-10-27 not yet calculated CVE-2017-15931
CONFIRM
CONFIRM
radare2 — radare2
 
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. 2017-10-27 not yet calculated CVE-2017-15932
CONFIRM
CONFIRM
random.org — random.org
 
reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack. 2017-10-23 not yet calculated CVE-2011-2683
MISC
MLIST
MISC
red_hat — glusterfs
 
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service. 2017-10-26 not yet calculated CVE-2017-15096
CONFIRM
red_hat — keycloak
 
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. 2017-10-26 not yet calculated CVE-2017-12160
REDHAT
REDHAT
REDHAT
CONFIRM
red_hat — keycloak
 
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this flaw to gain access to an authenticated user session, leading to possible information disclosure or further attacks. 2017-10-26 not yet calculated CVE-2017-12159
BID
REDHAT
REDHAT
REDHAT
CONFIRM
red_hat — keycloak
 
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server. 2017-10-26 not yet calculated CVE-2017-12158
REDHAT
REDHAT
REDHAT
CONFIRM
redislabs — redis
 
networking.c in Redis before 3.2.7 allows “Cross Protocol Scripting” because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). 2017-10-24 not yet calculated CVE-2016-10517
BID
MISC
MISC
MISC
ruby — ruby
 
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated “Ox should handle the error more gracefully” but has not confirmed a security implication. 2017-10-27 not yet calculated CVE-2017-15928
MISC
MISC
saltstack — salt
 
SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote attackers to cause a denial of service via a crafted authentication request. 2017-10-24 not yet calculated CVE-2017-14696
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
saltstack — salt
 
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7.x before 2017.7.2 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-12791. 2017-10-24 not yet calculated CVE-2017-14695
SUSE
SUSE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
shadowsocks-libev — shadowsocks-libev
 
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions. 2017-10-27 not yet calculated CVE-2017-15924
MISC
MISC
MISC
MISC
siemens — multiple_products
 
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions 2017-10-23 not yet calculated CVE-2017-9947
BID
CONFIRM
siemens — multiple_products
 
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions 2017-10-23 not yet calculated CVE-2017-9946
BID
CONFIRM
simple_asc — cms
 
Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp. 2017-10-27 not yet calculated CVE-2017-15947
MISC
suricata — suricata
 
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn’t stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default). 2017-10-23 not yet calculated CVE-2017-15377
MISC
MISC
symantec — encryption_desktop
 
In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code. 2017-10-23 not yet calculated CVE-2017-13682
BID
CONFIRM
symantec — endpoint_encryption
 
In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory leak is a type of resource leak that can occur when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released. In object-oriented programming, a memory leak may happen when an object is stored in memory but cannot be accessed by the running code. 2017-10-23 not yet calculated CVE-2017-13683
BID
CONFIRM
systemd — systemd
 
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the ‘systemd-resolved’ service and cause a DoS of the affected service. 2017-10-26 not yet calculated CVE-2017-15908
BID
SECTRACK
CONFIRM
CONFIRM
thornberry — ndoc
 
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required. 2017-10-26 not yet calculated CVE-2017-15366
MISC
tp-link — tl-mr3220_routers
 
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field. 2017-10-20 not yet calculated CVE-2017-15291
MISC
EXPLOIT-DB
tp-link — wr940N_routers
 
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm. 2017-10-23 not yet calculated CVE-2017-13772
EXPLOIT-DB
MISC
typo3 — cms
 
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms. 2017-10-20 not yet calculated CVE-2010-3659
MLIST
MLIST
BID
MISC
CONFIRM
vbulletin — vbulletin
 
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. 2017-10-26 not yet calculated CVE-2014-2023
MISC
FULLDISC
EXPLOIT-DB
BID
MISC
wordpress — wordpress
 
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. 2017-10-23 not yet calculated CVE-2015-5533
MISC
BUGTRAQ
CONFIRM
MISC
EXPLOIT-DB
MISC
wordpress — wordpress
 
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php. 2017-10-26 not yet calculated CVE-2017-15919
MISC
MISC
wordpress — wordpress
 
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php. 2017-10-24 not yet calculated CVE-2017-15867
CONFIRM
wordpress — wordpress
 
Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php. 2017-10-23 not yet calculated CVE-2015-5532
MISC
CONFIRM
BUGTRAQ
CONFIRM
CONFIRM
MISC
MISC
wordpress — wordpress

 

The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel. 2017-10-23 not yet calculated CVE-2017-15812
MISC
MISC
wordpress — wordpress
 
Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php. 2017-10-24 not yet calculated CVE-2017-15863
MISC
MISC
wordpress — wordpress

 

The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php. 2017-10-23 not yet calculated CVE-2017-15811
MISC
MISC
MISC
wordpress — wordpress
 
The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php. 2017-10-23 not yet calculated CVE-2017-15810
MISC
MISC
MISC
writediary.com — writediary
 
In net.MCrypt in the “Diary with lock” (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries. 2017-10-27 not yet calculated CVE-2017-15582
MISC
MISC
writediary.com — writediary
 
In the “Diary with lock” (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for “a personal journal of … secrets and feelings,” which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution. 2017-10-27 not yet calculated CVE-2017-15581
MISC
MISC
xavier — xavier
 
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. 2017-10-27 not yet calculated CVE-2017-15949
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.