Vulnerability Summary for the Week of September 25, 2017
Released
Oct 02, 2017
Document ID
SB17-275
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| google -- android | drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. | 2017-09-25 | 7.6 | CVE-2016-5868 BID CONFIRM CONFIRM |
| ibm -- business_process_manager | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156. | 2017-09-26 | 7.5 | CVE-2017-1527 CONFIRM BID MISC |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. | 2017-09-22 | 7.2 | CVE-2017-6268 CONFIRM BID |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges. | 2017-09-22 | 7.2 | CVE-2017-6269 CONFIRM BID |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges. | 2017-09-22 | 7.2 | CVE-2017-6277 CONFIRM BID |
| sam2p_project -- sam2p | Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element. | 2017-09-22 | 7.5 | CVE-2017-14636 MISC |
| sam2p_project -- sam2p | In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address. | 2017-09-22 | 7.5 | CVE-2017-14637 MISC |
| schneider-electric -- u.motion_builder | A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. | 2017-09-25 | 7.5 | CVE-2017-7973 CONFIRM BID |
| schneider-electric -- u.motion_builder | A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files. | 2017-09-25 | 7.5 | CVE-2017-7974 CONFIRM BID |
| schneider-electric -- u.motion_builder | An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass | 2017-09-25 | 7.5 | CVE-2017-9956 CONFIRM BID |
| schneider-electric -- u.motion_builder | A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials. | 2017-09-25 | 7.5 | CVE-2017-9957 CONFIRM BID |
| schneider-electric -- u.motion_builder | An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. | 2017-09-25 | 7.2 | CVE-2017-9958 CONFIRM BID |
| trendmicro -- mobile_security | SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 2017-09-22 | 10.0 | CVE-2017-14078 BID MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC CONFIRM |
| trendmicro -- mobile_security | Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | 2017-09-22 | 7.5 | CVE-2017-14080 MISC CONFIRM |
| trendmicro -- web_security_virtual_appliance | Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections. | 2017-09-22 | 9.0 | CVE-2017-11396 CONFIRM |
| xceedium -- xsuite | Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0. | 2017-09-25 | 7.5 | CVE-2015-4667 MISC BUGTRAQ EXPLOIT-DB |
| xceedium -- xsuite | The MySQL "root" user in Xsuite 2.3.0 and 2.4.3.0 does not have a password set, which allows local users to access databases on the system. | 2017-09-25 | 7.2 | CVE-2015-4669 MISC BUGTRAQ EXPLOIT-DB |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- struts | Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20. | 2017-09-25 | 4.3 | CVE-2015-5169 JVN JVNDB BID CONFIRM CONFIRM |
| artifex -- mupdf | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded. | 2017-09-22 | 6.8 | CVE-2017-14685 MISC MISC MISC |
| artifex -- mupdf | Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. | 2017-09-22 | 6.8 | CVE-2017-14686 MISC MISC MISC |
| artifex -- mupdf | Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons. | 2017-09-22 | 6.8 | CVE-2017-14687 MISC MISC MISC |
| foxitsoftware -- foxit_reader | Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f." | 2017-09-22 | 4.6 | CVE-2017-14694 BID MISC |
| geminabox_project -- geminabox | geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. | 2017-09-25 | 6.8 | CVE-2017-14683 MISC MISC |
| genixcms -- genixcms | In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter. | 2017-09-27 | 4.3 | CVE-2017-14761 MISC |
| genixcms -- genixcms | In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter. | 2017-09-27 | 4.3 | CVE-2017-14762 MISC |
| genixcms -- genixcms | In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme. | 2017-09-27 | 6.5 | CVE-2017-14763 MISC |
| genixcms -- genixcms | In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. | 2017-09-27 | 6.5 | CVE-2017-14764 MISC |
| genixcms -- genixcms | In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request. | 2017-09-27 | 4.3 | CVE-2017-14765 MISC |
| gnu -- binutils | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | 2017-09-25 | 6.8 | CVE-2017-14729 MISC MISC MISC MISC |
| gnu -- binutils | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | 2017-09-26 | 6.8 | CVE-2017-14745 CONFIRM |
