Vulnerability Summary for the Week of July 17, 2017
Released
Jul 24, 2017
Document ID
SB17-205
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- openmeetings | Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. | 2017-07-17 | 7.5 | CVE-2017-7664 MLIST BID |
| apple -- itunes | An issue was discovered in certain Apple products. iTunes before 12.6.2 on Windows is affected. The issue involves the "iTunes" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-07-20 | 9.3 | CVE-2017-7053 BID CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | 7.9 | CVE-2017-7050 BID SECTRACK CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | 7.9 | CVE-2017-7051 BID SECTRACK CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | 7.9 | CVE-2017-7054 BID SECTRACK CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 9.3 | CVE-2017-7040 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 9.3 | CVE-2017-7041 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 9.3 | CVE-2017-7042 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 9.3 | CVE-2017-7043 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 7.5 | CVE-2017-7049 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 7.5 | CVE-2017-7052 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 7.5 | CVE-2017-7055 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 7.5 | CVE-2017-7056 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 7.5 | CVE-2017-7061 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| chitora -- lhaz | Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2246 CONFIRM JVN |
| chitora -- lhaz | Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2247 CONFIRM JVN |
| chitora -- lhaz+ | Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2248 CONFIRM JVN |
| chitora -- lhaz+ | Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2249 CONFIRM JVN |
| cisco -- ios | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve57697. | 2017-07-17 | 9.0 | CVE-2017-6736 BID SECTRACK CONFIRM |
| cisco -- ios | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60402. | 2017-07-17 | 9.0 | CVE-2017-6737 BID SECTRACK CONFIRM |
| cisco -- ios | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve89865, CSCsy56638. | 2017-07-17 | 9.0 | CVE-2017-6738 BID SECTRACK CONFIRM |
| cisco -- ios | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66540. | 2017-07-17 | 9.0 | CVE-2017-6739 BID SECTRACK CONFIRM |
| cisco -- ios | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601. | 2017-07-17 | 9.0 | CVE-2017-6740 BID SECTRACK CONFIRM |
| cisco -- ios | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60376, CSCve78027. | 2017-07-17 | 9.0 | CVE-2017-6743 BID SECTRACK CONFIRM |
| cisco -- ios | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve78027, CSCve60276. | 2017-07-17 | 9.0 | CVE-2017-6744 BID SECTRACK CONFIRM |
| cisco -- ios_xe | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66658. | 2017-07-17 | 9.0 | CVE-2017-6741 BID SECTRACK CONFIRM |
| cisco -- ios_xe | The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve54313. | 2017-07-17 | 9.0 | CVE-2017-6742 BID SECTRACK CONFIRM |
| creolabs -- gravity | Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations | 2017-07-17 | 7.5 | CVE-2017-1000072 CONFIRM |
| creolabs -- gravity | Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. | 2017-07-17 | 7.5 | CVE-2017-1000073 CONFIRM |
| creolabs -- gravity | Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. | 2017-07-17 | 7.5 | CVE-2017-1000074 CONFIRM |
| creolabs -- gravity | Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function | 2017-07-17 | 7.5 | CVE-2017-1000075 CONFIRM |
| eyesofnetwork -- eyesofnetwork | EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root | 2017-07-17 | 10.0 | CVE-2017-1000060 MISC |
| fiyo -- fiyo_cms | Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. | 2017-07-17 | 7.5 | CVE-2017-11354 MISC |
| fiyo -- fiyo_cms | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/comment_status.php via $_GET['id']. | 2017-07-18 | 7.5 | CVE-2017-11412 MISC |
| fiyo -- fiyo_cms | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/comment_status.php via $_GET['id']. | 2017-07-18 | 7.5 | CVE-2017-11413 MISC |
| fiyo -- fiyo_cms | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment.php via $_POST['comment'], $_POST['name'], $_POST['web'], $_POST['email'], $_POST['status'], $_POST['id'], and $_REQUEST['id']. | 2017-07-18 | 7.5 | CVE-2017-11414 MISC |
| fiyo -- fiyo_cms | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article.php via $_POST['parent_id'], $_POST['desc'], $_POST['keys'], and $_POST['level']. | 2017-07-18 | 7.5 | CVE-2017-11415 MISC |
| fiyo -- fiyo_cms | Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/insert.php via the name parameter. | 2017-07-18 | 7.5 | CVE-2017-11416 MISC |
| fiyo -- fiyo_cms | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_status.php via $_GET['id']. | 2017-07-18 | 7.5 | CVE-2017-11417 MISC |
| fiyo -- fiyo_cms | Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. | 2017-07-18 | 7.5 | CVE-2017-11418 MISC |
| fiyo -- fiyo_cms | Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/editor.php via $_POST['id'] and $_POST['art_title']. | 2017-07-18 | 7.5 | CVE-2017-11419 MISC |
| framasoft -- framadate | Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution | 2017-07-17 | 7.5 | CVE-2017-1000039 CONFIRM |
| freeradius -- freeradius | An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | 2017-07-17 | 7.5 | CVE-2017-10979 CONFIRM BID SECTRACK |
| freeradius -- freeradius | An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | 2017-07-17 | 7.5 | CVE-2017-10984 CONFIRM |
| freeradius -- freeradius | An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. | 2017-07-17 | 7.8 | CVE-2017-10985 CONFIRM |
| fujielectric -- v-server | An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution. | 2017-07-17 | 7.5 | CVE-2017-9639 BID MISC |
| glpi-project -- glpi | GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. | 2017-07-20 | 7.5 | CVE-2017-11474 CONFIRM |
| glpi-project -- glpi | GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. | 2017-07-20 | 7.5 | CVE-2017-11475 CONFIRM |
| gnome -- gtk-vnc | gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering | 2017-07-17 | 7.5 | CVE-2017-1000044 CONFIRM |
| google -- android | Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X. | 2017-07-17 | 7.2 | CVE-2016-10398 MISC |
| hibara -- attachecase | Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.2.8.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2271 JVN |
| hibara -- attachecase | Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.3.2.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2272 JVN |
| imagemagick -- imagemagick | The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. | 2017-07-19 | 7.1 | CVE-2017-11446 CONFIRM |
| intelliants -- subrion_cms | Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. | 2017-07-19 | 7.5 | CVE-2017-11444 CONFIRM |
| intelliants -- subrion_cms | Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. | 2017-07-19 | 7.5 | CVE-2017-11445 CONFIRM |
| logicaldoc -- logicaldoc | LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. | 2017-07-17 | 7.5 | CVE-2017-1000021 MISC |
| logicaldoc -- logicaldoc | LogicalDoc CommunityEdition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation | 2017-07-17 | 7.5 | CVE-2017-1000022 MISC |
| microsoft -- edge | A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability." | 2017-07-17 | 9.3 | CVE-2017-0152 CONFIRM |
| onosproject -- onos | Linux foundation ONOS 1.9.0 is vulnerable to a DoS | 2017-07-17 | 7.8 | CVE-2017-1000079 MISC |
| onosproject -- onos | Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets | 2017-07-17 | 7.5 | CVE-2017-1000080 MISC |
| onosproject -- onos | Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution | 2017-07-17 | 7.5 | CVE-2017-1000081 MISC |
| php -- php | In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function. | 2017-07-17 | 7.5 | CVE-2017-11362 MISC |
| rbenv -- rbenv | rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution | 2017-07-17 | 7.5 | CVE-2017-1000047 MISC |
| resume-next -- filecapsule_deluxe_portable | Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2265 CONFIRM JVN |
| resume-next -- filecapsule_deluxe_portable | Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2266 CONFIRM JVN |
| resume-next -- filecapsule_deluxe_portable | Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2267 CONFIRM JVN |
| resume-next -- filecapsule_deluxe_portable | Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2268 CONFIRM JVN |