| graphicsmagick -- graphicsmagick | ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | 2017-09-25 | 4.3 | CVE-2017-14733 CONFIRM CONFIRM |
| ibm -- business_process_manager | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807. | 2017-09-26 | 6.5 | CVE-2017-1539 CONFIRM BID MISC |
| ibm -- websphere_mq | IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914. | 2017-09-25 | 4.0 | CVE-2017-1235 CONFIRM BID MISC |
| imagemagick -- imagemagick | The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. | 2017-09-25 | 5.0 | CVE-2017-14739 CONFIRM |
| imagemagick -- imagemagick | The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. | 2017-09-25 | 4.3 | CVE-2017-14741 CONFIRM |
| irfanview -- irfanview | IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613." | 2017-09-22 | 4.6 | CVE-2017-14693 MISC |
| libbpg_project -- libbpg | The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1. | 2017-09-25 | 6.8 | CVE-2017-14734 MISC |
| libbpg_project -- libbpg | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg. | 2017-09-27 | 6.8 | CVE-2017-14795 MISC |
| libbpg_project -- libbpg | The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg. | 2017-09-27 | 6.8 | CVE-2017-14796 MISC |
| libofx_project -- libofx | ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. | 2017-09-25 | 4.3 | CVE-2017-14731 MISC |
| nvidia -- gpu_driver | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service. | 2017-09-22 | 4.9 | CVE-2017-6266 CONFIRM BID |
| nvidia -- gpu_driver | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. | 2017-09-22 | 4.9 | CVE-2017-6267 CONFIRM BID |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service. | 2017-09-22 | 4.9 | CVE-2017-6270 CONFIRM BID |
| nvidia -- gpu_driver | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service. | 2017-09-22 | 4.9 | CVE-2017-6271 CONFIRM BID |
| schneider-electric -- citect_anywhere | A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack. | 2017-09-25 | 6.8 | CVE-2017-7969 CONFIRM BID CONFIRM |
| schneider-electric -- citect_anywhere | A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | 2017-09-25 | 4.0 | CVE-2017-7971 CONFIRM BID CONFIRM |
| schneider-electric -- citect_anywhere | A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes. | 2017-09-25 | 5.2 | CVE-2017-7972 CONFIRM BID CONFIRM |
| schneider-electric -- u.motion_builder | A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition. | 2017-09-25 | 4.9 | CVE-2017-9959 CONFIRM BID |
| schneider-electric -- u.motion_builder | An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user. | 2017-09-25 | 5.0 | CVE-2017-9960 CONFIRM BID |
| stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917." | 2017-09-22 | 4.4 | CVE-2017-14688 MISC |
| stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e." | 2017-09-22 | 4.6 | CVE-2017-14689 MISC |
| stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7." | 2017-09-22 | 4.6 | CVE-2017-14690 MISC |
| stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a." | 2017-09-22 | 4.6 | CVE-2017-14691 MISC |
| stdutility -- stdu_viewer | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b." | 2017-09-22 | 4.4 | CVE-2017-14692 MISC |
| theforeman -- foreman | Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. | 2017-09-25 | 4.3 | CVE-2015-5282 CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
| trendmicro -- mobile_security | Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 2017-09-22 | 6.5 | CVE-2017-14079 BID MISC MISC MISC MISC CONFIRM |
| trendmicro -- mobile_security | Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. | 2017-09-22 | 6.5 | CVE-2017-14081 BID MISC MISC CONFIRM |
| trendmicro -- smart_protection_server | Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations. | 2017-09-22 | 6.5 | CVE-2017-11395 MISC BID CONFIRM |
| weechat -- logger | logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized. | 2017-09-23 | 5.0 | CVE-2017-14727 BID CONFIRM CONFIRM CONFIRM |
| wordpress -- wordpress | Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. | 2017-09-23 | 4.3 | CVE-2017-14718 BID MISC MISC |
| wordpress -- wordpress | Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components. | 2017-09-23 | 5.0 | CVE-2017-14719 BID MISC MISC MISC |
| wordpress -- wordpress | Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. | 2017-09-23 | 4.3 | CVE-2017-14720 BID MISC MISC |