| resume-next -- filecapsule_deluxe_portable | Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2269 CONFIRM JVN |
| resume-next -- filecapsule_deluxe_portable | Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2270 CONFIRM JVN |
| sourcenext -- file_compact | Untrusted search path vulnerability in Self-extracting archive files created by File Compact Ver.5 version 5.09 and earlier, Ver.6 version 6.01 and earlier, Ver.7 version 7.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2252 JVN |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter values. | 2017-07-18 | 7.8 | CVE-2017-11406 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. | 2017-07-18 | 7.8 | CVE-2017-11409 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. | 2017-07-18 | 7.8 | CVE-2017-11410 CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350. | 2017-07-18 | 7.8 | CVE-2017-11411 CONFIRM CONFIRM CONFIRM |
| yahoo -- toolbar | Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-07-17 | 9.3 | CVE-2017-2253 JVN |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- connect | Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack. | 2017-07-17 | 5.0 | CVE-2017-3101 BID SECTRACK MISC |
| adobe -- connect | Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack. | 2017-07-17 | 4.3 | CVE-2017-3102 BID SECTRACK MISC |
| adobe -- connect | Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack. | 2017-07-17 | 4.3 | CVE-2017-3103 BID SECTRACK MISC |
| alpinelinux -- alpine_linux | A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file. | 2017-07-17 | 6.8 | CVE-2017-9669 MLIST BID MISC |
| alpinelinux -- alpine_linux | A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block. | 2017-07-17 | 6.8 | CVE-2017-9671 MLIST BID MISC |
| apache -- openmeetings | Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. | 2017-07-17 | 4.3 | CVE-2017-7663 MLIST BID |
| apache -- openmeetings | Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. | 2017-07-17 | 6.8 | CVE-2017-7666 MLIST |
| apache -- openmeetings | Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. | 2017-07-17 | 5.0 | CVE-2017-7673 MLIST BID |
| apache -- openmeetings | Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains. | 2017-07-17 | 5.0 | CVE-2017-7680 MLIST |
| apache -- openmeetings | Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. | 2017-07-17 | 6.5 | CVE-2017-7681 MLIST |
| apache -- openmeetings | Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas. | 2017-07-17 | 6.4 | CVE-2017-7682 MLIST |
| apache -- openmeetings | Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. | 2017-07-17 | 5.0 | CVE-2017-7683 MLIST |
| apache -- openmeetings | Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server. | 2017-07-17 | 5.0 | CVE-2017-7684 MLIST BID |
| apache -- openmeetings | Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH. | 2017-07-17 | 5.0 | CVE-2017-7685 MLIST BID |
| apache -- openmeetings | Apache OpenMeetings 1.0.0 updates user password in insecure manner. | 2017-07-17 | 5.0 | CVE-2017-7688 MLIST BID |
| apache -- sling | In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. | 2017-07-19 | 4.3 | CVE-2016-5394 BID MISC |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-07-20 | 4.3 | CVE-2017-7028 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-07-20 | 4.3 | CVE-2017-7029 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | 6.8 | CVE-2017-7047 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- apple_tv | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "Safari Printing" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site. | 2017-07-20 | 4.3 | CVE-2017-7060 BID SECTRACK CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 6.8 | CVE-2017-7039 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 6.8 | CVE-2017-7046 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | 6.8 | CVE-2017-7048 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- safari | A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | 2017-07-20 | 4.3 | CVE-2017-7059 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| audacity -- audacity | Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution | 2017-07-17 | 6.8 | CVE-2017-1000010 MISC |
| cacti -- cacti | SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | 2017-07-17 | 6.5 | CVE-2017-1000031 MISC |
| cacti -- cacti | Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. | 2017-07-17 | 4.3 | CVE-2017-1000032 MISC |
| cagintranetworks -- getsimple_cms | A reflected cross-site scripting vulnerability in GetSimple CMS version 3.3.13 and earlier, allow remote attackers to inject arbitrary JavaScript in the URL-field for the administrative login page (/admin/index.php). | 2017-07-17 | 4.3 | CVE-2017-1000057 CONFIRM |
| cairographics -- cairo | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. | 2017-07-17 | 5.0 | CVE-2017-9814 MISC |
| candy_project -- candy | All versions of Candy Chat are vulnerable to an XSS attack by message senders, permitting remote code execution within the page | 2017-07-17 | 4.3 | CVE-2017-1000036 MISC |
| chef_project -- mixlib-archive | Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | 2017-07-17 | 5.0 | CVE-2017-1000026 CONFIRM |
| chevereto -- chevereto | Stored XSS in chevereto CMS before version 3.8.11 | 2017-07-17 | 4.3 | CVE-2017-1000058 CONFIRM |
| cmsmadesimple -- cms_made_simple | In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php. | 2017-07-17 | 4.0 | CVE-2017-11404 MISC |
| cmsmadesimple -- cms_made_simple | In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file. | 2017-07-17 | 4.0 | CVE-2017-11405 MISC |
| exiv2 -- exiv2 | There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | 2017-07-17 | 4.3 | CVE-2017-11336 MISC |
| exiv2 -- exiv2 | There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | 2017-07-17 | 4.3 | CVE-2017-11337 MISC |
| exiv2 -- exiv2 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | 2017-07-17 | 4.3 | CVE-2017-11338 MISC |
| exiv2 -- exiv2 | There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | 2017-07-17 | 4.3 | CVE-2017-11339 MISC |
| exiv2 -- exiv2 | There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. | 2017-07-17 | 4.3 | CVE-2017-11340 MISC |
| freeradius -- freeradius | An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. | 2017-07-17 | 5.0 | CVE-2017-10978 CONFIRM BID SECTRACK |
| freeradius -- freeradius | An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. | 2017-07-17 | 5.0 | CVE-2017-10980 CONFIRM BID SECTRACK |
| freeradius -- freeradius | An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. | 2017-07-17 | 5.0 | CVE-2017-10981 CONFIRM BID SECTRACK |
| freeradius -- freeradius | An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. | 2017-07-17 | 5.0 | CVE-2017-10982 CONFIRM BID SECTRACK |
| freeradius -- freeradius | An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. | 2017-07-17 | 5.0 | CVE-2017-10983 CONFIRM BID SECTRACK |
| freeradius -- freeradius | An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. | 2017-07-17 | 5.0 | CVE-2017-10986 CONFIRM |
| freeradius -- freeradius | An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. | 2017-07-17 | 5.0 | CVE-2017-10987 CONFIRM |
| graphicsmagick -- graphicsmagick | The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. | 2017-07-17 | 6.8 | CVE-2017-11403 MISC MISC |
| ibm -- tivoli_monitoring | IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493. | 2017-07-17 | 5.4 | CVE-2017-1182 CONFIRM SECTRACK MISC |
| ibm -- tivoli_monitoring | IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494. | 2017-07-17 | 5.4 | CVE-2017-1183 CONFIRM BID SECTRACK MISC |
| imagemagick -- imagemagick | In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144. | 2017-07-17 | 4.3 | CVE-2017-11352 BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value. | 2017-07-17 | 4.3 | CVE-2017-11360 CONFIRM |
| imagemagick -- imagemagick | The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service. | 2017-07-19 | 4.3 | CVE-2017-11447 CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file. | 2017-07-19 | 4.3 | CVE-2017-11448 CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. | 2017-07-19 | 6.8 | CVE-2017-11449 CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. | 2017-07-19 | 6.8 | CVE-2017-11450 CONFIRM CONFIRM CONFIRM CONFIRM |
| jasper_project -- jasper | JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | 2017-07-17 | 5.0 | CVE-2017-1000050 MLIST BID |
| joomla -- joomla! | Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. | 2017-07-17 | 5.0 | CVE-2017-9933 BID SECTRACK CONFIRM |
| joomla -- joomla! | Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability. | 2017-07-17 | 4.3 | CVE-2017-9934 BID SECTRACK CONFIRM |
| keepass -- keepass | The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. | 2017-07-17 | 5.0 | CVE-2017-1000066 CONFIRM |
| kitto_project -- kitto | kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution | 2017-07-17 | 5.0 | CVE-2017-1000062 MISC |
| kitto_project -- kitto | kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure | 2017-07-17 | 4.3 | CVE-2017-1000063 MISC |
| kitto_project -- kitto | kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS | 2017-07-17 | 5.0 | CVE-2017-1000064 MISC |
| koozali -- sme_server | Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access. | 2017-07-17 | 5.8 | CVE-2017-1000027 MISC MISC |
| libsass -- libsass | There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | 2017-07-17 | 5.0 | CVE-2017-11341 MISC |
| libsass -- libsass | There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | 2017-07-17 | 5.0 | CVE-2017-11342 MISC |
| libtiff -- libtiff | There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack. | 2017-07-17 | 6.8 | CVE-2017-11335 MISC |
| livehelperchat -- live_helper_chat | Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users. | 2017-07-17 | 4.3 | CVE-2017-1000059 MISC |
| logicaldoc -- logicaldoc | LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document | 2017-07-17 | 4.3 | CVE-2017-1000023 MISC |
| mapbox_project -- mapbox | Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. | 2017-07-17 | 4.3 | CVE-2017-1000042 MISC CONFIRM |
| mapbox_project -- mapbox | Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control | 2017-07-17 | 4.3 | CVE-2017-1000043 MISC CONFIRM |
| mautic -- mautic | Mautic 2.6.1 and earlier fails to set flags on session cookies | 2017-07-17 | 5.0 | CVE-2017-1000046 MISC |
| microsoft -- edge | An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | 2017-07-17 | 4.3 | CVE-2017-0196 CONFIRM |
| modx -- revolution | MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. | 2017-07-17 | 6.5 | CVE-2017-1000067 CONFIRM |
| moodle -- moodle | Moodle 3.x has user fullname disclosure on the user preferences page. | 2017-07-17 | 4.0 | CVE-2017-2642 BID CONFIRM |
| moodle -- moodle | In Moodle 3.3, the course overview block reveals activities in hidden courses. | 2017-07-17 | 4.0 | CVE-2017-7531 BID CONFIRM |
| moodle -- moodle | In Moodle 3.x, course creators are able to change system default settings for courses. | 2017-07-17 | 4.0 | CVE-2017-7532 BID CONFIRM |
| mysqldumper -- mysql_dumper | MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user | 2017-07-17 | 4.3 | CVE-2017-1000012 MISC |
| mywebsql -- mywebsql | MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information | 2017-07-17 | 4.3 | CVE-2017-1000011 MISC |
| oauth2_proxy_project -- oauth2_proxy | CSRF in Bitly oauth2_proxy 2.1 during authentication flow | 2017-07-17 | 6.8 | CVE-2017-1000069 MISC |
| oauth2_proxy_project -- oauth2_proxy | The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819 | 2017-07-17 | 5.8 | CVE-2017-1000070 CONFIRM MISC |
| onosproject -- onos | Linux foundation ONOS 1.9 is vulnerable to XSS in the device registration | 2017-07-17 | 4.3 | CVE-2017-1000078 MISC |
| openmediavault -- openmediavault | Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser. | 2017-07-17 | 4.3 | CVE-2017-1000065 CONFIRM |
| oracle -- glassfish_server | Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. | 2017-07-17 | 5.0 | CVE-2017-1000028 MISC |
| oracle -- glassfish_server | Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. | 2017-07-17 | 5.0 | CVE-2017-1000029 MISC |
| oracle -- glassfish_server | Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface. | 2017-07-17 | 5.0 | CVE-2017-1000030 MISC |
| phpminiadmin_project -- phpminiadmin | PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). | 2017-07-17 | 4.3 | CVE-2017-1000005 MISC |
| phpmyadmin -- phpmyadmin | phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness | 2017-07-17 | 5.8 | CVE-2017-1000013 CONFIRM |
| phpmyadmin -- phpmyadmin | phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality | 2017-07-17 | 5.0 | CVE-2017-1000014 CONFIRM |
| phpmyadmin -- phpmyadmin | phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters | 2017-07-17 | 4.3 | CVE-2017-1000015 CONFIRM |
| phpmyadmin -- phpmyadmin | phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server | 2017-07-17 | 6.5 | CVE-2017-1000017 CONFIRM |
| phpmyadmin -- phpmyadmin | phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name | 2017-07-17 | 5.0 | CVE-2017-1000018 CONFIRM |
| relevanssi -- relevanssi | WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site | 2017-07-17 | 4.3 | CVE-2017-1000038 MISC |
| rocketchat -- rocket.chat | Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. | 2017-07-17 | 4.3 | CVE-2017-1000054 MISC |
| sitecore -- cms | In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter. | 2017-07-19 | 4.0 | CVE-2017-11440 MISC MISC |
| tt-rss -- tiny_tiny_rss | Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack | 2017-07-17 | 4.3 | CVE-2017-1000035 CONFIRM |
| vospari_forms_project -- vospari_forms | Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user. | 2017-07-17 | 4.3 | CVE-2017-1000033 MISC MISC |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. | 2017-07-18 | 5.0 | CVE-2017-11407 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| wireshark -- wireshark | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. | 2017-07-18 | 5.0 | CVE-2017-11408 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| xwiki -- cryptpad | Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content | 2017-07-17 | 4.3 | CVE-2017-1000051 CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| blackcat-cms -- blackcat_cms | Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php. | 2017-07-17 | 3.5 | CVE-2017-9609 MISC CONFIRM MISC |
| bolt -- bolt_cms | Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. | 2017-07-17 | 3.5 | CVE-2017-11127 MISC |
| bolt -- bolt_cms | Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry. | 2017-07-17 | 3.5 | CVE-2017-11128 MISC |
| ibm -- tivoli_monitoring | IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487. | 2017-07-17 | 1.9 | CVE-2017-1181 CONFIRM BID SECTRACK MISC |
| juniper -- screenos | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | 2017-07-17 | 3.5 | CVE-2017-2335 BID SECTRACK CONFIRM |
| juniper -- screenos | A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | 2017-07-17 | 3.5 | CVE-2017-2336 BID SECTRACK CONFIRM |
| juniper -- screenos | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | 2017-07-17 | 3.5 | CVE-2017-2337 BID SECTRACK CONFIRM |
| juniper -- screenos | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | 2017-07-17 | 3.5 | CVE-2017-2338 BID SECTRACK CONFIRM |
| juniper -- screenos | A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue. | 2017-07-17 | 3.5 | CVE-2017-2339 BID SECTRACK CONFIRM |
| redhat -- network_manager | Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. | 2017-07-17 | 2.1 | CVE-2016-0764 REDHAT CONFIRM |
| sitecore -- cms | In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. | 2017-07-19 | 3.5 | CVE-2017-11439 MISC MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
Kubernetes -- Kubernetes | Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. | 2017-07-17 | not yet calculated | CVE-2017-1000056 CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution. | 2017-07-17 | not yet calculated | CVE-2017-3099 BID SECTRACK MISC GENTOO |
| adobe -- flash_player | Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure. | 2017-07-17 | not yet calculated | CVE-2017-3100 BID SECTRACK MISC GENTOO |
| adobe -- flash_player | Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure. | 2017-07-17 | not yet calculated | CVE-2017-3080 BID SECTRACK MISC GENTOO |
akeneo -- pim | Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution. | 2017-07-17 | not yet calculated | CVE-2017-1000009 CONFIRM CONFIRM CONFIRM |
| akka -- akka | Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. | 2017-07-17 | not yet calculated | CVE-2017-1000034 CONFIRM |
| amosconnect -- amosconnect | Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager. | 2017-07-22 | not yet calculated | CVE-2017-3222 BID CERT-VN |
| amosconnect -- amosconnect | Blind SQL injection in the AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords. | 2017-07-22 | not yet calculated | CVE-2017-3221 BID CERT-VN |
| ansible -- ansible | Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly. | 2017-07-21 | not yet calculated | CVE-2017-7473 MISC |