| wordpress -- wordpress | Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. | 2017-09-23 | 4.3 | CVE-2017-14721 BID MISC MISC |
| wordpress -- wordpress | Before version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename. | 2017-09-23 | 5.0 | CVE-2017-14722 BID MISC MISC MISC |
| wordpress -- wordpress | Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | 2017-09-23 | 4.3 | CVE-2017-14724 BID MISC MISC MISC |
| wordpress -- wordpress | Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. | 2017-09-23 | 4.3 | CVE-2017-14726 BID MISC MISC MISC |
| xceedium -- xsuite | Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | 2017-09-25 | 5.8 | CVE-2015-4668 MISC BUGTRAQ EXPLOIT-DB |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| geminabox_project -- geminabox | geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. | 2017-09-25 | 3.5 | CVE-2017-14506 MISC MISC |
| ibm -- business_process_manager | IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461. | 2017-09-25 | 1.9 | CVE-2017-1346 CONFIRM BID MISC |
| ibm -- business_process_manager | IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477. | 2017-09-25 | 3.5 | CVE-2017-1424 CONFIRM BID MISC |
| ibm -- business_process_manager | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409. | 2017-09-26 | 3.5 | CVE-2017-1530 CONFIRM BID MISC |
| ibm -- business_process_manager | IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410. | 2017-09-26 | 3.5 | CVE-2017-1531 CONFIRM BID MISC |
| ibm -- security_identity_manager | IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801. | 2017-09-25 | 2.1 | CVE-2017-1362 CONFIRM BID MISC |
| linux -- linux_kernel | The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. | 2017-09-26 | 2.1 | CVE-2017-1000252 CONFIRM CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. | 2017-09-26 | 3.6 | CVE-2017-12154 CONFIRM BID CONFIRM CONFIRM CONFIRM |
| schneider-electric -- citect_anywhere | A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components. | 2017-09-25 | 3.3 | CVE-2017-7970 CONFIRM BID CONFIRM |
| telaxius -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | 2017-09-22 | 3.5 | CVE-2017-14712 MISC |
| telaxius -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. | 2017-09-22 | 3.5 | CVE-2017-14713 MISC |
| telaxius -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | 2017-09-22 | 3.5 | CVE-2017-14714 MISC |
| telaxius -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. | 2017-09-22 | 3.5 | CVE-2017-14715 MISC |
| telaxius -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. | 2017-09-22 | 3.5 | CVE-2017-14716 MISC |
| telaxius -- epesi | In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter. | 2017-09-22 | 3.5 | CVE-2017-14717 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| antisamy_project -- antisamy | OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. | 2017-09-25 | not yet calculated | CVE-2017-14735 CONFIRM |
| apache -- geode | When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view. | 2017-09-29 | not yet calculated | CVE-2017-9794 MLIST |
| apache -- mesos | When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. | 2017-09-28 | not yet calculated | CVE-2017-9790 BID MLIST |
| apache -- mesos | When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. | 2017-09-28 | not yet calculated | CVE-2017-7687 BID MLIST |
| apache -- tika | Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175. | 2017-09-29 | not yet calculated | CVE-2016-4434 BUGTRAQ MLIST |
| apache -- xerces | During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1. | 2017-09-27 | not yet calculated | CVE-2017-12621 BID SECTRACK CONFIRM MLIST |
| appstudio -- appstudio | The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints. | 2017-09-28 | not yet calculated | CVE-2017-7553 CONFIRM |
| arcsight -- arcsight_esm | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function. | 2017-09-29 | not yet calculated | CVE-2017-13988 BID CONFIRM |
| arcsight -- arcsight_esm | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | 2017-09-29 | not yet calculated | CVE-2017-13990 BID CONFIRM |
| arcsight -- arcsight_esm | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | 2017-09-29 | not yet calculated | CVE-2017-13989 BID CONFIRM |