| apache -- apr-util_and_httpd | The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service (memory consumption and httpd crash). NOTE: Exists as a regression to CVE-2009-1955. | 2017-07-17 | not yet calculated | CVE-2016-6312 BID CONFIRM |
| apache -- roller | The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL). | 2017-07-17 | not yet calculated | CVE-2015-0249 MISC MLIST CONFIRM |
| apache -- sling | In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application. | 2017-07-19 | not yet calculated | CVE-2016-6798 BID MISC |
| apache -- wicket | The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.7 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object. | 2017-07-17 | not yet calculated | CVE-2016-6793 MLIST BUGTRAQ BID SECTRACK CONFIRM MISC |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | not yet calculated | CVE-2017-7034 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7022 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7026 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | not yet calculated | CVE-2017-7012 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7069 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | not yet calculated | CVE-2017-7018 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Notifications" component. It allows physically proximate attackers to read unintended notifications on the lock screen. | 2017-07-20 | not yet calculated | CVE-2017-7058 BID SECTRACK CONFIRM |
| apple -- ios | A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. | 2017-07-20 | not yet calculated | CVE-2017-7038 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7064 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file. | 2017-07-20 | not yet calculated | CVE-2017-7068 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash). | 2017-07-20 | not yet calculated | CVE-2017-7063 BID SECTRACK CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows remote attackers to execute arbitrary code or cause a denial of service (application crash). | 2017-07-20 | not yet calculated | CVE-2017-7062 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | not yet calculated | CVE-2017-7020 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | not yet calculated | CVE-2017-7037 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file. | 2017-07-20 | not yet calculated | CVE-2017-7013 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7023 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7025 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | not yet calculated | CVE-2017-7030 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7024 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements. | 2017-07-20 | not yet calculated | CVE-2017-7011 BID SECTRACK CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit Page Loading" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-07-20 | not yet calculated | CVE-2017-7019 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7027 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters. | 2017-07-20 | not yet calculated | CVE-2017-7006 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "CoreAudio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | 2017-07-20 | not yet calculated | CVE-2017-7008 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file. | 2017-07-20 | not yet calculated | CVE-2017-7010 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 2017-07-20 | not yet calculated | CVE-2017-2517 BID SECTRACK CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash). | 2017-07-20 | not yet calculated | CVE-2017-7007 BID SECTRACK CONFIRM |
| apple -- ios | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "IOUSBFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7009 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "afclip" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. | 2017-07-20 | not yet calculated | CVE-2017-7033 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7067 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7036 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7035 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7017 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7032 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file. | 2017-07-20 | not yet calculated | CVE-2017-7031 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Audio" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted audio file. | 2017-07-20 | not yet calculated | CVE-2017-7015 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7021 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7044 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7014 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "afclip" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file. | 2017-07-20 | not yet calculated | CVE-2017-7016 BID SECTRACK CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-07-20 | not yet calculated | CVE-2017-7045 BID SECTRACK CONFIRM |
| apport -- apport | An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file. | 2017-07-18 | not yet calculated | CVE-2017-10708 CONFIRM CONFIRM |
asuswrt-merlin -- asuswrt-merlin | Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. | 2017-07-17 | not yet calculated | CVE-2017-11344 MISC |
| asuswrt-merlin -- asuswrt-merlin | Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. | 2017-07-17 | not yet calculated | CVE-2017-11345 MISC |
| asuswrt-merlin -- asuswrt-merlin | Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. | 2017-07-18 | not yet calculated | CVE-2017-11420 MISC |
| atutor -- atutor | Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. | 2017-07-22 | not yet calculated | CVE-2016-10400 MISC MISC |
| atutor -- atutor | ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution. | 2017-07-17 | not yet calculated | CVE-2017-1000004 CONFIRM CONFIRM BID |
| atutor -- atutor | ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation. | 2017-07-17 | not yet calculated | CVE-2017-1000003 CONFIRM CONFIRM BID |
| atutor -- atutor | ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal vulnerability in the Course Icon component resulting in information disclosure. | 2017-07-17 | not yet calculated | CVE-2017-1000002 CONFIRM CONFIRM BID |
| authd -- authd | authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | 2017-07-17 | not yet calculated | CVE-2016-4982 CONFIRM |
| barrauda -- load_balancer | A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. | 2017-07-18 | not yet calculated | CVE-2017-6320 MISC EXPLOIT-DB |
| biscom -- secure_file_transfer | Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. | 2017-07-18 | not yet calculated | CVE-2017-5247 MISC |
| biscom -- secure_file_transfer | Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. | 2017-07-18 | not yet calculated | CVE-2017-5246 MISC |
| buffalo -- wapm-1166d_and_wapm-apg600h | WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. | 2017-07-21 | not yet calculated | CVE-2017-2126 CONFIRM JVN |
| buffalo -- wmr-433_and_wmr-433w | Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-07-21 | not yet calculated | CVE-2017-2274 CONFIRM JVN |
| buffalo -- wmr-433_and_wmr-433w | Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 2017-07-21 | not yet calculated | CVE-2017-2273 CONFIRM JVN |
| canonical -- ubuntu | The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions. | 2017-07-21 | not yet calculated | CVE-2015-1323 BID UBUNTU |
| chicken_scheme -- chicken_scheme | Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time. | 2017-07-17 | not yet calculated | CVE-2017-11343 CONFIRM |
| chyrp_lite -- chyrp_lite | Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password. | 2017-07-17 | not yet calculated | CVE-2017-1000008 CONFIRM |
| citrix -- netscaler_sd-wan | Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. | 2017-07-20 | not yet calculated | CVE-2017-6316 EXPLOIT-DB EXPLOIT-DB |
| cloud_foundry -- cloud_controller_and_router | The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges. | 2017-07-17 | not yet calculated | CVE-2017-8034 CONFIRM |
| cobian_backup -- cobian_backup | Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events. | 2017-07-17 | not yet calculated | CVE-2017-11318 MISC |
| contao -- contao | Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. | 2017-07-21 | not yet calculated | CVE-2017-10993 CONFIRM |
| cpanel -- cpanel | The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. | 2017-07-19 | not yet calculated | CVE-2017-11441 CONFIRM |
| cygwin -- cygwin | Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string. | 2017-07-21 | not yet calculated | CVE-2017-7523 MISC |
| d-link -- dir-600m | On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | 2017-07-19 | not yet calculated | CVE-2017-10676 MISC MISC |
| d-link -- dir-615 | D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 BACKDOOR value, which might allow remote attackers to obtain access via a TELNET connection. | 2017-07-19 | not yet calculated | CVE-2017-11436 MISC MISC |
| datataker_dt8x_dex -- datataker_dt8x_dex | dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data. | 2017-07-17 | not yet calculated | CVE-2017-11349 MISC MISC |
| docker -- docker_registry | Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. | 2017-07-20 | not yet calculated | CVE-2017-11468 CONFIRM CONFIRM |
| dotcms -- dotcms | Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI. | 2017-07-19 | not yet calculated | CVE-2017-11466 MISC MISC MISC |
| dotnetnuke -- dotnetnuke | DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites." | 2017-07-20 | not yet calculated | CVE-2017-9822 CONFIRM |
| ecos -- ecos | SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others." | 2017-07-17 | not yet calculated | CVE-2017-1000020 MISC |
| elixir_plug -- elixir_plug | Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session. | 2017-07-17 | not yet calculated | CVE-2017-1000053 CONFIRM |
| elixir_plug -- elixir_plug | Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. | 2017-07-17 | not yet calculated | CVE-2017-1000052 CONFIRM |
| elux -- elux_rp | The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel. | 2017-07-19 | not yet calculated | CVE-2017-7977 CONFIRM |
| emc -- multile_products | EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system. | 2017-07-17 | not yet calculated | CVE-2017-8011 CONFIRM BID SECTRACK |
| emc -- multile_products | The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under. | 2017-07-17 | not yet calculated | CVE-2017-8004 CONFIRM BID SECTRACK |
| emc -- multile_products | The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application. | 2017-07-17 | not yet calculated | CVE-2017-8005 CONFIRM BID SECTRACK |
| emc -- rsa_authentication_manager | In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources. | 2017-07-17 | not yet calculated | CVE-2017-8006 CONFIRM BID SECTRACK |
| emc -- rsa_authentication_manager | In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session. | 2017-07-17 | not yet calculated | CVE-2017-8000 CONFIRM BID SECTRACK |
| exiv2_0.26 -- exiv2_0.26 | There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. | 2017-07-22 | not yet calculated | CVE-2017-11553 MISC |
| fedmsg -- fedmsg | FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. | 2017-07-17 | not yet calculated | CVE-2017-1000001 CONFIRM |
| ffmpeg -- ffmpeg | Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file. | 2017-07-17 | not yet calculated | CVE-2017-11399 CONFIRM |
| foreman -- foreman | discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain the root password by reading the system journal, or by clicking Logs on the console. | 2017-07-17 | not yet calculated | CVE-2016-4996 CONFIRM |
| foreman -- foreman | Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack. | 2017-07-17 | not yet calculated | CVE-2015-5152 CONFIRM CONFIRM |
| foreman -- foreman | rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation. | 2017-07-21 | not yet calculated | CVE-2017-7540 MISC |
| fortinet -- fortiwlm | A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges. | 2017-07-22 | not yet calculated | CVE-2017-7336 BID CONFIRM |
geneko -- gwr-routers | Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. | 2017-07-19 | not yet calculated | CVE-2017-11456 MISC |
genivia -- gsoap | Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers. | 2017-07-19 | not yet calculated | CVE-2017-9765 MISC MISC BID MISC MISC MISC MISC |
| geutebrueck-gcore -- geutebrueck_gcore | Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request. | 2017-07-21 | not yet calculated | CVE-2017-11517 EXPLOIT-DB |
| glpi -- glpi | Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. | 2017-07-19 | not yet calculated | CVE-2016-7507 CONFIRM |
| glpi -- glpi | GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. | 2017-07-17 | not yet calculated | CVE-2017-11329 CONFIRM CONFIRM |
| glpi -- glpi | Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket. | 2017-07-19 | not yet calculated | CVE-2016-7509 CONFIRM |
| gnome-exe-thumbnailer -- gnome-exe-thumbnailer | gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename. | 2017-07-18 | not yet calculated | CVE-2017-11421 MISC MISC MISC |
| gnome_web -- gnome_web | GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | 2017-07-17 | not yet calculated | CVE-2017-1000025 CONFIRM MISC |
| gnome_ librsvg -- gnome_ librsvg | A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. | 2017-07-19 | not yet calculated | CVE-2017-11464 CONFIRM CONFIRM CONFIRM |
| google -- android | The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. | 2017-07-18 | not yet calculated | CVE-2017-9245 BID MISC |
| green_packet -- dx-350 | In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter. | 2017-07-21 | not yet calculated | CVE-2017-9980 MISC |
| green_packet -- dx-350 | Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. | 2017-07-21 | not yet calculated | CVE-2017-9932 MISC |
| green_packet -- dx-350 | Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi. | 2017-07-21 | not yet calculated | CVE-2017-9931 MISC |
| green_packet -- dx-350 | Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. | 2017-07-21 | not yet calculated | CVE-2017-9930 MISC |
| hammock -- assetview_for_macos | SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". | 2017-07-17 | not yet calculated | CVE-2017-2241 MISC CONFIRM |
| hammock -- assetview_for_macos | Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | 2017-07-17 | not yet calculated | CVE-2017-2240 MISC CONFIRM |
| humax -- wi-fi_router | The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords. | 2017-07-19 | not yet calculated | CVE-2017-11435 MISC |
ibm -- infosphere_master_data_management_server | IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463. | 2017-07-19 | not yet calculated | CVE-2017-1309 CONFIRM BID MISC |
ibm -- mq_appliance | IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730. | 2017-07-18 | not yet calculated | CVE-2017-1318 CONFIRM BID MISC |
| ibm -- security_guardium | IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. | 2017-07-21 | not yet calculated | CVE-2017-1267 CONFIRM BID MISC |
ibm -- tivoli_endpoint_manager | IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678. | 2017-07-19 | not yet calculated | CVE-2017-1203 CONFIRM CONFIRM BID MISC |
| ibm -- tivoli_endpoint_manager | IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858. | 2017-07-19 | not yet calculated | CVE-2017-1218 CONFIRM BID MISC |
| ibm -- tivoli_endpoint_manager | IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902. | 2017-07-19 | not yet calculated | CVE-2017-1223 CONFIRM BID MISC |
| ibm -- tivoli_endpoint_manager | IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859. | 2017-07-19 | not yet calculated | CVE-2017-1219 CONFIRM MISC |
| ibm -- tivoli_endpoint_manager | IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. | 2017-07-19 | not yet calculated | CVE-2017-1224 CONFIRM BID MISC |
| ibm -- tririga_application_platform | Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864. | 2017-07-21 | not yet calculated | CVE-2017-1371 CONFIRM MISC |
| ibm -- tririga_application_platform | IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865. | 2017-07-21 | not yet calculated | CVE-2017-1372 CONFIRM MISC |
| ibm -- tririga_application_platform | Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. | 2017-07-21 | not yet calculated | CVE-2017-1374 CONFIRM MISC |
| ibm -- tririga_application_platform | Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866. | 2017-07-21 | not yet calculated | CVE-2017-1373 CONFIRM BID MISC |
| ibm -- websphere_application_server_proxy_server_or_on-demand-router | IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152. | 2017-07-21 | not yet calculated | CVE-2017-1381 CONFIRM MISC |
| ibm -- emptoris_contract_management | IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738. | 2017-07-19 | not yet calculated | CVE-2016-6018 CONFIRM BID MISC |
| idera_uptime_monitor -- idera_uptime_monitor | IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter. | 2017-07-20 | not yet calculated | CVE-2017-11471 MISC |
| idera_uptime_monitor -- idera_uptime_monitor | get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | 2017-07-20 | not yet calculated | CVE-2017-11469 MISC |