| arcsight -- arcsight_esm | A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | 2017-09-29 | not yet calculated | CVE-2017-13986 BID CONFIRM |
| arcsight -- arcsight_esm | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | 2017-09-29 | not yet calculated | CVE-2017-13991 BID CONFIRM |
| arcsight -- arcsight_esm | An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | 2017-09-29 | not yet calculated | CVE-2017-13987 BID CONFIRM |
| artifex -- gsview | Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068." | 2017-09-29 | not yet calculated | CVE-2017-14945 CONFIRM |
| artifex -- gsview | Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e." | 2017-09-29 | not yet calculated | CVE-2017-14946 CONFIRM |
| artifex -- gsview | Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359." | 2017-09-29 | not yet calculated | CVE-2017-14947 CONFIRM |
| blizzard -- overwatch | Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match. | 2017-09-26 | not yet calculated | CVE-2017-14748 MISC MISC |
| botan -- botan | A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key. | 2017-09-25 | not yet calculated | CVE-2017-14737 MISC MISC |
| branagh_information_group -- ers_data_system | ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization. | 2017-09-29 | not yet calculated | CVE-2017-14702 MISC |
| broadcom -- bcm4355c0_wi-fi_chips | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205. | 2017-09-27 | not yet calculated | CVE-2017-11121 MISC BID MISC APPLE APPLE CONFIRM CONFIRM CONFIRM |
| broadcom -- bcm4355c0_wi-fi_chips | On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204. | 2017-09-27 | not yet calculated | CVE-2017-11120 MISC BID MISC APPLE APPLE CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
| cash_back_comparison_script -- cash_back_comparison_script | SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | 2017-09-26 | not yet calculated | CVE-2017-14703 EXPLOIT-DB |
| cisco -- ios | A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179. | 2017-09-28 | not yet calculated | CVE-2017-12235 BID SECTRACK CONFIRM |
| cisco -- ios | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277. | 2017-09-28 | not yet calculated | CVE-2017-12237 BID SECTRACK CONFIRM |
| cisco -- ios | The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959. | 2017-09-28 | not yet calculated | CVE-2017-12240 BID SECTRACK CONFIRM CONFIRM CONFIRM |
| cisco -- ios | Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334. | 2017-09-28 | not yet calculated | CVE-2017-12233 BID SECTRACK CONFIRM |
| cisco -- ios | A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809. | 2017-09-28 | not yet calculated | CVE-2017-12232 BID SECTRACK CONFIRM |
| cisco -- ios | A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132. | 2017-09-28 | not yet calculated | CVE-2017-12239 BID SECTRACK SECTRACK CONFIRM |
| cisco -- ios | A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217. | 2017-09-28 | not yet calculated | CVE-2017-12231 BID SECTRACK CONFIRM |
| cisco -- ios | Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). | 2017-09-25 | not yet calculated | CVE-2010-3050 CISCO |
| cisco -- ios | A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008. | 2017-09-28 | not yet calculated | CVE-2017-12236 BID SECTRACK CONFIRM |
| cisco -- ios | Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709. | 2017-09-28 | not yet calculated | CVE-2017-12234 BID SECTRACK CONFIRM |
| cisco -- ios | A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069. | 2017-09-28 | not yet calculated | CVE-2017-12222 BID SECTRACK CONFIRM |
| cisco -- ios | A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuz46036. | 2017-09-28 | not yet calculated | CVE-2017-12229 BID SECTRACK CONFIRM |
| cisco -- ios | A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062. | 2017-09-28 | not yet calculated | CVE-2017-12230 BID SECTRACK CONFIRM |
| cisco -- ios | A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927. | 2017-09-28 | not yet calculated | CVE-2017-12238 BID SECTRACK CONFIRM |
| cisco -- ios | Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). | 2017-09-25 | not yet calculated | CVE-2010-3049 CISCO |
| cisco -- ios | The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. | 2017-09-25 | not yet calculated | CVE-2011-4667 CISCO CISCO |