| idera_uptime_monitor -- idera_uptime_monitor | IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter. | 2017-07-20 | not yet calculated | CVE-2017-11470 MISC |
| imagemagick -- imagemagick | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. | 2017-07-22 | not yet calculated | CVE-2017-11533 CONFIRM |
| imagemagick -- imagemagick | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. | 2017-07-22 | not yet calculated | CVE-2017-11539 CONFIRM |
| imagemagick -- imagemagick | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. | 2017-07-22 | not yet calculated | CVE-2017-11532 CONFIRM |
| imagemagick -- imagemagick | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. | 2017-07-22 | not yet calculated | CVE-2017-11540 CONFIRM |
| imagemagick -- imagemagick | The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file. | 2017-07-21 | not yet calculated | CVE-2017-11505 CONFIRM CONFIRM |
| imagemagick -- imagemagick | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. | 2017-07-22 | not yet calculated | CVE-2017-11534 CONFIRM |
| imagemagick -- imagemagick | The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file. | 2017-07-22 | not yet calculated | CVE-2017-11524 CONFIRM CONFIRM |
| imagemagick -- imagemagick | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. | 2017-07-22 | not yet calculated | CVE-2017-11536 CONFIRM |
| imagemagick -- imagemagick | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. | 2017-07-22 | not yet calculated | CVE-2017-11535 CONFIRM |
| imagemagick -- imagemagick | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. | 2017-07-22 | not yet calculated | CVE-2017-11537 CONFIRM |
| imagemagick -- imagemagick | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. | 2017-07-22 | not yet calculated | CVE-2017-11538 CONFIRM |
| imagemagick -- imagemagick | The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | 2017-07-22 | not yet calculated | CVE-2017-11525 CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | 2017-07-22 | not yet calculated | CVE-2017-11529 CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. | 2017-07-22 | not yet calculated | CVE-2017-11528 CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. | 2017-07-22 | not yet calculated | CVE-2017-11526 CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. | 2017-07-22 | not yet calculated | CVE-2017-11523 CONFIRM CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | 2017-07-22 | not yet calculated | CVE-2017-11530 CONFIRM CONFIRM |
| imagemagick -- imagemagick | The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. | 2017-07-22 | not yet calculated | CVE-2017-11522 CONFIRM CONFIRM CONFIRM |
| imagemagick -- imagemagick | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. | 2017-07-22 | not yet calculated | CVE-2017-11531 CONFIRM |
| imagemagick -- imagemagick | The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. | 2017-07-20 | not yet calculated | CVE-2017-11478 CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | 2017-07-22 | not yet calculated | CVE-2017-11527 CONFIRM CONFIRM |
| inteno -- inteno | Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.) | 2017-07-17 | not yet calculated | CVE-2017-11361 MISC |
| jasig_phpcas -- jasig_phpcas | Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. | 2017-07-17 | not yet calculated | CVE-2017-1000071 BID CONFIRM CONFIRM |
| jenkins -- jenkins | The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not removed afterwards. Jenkins now deletes the backup directory, if present. Upgrading from before 1.498 will no longer create a backup directory. Administrators relying on file access permissions in their manually created backups are advised to check them for the directory $JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups, and delete it if present. | 2017-07-17 | not yet calculated | CVE-2017-1000362 CONFIRM |
| juniper_networks -- junos_os | Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50. | 2017-07-17 | not yet calculated | CVE-2017-2314 SECTRACK CONFIRM |
| juniper_networks -- junos_os | An insufficient authentication vulnerability on platforms where Junos OS instances are run in a virtualized environment, may allow unprivileged users on the Junos OS instance to gain access to the host operating environment, and thus escalate privileges. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D40 on QFX5110, QFX5200, QFX10002, QFX10008, QFX10016, EX4600 and NFX250; 15.1 prior to 15.1R5 on EX4600; 15.1X49 prior to 15.1X49-D70 on vSRX, SRX1500, SRX4100, SRX4200; 16.1 prior to 16.1R2 on EX4600, ACX5000 series. This issue does not affect vMX. No other Juniper Networks products or platforms are affected by this issue. | 2017-07-17 | not yet calculated | CVE-2017-2341 SECTRACK CONFIRM |
| juniper_networks -- junos_os | An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 15.1X53 prior to 15.1X53-D47, 15.1 prior to 15.1R3. Junos versions prior to 15.1 are not affected. No other Juniper Networks products or platforms are affected by this issue. | 2017-07-17 | not yet calculated | CVE-2017-10603 SECTRACK CONFIRM |
| juniper_networks -- junos_os | The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of "Status: Connected" will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue. | 2017-07-17 | not yet calculated | CVE-2017-2343 SECTRACK CONFIRM |
| juniper_networks -- junos_os | A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X46-D50; 12.1X47 prior to 12.1X47-D30, 12.1X47-D35; 12.3X48 prior to 12.3X48-D20, 12.3X48-D30; 15.1X49 prior to 15.1X49-D20, 15.1X49-D30. | 2017-07-17 | not yet calculated | CVE-2017-2349 SECTRACK CONFIRM |
| juniper_networks -- junos_os | A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs from running on Junos OS. There are no known exploit vectors utilizing signed binaries shipped with Junos OS itself. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. No other Juniper Networks products or platforms are affected by this issue. | 2017-07-17 | not yet calculated | CVE-2017-2344 BID SECTRACK CONFIRM |
| juniper_networks -- junos_os | MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series does not report errors when a secure link can not be established. It falls back to an unencrypted link. This can happen when MACsec is configured on ports that are not capable of MACsec or when a secure link can not be established. This can mislead customers into believing that a link is secure. On SRX 300 series devices, prior to 15.1X49-D100, MACsec was only supported on control and fabric ports of SRX340 and SRX345 devices. SRX300 and and SRX320 did not have any MACsec capable ports. Configuring MACsec on ports that were not MACsec capable would have resulted in this issue. Affected releases are Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D100 on SRX300 series. | 2017-07-17 | not yet calculated | CVE-2017-2342 SECTRACK CONFIRM |
| juniper_networks -- junos_os | On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition. Additionally, it may be possible to craft a malicious SNMP packet in a way that can result in remote code execution. SNMP is disabled in Junos OS by default. Junos OS devices with SNMP disabled are not affected by this issue. No other Juniper Networks products or platforms are affected by this issue. NOTE: This is a different issue than Cisco CVE-2017-6736, CVE-2017-6737, and CVE-2017-6738. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100, 15.1X49-D110; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2, 16.2R3; 17.1 prior to 17.1R1-S3, 17.1R2, 17.1R3; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. Junos releases prior to 10.2 are not affected. | 2017-07-17 | not yet calculated | CVE-2017-2345 BID SECTRACK CONFIRM |
| juniper_networks -- junos_os | When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mode, and a cluster sync or failover operation occurs, then there will be errors associated with synch or failover while the root account is locked out. Administrators can confirm if the root account is locked out via the following command root@device> show system login lockout user root User Lockout start Lockout end root 1995-01-01 01:00:01 PDT 1995-11-01 01:31:01 PDT Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D65 on SRX series; 12.3X48 prior to 12.3X48-D45 on SRX series; 15.1X49 prior to 15.1X49-D75 on SRX series. | 2017-07-17 | not yet calculated | CVE-2017-10604 SECTRACK CONFIRM |