| cisco -- ios | A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device. This vulnerability affects the following Cisco products if they are running Cisco IOS XE Software Release 3.7.0E, 3.7.1E, 3.7.2E, 3.7.3E, 3.7.4E, or 3.7.5E: Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, Cisco New Generation Wireless Controllers (NGWC) 3850. Cisco Bug IDs: CSCvd73746. | 2017-09-28 | not yet calculated | CVE-2017-12226 BID SECTRACK SECTRACK CONFIRM |
| cisco -- ios | A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171. | 2017-09-28 | not yet calculated | CVE-2017-12228 SECTRACK CONFIRM |
| citrix -- citrix_web_interface | Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter. | 2017-09-27 | not yet calculated | CVE-2015-7349 MISC CONFIRM CONFIRM |
| citrix -- netscaler_application_delivery_controller_and_netscaler_gateway | A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. | 2017-09-26 | not yet calculated | CVE-2017-14602 BID CONFIRM |
| claydip -- laravel_airbnb_clone | Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | 2017-09-26 | not yet calculated | CVE-2017-14704 EXPLOIT-DB |
| comicsmart -- ganma! | GANMA! App for iOS does not verify SSL certificates. | 2017-09-25 | not yet calculated | CVE-2015-7785 JVN JVNDB |
| cyberlink -- labelprint | Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file. | 2017-09-23 | not yet calculated | CVE-2017-14627 MISC EXPLOIT-DB |
| debian -- fso | The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. | 2017-09-25 | not yet calculated | CVE-2014-8156 MLIST BID XF |
| debian -- inspircd | inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836. | 2017-09-25 | not yet calculated | CVE-2012-6696 DEBIAN MLIST CONFIRM |
| devscripts -- devscripts | scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | 2017-09-25 | not yet calculated | CVE-2015-5704 FEDORA FEDORA MLIST BID CONFIRM CONFIRM CONFIRM |
| digium -- asterisk_gui | An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program. | 2017-09-25 | not yet calculated | CVE-2017-14001 BID MISC |
| egroupware -- egroupware _community_edition | Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. | 2017-09-29 | not yet calculated | CVE-2017-14920 MISC MISC |
| elastic -- x-pack_security | An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index. | 2017-09-28 | not yet calculated | CVE-2017-8447 MISC |
| elasticsearch -- elastic_cloud_enterprise | The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data. | 2017-09-28 | not yet calculated | CVE-2017-8444 MISC |
| elasticsearch -- kibana | Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 2017-09-28 | not yet calculated | CVE-2017-11479 MISC |
| elasticsearch -- x-pack_alerting | An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges. | 2017-09-28 | not yet calculated | CVE-2017-8448 MISC |
| exiv2 -- exiv2 | An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2017-09-28 | not yet calculated | CVE-2017-14862 MISC |
| exiv2 -- exiv2 | There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | 2017-09-28 | not yet calculated | CVE-2017-14858 MISC |
| exiv2 -- exiv2 | There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | 2017-09-28 | not yet calculated | CVE-2017-14866 MISC |
| exiv2 -- exiv2 | A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2017-09-28 | not yet calculated | CVE-2017-14863 MISC |
| exiv2 -- exiv2 | There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | 2017-09-28 | not yet calculated | CVE-2017-14860 MISC |
| exiv2 -- exiv2 | There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | 2017-09-28 | not yet calculated | CVE-2017-14861 MISC |
| exiv2 -- exiv2 | An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2017-09-28 | not yet calculated | CVE-2017-14864 MISC |
| exiv2 -- exiv2 | An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | 2017-09-28 | not yet calculated | CVE-2017-14859 MISC |
| exiv2 -- exiv2 | There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack. | 2017-09-28 | not yet calculated | CVE-2017-14865 MISC |
| exiv2 -- exiv2 | In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack. | 2017-09-28 | not yet calculated | CVE-2017-14857 MISC |
| eyesofnetwork -- eyesofnetwork_web_interface | Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php. | 2017-09-26 | not yet calculated | CVE-2017-14753 BID MISC |
| faleemi -- wireless-ip-camera | Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | 2017-09-26 | not yet calculated | CVE-2017-14743 MISC |