| juniper_networks -- junos_os | A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. Repeated crashes of the rpd daemon can result in an extended denial of service condition for the device. The affected releases are Junos OS 12.3X48 prior to 12.3X48-D50, 12.3X48-D55; 13.3 prior to 13.3R10; 14.1 prior to 14.1R4-S13, 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D42, 14.1X53-D50; 14.2 prior to 14.2R4-S8, 14.2R7-S6, 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F5-S7, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5-S1, 15.1R6; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D105, 15.1X53-D47, 15.1X53-D62, 15.1X53-D70; 16.1 prior to 16.1R3-S3, 16.1R4. No other Juniper Networks products or platforms are affected by this issue. | 2017-07-17 | not yet calculated | CVE-2017-2347 SECTRACK CONFIRM |
| juniper_networks -- junos_os | On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). Repeated crashes of the flowd process may constitute an extended denial of service condition for the device(s). If the device is configured in high-availability, the RG1+ (data-plane) will fail-over to the secondary node. If the device is configured in stand-alone, there will be temporary traffic interruption until the flowd process is restored automatically. Sustained crafted packets may cause the secondary failover node to fail back, or fail completely, potentially halting flowd on both nodes of the cluster or causing flip-flop failovers to occur. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67 on vSRX or SRX Series; 12.3X48 prior to 12.3X48-D50 on vSRX or SRX Series; 15.1X49 prior to 15.1X49-D91, 15.1X49-D100 on vSRX or SRX Series. | 2017-07-17 | not yet calculated | CVE-2017-10605 SECTRACK CONFIRM |
| juniper_networks -- junos_os | A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS 14.1X53; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1F6, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D47, 15.1X53-D70. This issue does not affect Junos 14.1 or prior releases. No other Juniper Networks products or platforms are affected by this issue. | 2017-07-17 | not yet calculated | CVE-2017-10602 SECTRACK CONFIRM |
| juniper_networks -- junos_os | An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). Repeated crashes of the Service PC can result in an extended denial of service condition. The issue can be seen only if NAT or stateful-firewall rules are configured with ALGs enabled. This issue was caused by the code change for PR 1182910 in Junos OS 14.1X55-D30, 14.1X55-D35, 14.2R7, 15.1R5, and 16.1R2. No other versions of Junos OS and no other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS on MX platforms running: 14.1X55 from 14.1X55-D30 to releases prior to 14.1X55-D35; 14.2R from 14.2R7 to releases prior to 14.2R7-S4, 14.2R8; 15.1R from 15.1R5 to releases prior to 15.1R5-S2, 15.1R6; 16.1R from 16.1R2 to releases prior to 16.1R3-S2, 16.1R4. | 2017-07-17 | not yet calculated | CVE-2017-2346 SECTRACK CONFIRM |
| juniper_networks -- junos_os | The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd daemon can result in a denial of service as DHCP service is interrupted. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 14.1X53 prior to 14.1X53-D12, 14.1X53-D38, 14.1X53-D40 on QFX, EX, QFabric System; 15.1 prior to 15.1F2-S18, 15.1R4 on all products and platforms; 15.1X49 prior to 15.1X49-D80 on SRX; 15.1X53 prior to 15.1X53-D51, 15.1X53-D60 on NFX, QFX, EX. | 2017-07-17 | not yet calculated | CVE-2017-2348 SECTRACK CONFIRM |
| juniper_networks -- junos_os | A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2. | 2017-07-17 | not yet calculated | CVE-2017-10601 SECTRACK CONFIRM |
kaspersky -- anti-virus_for_linux_file_server | There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | 2017-07-17 | not yet calculated | CVE-2017-9810 MISC FULLDISC BID SECTRACK MISC |
| kaspersky -- anti-virus_for_linux_file_server | The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges. | 2017-07-17 | not yet calculated | CVE-2017-9812 MISC FULLDISC BID SECTRACK MISC |
| kaspersky -- anti-virus_for_linux_file_server | In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS). | 2017-07-17 | not yet calculated | CVE-2017-9813 MISC FULLDISC BID SECTRACK MISC |
| kaspersky -- anti-virus_for_linux_file_server | The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root. | 2017-07-17 | not yet calculated | CVE-2017-9811 MISC FULLDISC BID SECTRACK MISC |
| koha -- koha | Multiple cross-site request forgery (CSRF) vulnerabilities in Koha Libraries 3.20.x before 3.20.1, 3.14.x before 3.14.16, 3.16.x before 3.16.12 allow remote attackers to (1) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via the addshelf parameter to opac-shelves.pl, (2) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via an unspecified list name parameter to opac-addbybiblionumber.pl, (3) hijack the authentication of library administrator users for requests that execute arbitrary web script or HTML via virtualshelves/shelves.pl when a shelf name contains web script or HTML, or (4) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that execute arbitrary web script or HTML by adding a biblio to a list whose name contains web script or HTML. | 2017-07-21 | not yet calculated | CVE-2015-4639 CONFIRM |
| lenovo -- connect2 | In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems. | 2017-07-17 | not yet calculated | CVE-2017-3742 CONFIRM |
| lenovo --notebook | Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code. | 2017-07-17 | not yet calculated | CVE-2017-3754 CONFIRM |
| libinfinity -- libinfinity | libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. | 2017-07-21 | not yet calculated | CVE-2015-3886 MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| libmspack -- libmspack | The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. | 2017-07-18 | not yet calculated | CVE-2017-11423 MISC MISC |
| libsass -- libsass | There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | 2017-07-22 | not yet calculated | CVE-2017-11555 MISC |
| libsass -- libsass | There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. | 2017-07-22 | not yet calculated | CVE-2017-11556 MISC |
| libsass -- libsass | There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | 2017-07-22 | not yet calculated | CVE-2017-11554 MISC MISC |
| linux -- linux_kernel | selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. | 2017-07-21 | not yet calculated | CVE-2015-3170 CONFIRM |
| linux -- linux_kernel | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | 2017-07-21 | not yet calculated | CVE-2015-5300 CONFIRM FEDORA FEDORA FEDORA SUSE SUSE SUSE SUSE SUSE SUSE SUSE SUSE REDHAT MLIST CONFIRM CONFIRM DEBIAN CONFIRM BID SECTRACK UBUNTU CONFIRM CONFIRM MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MISC FREEBSD CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. | 2017-07-20 | not yet calculated | CVE-2017-11472 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | 2017-07-21 | not yet calculated | CVE-2015-5219 CONFIRM CONFIRM FEDORA FEDORA FEDORA SUSE SUSE REDHAT REDHAT DEBIAN MLIST BID UBUNTU CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. | 2017-07-21 | not yet calculated | CVE-2015-5194 CONFIRM FEDORA FEDORA SUSE SUSE SUSE REDHAT REDHAT DEBIAN MLIST BID UBUNTU CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. | 2017-07-21 | not yet calculated | CVE-2015-5195 FEDORA FEDORA FEDORA REDHAT REDHAT DEBIAN MLIST BID UBUNTU CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. | 2017-07-20 | not yet calculated | CVE-2017-11473 CONFIRM |
| linux -- linux_kernel | The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. | 2017-07-21 | not yet calculated | CVE-2017-7542 CONFIRM CONFIRM |
| linux -- linux | Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line. | 2017-07-17 | not yet calculated | CVE-2017-1000363 BID MISC |
| ljharb -- ljharb | the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash. | 2017-07-17 | not yet calculated | CVE-2017-1000048 CONFIRM |
| mautic -- mautic | Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking | 2017-07-17 | not yet calculated | CVE-2017-1000045 MISC |
| memcached -- memcached | The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705. | 2017-07-17 | not yet calculated | CVE-2017-9951 MISC MISC MISC |
| metinfo -- metinfo | Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php. | 2017-07-17 | not yet calculated | CVE-2017-11347 MISC |
| metinfo -- metinfo | Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action. | 2017-07-19 | not yet calculated | CVE-2017-9764 MISC |
| metinfo -- metinfo | A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | 2017-07-20 | not yet calculated | CVE-2017-11500 MISC |
| microsec -- e-szigno | Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. | 2017-07-21 | not yet calculated | CVE-2015-3931 MISC MISC BID MISC MISC MISC |
| microsoft -- scripting_engine | A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability." | 2017-07-17 | not yet calculated | CVE-2017-0028 CONFIRM |
| nancyfx_nancy -- nancyfx_nancy | Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie. | 2017-07-20 | not yet calculated | CVE-2017-9785 CONFIRM |
netapp -- clustered_data_ontap | NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line. | 2017-07-17 | not yet calculated | CVE-2017-7947 CONFIRM |
| netlock -- mokka | Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. | 2017-07-21 | not yet calculated | CVE-2015-3932 MISC MISC BID MISC MISC |
| nixos -- nixos | NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf. | 2017-07-20 | not yet calculated | CVE-2017-11501 CONFIRM CONFIRM CONFIRM |
octopus_deploy -- octopus_deploy | In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value. | 2017-07-17 | not yet calculated | CVE-2017-11348 CONFIRM |
| openldap -- openldap | /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it. | 2017-07-17 | not yet calculated | CVE-2016-4984 CONFIRM |
| openmpt -- openmpt | soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples. | 2017-07-17 | not yet calculated | CVE-2017-11311 CONFIRM CONFIRM CONFIRM CONFIRM |
| orientdb -- orientdb | OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request. | 2017-07-19 | not yet calculated | CVE-2017-11467 MISC MISC |
| owncloud -- owncloud_server | Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue. | 2017-07-17 | not yet calculated | CVE-2017-9338 BID CONFIRM |
| owncloud -- owncloud_server | A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. | 2017-07-17 | not yet calculated | CVE-2017-9339 CONFIRM |
| owncloud -- owncloud_server | An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. | 2017-07-17 | not yet calculated | CVE-2017-9340 MISC CONFIRM |
| owncloud -- owncloud_server | ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters. | 2017-07-17 | not yet calculated | CVE-2017-8896 BID MISC CONFIRM |
| phamm -- phamm | XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. | 2017-07-20 | not yet calculated | CVE-2017-0378 CONFIRM CONFIRM CONFIRM CONFIRM |
| phicomm_k2 -- phicomm_k2 | PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action. | 2017-07-20 | not yet calculated | CVE-2017-11495 MISC |
| phpmailer -- phpmailer | PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. | 2017-07-20 | not yet calculated | CVE-2017-11503 BID MISC MISC |
| phpmyadmin -- phpmyadmin | A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. | 2017-07-17 | not yet calculated | CVE-2017-1000016 CONFIRM |
| phpmybackuppro -- phpmybackuppro | phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts. | 2017-07-21 | not yet calculated | CVE-2015-3640 MLIST SECTRACK |
| phpmybackuppro -- phpmybackuppro | phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. | 2017-07-21 | not yet calculated | CVE-2015-3638 MLIST MLIST SECTRACK |
| phpmybackuppro -- phpmybackuppro | phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. | 2017-07-21 | not yet calculated | CVE-2015-3639 MLIST MLIST SECTRACK |
| phpsocial -- phpsocial | phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI. | 2017-07-19 | not yet calculated | CVE-2017-10801 MISC MISC |
| plotly -- plotly | Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue. | 2017-07-17 | not yet calculated | CVE-2017-1000006 CONFIRM |
| print-lldp.c -- print-lldp.c | tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. | 2017-07-22 | not yet calculated | CVE-2017-11541 MISC |
| print-pim.c -- print-pim.c | tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. | 2017-07-22 | not yet calculated | CVE-2017-11542 MISC |
| print-sl.c -- print-sl.c | tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. | 2017-07-22 | not yet calculated | CVE-2017-11543 MISC |
| print-sl.c:229:3 -- print-sl.c:229:3 | tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:229:3. | 2017-07-22 | not yet calculated | CVE-2017-11544 MISC |
| print-sl.c:253:34 -- print-sl.c:253:34 | tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:253:34. | 2017-07-22 | not yet calculated | CVE-2017-11545 MISC |
| redcap -- redcap | REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. | 2017-07-18 | not yet calculated | CVE-2017-10961 MISC MISC |
| redcap -- redcap | REDCap before 7.5.1 has XSS via the query string. | 2017-07-18 | not yet calculated | CVE-2017-10962 MISC MISC |
| redhat -- wildfly | The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL. | 2017-07-21 | not yet calculated | CVE-2015-3198 CONFIRM MISC CONFIRM MISC |
| resiprocate -- resiprocate | The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections. | 2017-07-22 | not yet calculated | CVE-2017-11521 CONFIRM |
rkhunter -- rkhunter | rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. | 2017-07-21 | not yet calculated | CVE-2017-7480 MLIST |
| ruby -- ruby | The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism. | 2017-07-19 | not yet calculated | CVE-2017-11465 MISC MISC |
| rvm -- rvm | RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD resulting in code execution RVM automatically installs gems as specified by files in $PWD resulting in code execution RVM automatically does "bundle install" on a Gemfile specified by .versions.conf in $PWD resulting in code execution | 2017-07-17 | not yet calculated | CVE-2017-1000037 MISC |
| shoco -- shoco | The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data. | 2017-07-17 | not yet calculated | CVE-2017-11367 MISC |
| shotwell -- shotwell | Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to a information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission | 2017-07-17 | not yet calculated | CVE-2017-1000024 MLIST |
| sony -- wg-c10 | Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | 2017-07-21 | not yet calculated | CVE-2017-2276 MISC JVN |
| sony -- wg-c10 | WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 2017-07-21 | not yet calculated | CVE-2017-2275 MISC JVN |
| sony -- wg-c10 | WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. | 2017-07-21 | not yet calculated | CVE-2017-2277 MISC JVN |
| spice -- spice | spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. | 2017-07-18 | not yet calculated | CVE-2017-7506 MLIST BID CONFIRM |
| subsonic -- subsonic | Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view. | 2017-07-21 | not yet calculated | CVE-2017-9415 EXPLOIT-DB |
| technicolor -- dpc3928ad_docsis | Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321. | 2017-07-20 | not yet calculated | CVE-2017-11502 MISC |
televes -- coaxdata_gateway | Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. | 2017-07-20 | not yet calculated | CVE-2017-6530 MISC MISC |
| televes -- coaxdata_gateway | On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, the backup/restore feature lacks access control, related to ReadFile.cgi and LoadCfgFile. | 2017-07-20 | not yet calculated | CVE-2017-6531 MISC MISC |
| televes -- coaxdata_gateway | Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 have cleartext credentials in /mib.db. | 2017-07-20 | not yet calculated | CVE-2017-6532 MISC MISC |
| testtrack_server -- testtrack_server | TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field. | 2017-07-17 | not yet calculated | CVE-2017-1000068 MISC |
| tp-link_archer -- tp-link_archer | passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511. | 2017-07-21 | not yet calculated | CVE-2017-11519 MISC MISC |
| txaws -- txaws | txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. | 2017-07-17 | not yet calculated | CVE-2017-1000007 CONFIRM |
| wordpress -- wordpress | The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables. | 2017-07-21 | not yet calculated | CVE-2015-3421 BID MISC |
xmlsec -- xmlsec | xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service | 2017-07-17 | not yet calculated | CVE-2017-1000061 CONFIRM |
yadm -- yadm | yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys. | 2017-07-17 | not yet calculated | CVE-2017-11353 CONFIRM CONFIRM |
| yara -- yara | Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. | 2017-07-17 | not yet calculated | CVE-2017-11328 CONFIRM |
| yii-framework -- yii-framework | An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. | 2017-07-21 | not yet calculated | CVE-2017-11516 CONFIRM CONFIRM |
zoho_manageengine_desktop_central -- zoho_manageengine_desktop_central | Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. | 2017-07-17 | not yet calculated | CVE-2017-11346 CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.