| ffmpeg -- ffmpeg | The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. | 2017-09-27 | not yet calculated | CVE-2017-14767 BID CONFIRM |
| filerun -- filerun | FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | 2017-09-29 | not yet calculated | CVE-2017-14738 MISC MISC EXPLOIT-DB |
| freeipa -- freeipa | FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. | 2017-09-27 | not yet calculated | CVE-2017-11191 MISC |
| gentoo -- gentoo | The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. | 2017-09-25 | not yet calculated | CVE-2017-14730 CONFIRM CONFIRM CONFIRM CONFIRM |
| git -- git | Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. | 2017-09-28 | not yet calculated | CVE-2017-14867 CONFIRM BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| gnu -- binutils | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | 2017-09-29 | not yet calculated | CVE-2017-14932 CONFIRM CONFIRM |
| gnu -- binutils | Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | 2017-09-29 | not yet calculated | CVE-2017-14930 CONFIRM |
| gnu -- binutils | _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. | 2017-09-29 | not yet calculated | CVE-2017-14938 MISC MISC MISC |
| gnu -- binutils | process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | 2017-09-29 | not yet calculated | CVE-2017-14934 CONFIRM CONFIRM |
| gnu -- binutils | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. | 2017-09-29 | not yet calculated | CVE-2017-14939 MISC MISC MISC |
| gnu -- binutils | read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | 2017-09-29 | not yet calculated | CVE-2017-14933 CONFIRM CONFIRM CONFIRM |
| gnu -- binutils | scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file. | 2017-09-29 | not yet calculated | CVE-2017-14940 MISC MISC MISC |
| google -- android | Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack. | 2017-09-25 | not yet calculated | CVE-2014-8889 MISC FULLDISC BUGTRAQ BID MISC |
| google -- android | WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. | 2017-09-25 | not yet calculated | CVE-2014-0997 MISC FULLDISC BUGTRAQ BID MISC EXPLOIT-DB |
| google -- android | The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. | 2017-09-29 | not yet calculated | CVE-2017-14582 MISC |
| google -- android | Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. | 2017-09-27 | not yet calculated | CVE-2015-1537 BID CONFIRM MISC |
| google -- android | ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | 2017-09-25 | not yet calculated | CVE-2015-5666 JVN JVNDB BID |
| google -- android | The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | 2017-09-27 | not yet calculated | CVE-2015-1526 BID MISC |
| google -- googlemaps | The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428. | 2017-09-27 | not yet calculated | CVE-2014-9686 FULLDISC MISC MLIST |
| hp -- hpe_sitescope | An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. | 2017-09-29 | not yet calculated | CVE-2017-14349 BID CONFIRM |
| hpe -- application_performance_management_platform | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | 2017-09-29 | not yet calculated | CVE-2017-13983 CONFIRM |
| hpe -- application_performance_management_platform | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. | 2017-09-29 | not yet calculated | CVE-2017-13985 CONFIRM |
| hpe -- application_performance_management_platform | An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. | 2017-09-29 | not yet calculated | CVE-2017-13984 CONFIRM |
| hpe -- application_performance_management_platform | A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | 2017-09-29 | not yet calculated | CVE-2017-13982 CONFIRM |
| hpe -- application_performance_management_platform | A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. | 2017-09-29 | not yet calculated | CVE-2017-14350 BID CONFIRM |
| hpe -- hp_ucmdb_configuration_manager | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. | 2017-09-29 | not yet calculated | CVE-2017-14351 CONFIRM |
| hpe -- hp_ucmdb_configuration_manager | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | 2017-09-29 | not yet calculated | CVE-2017-14352 CONFIRM |
| huawei -- s7700_and_s9700_and_s9300 | Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. | 2017-09-25 | not yet calculated | CVE-2015-7846 BID CONFIRM |
| huawei -- uap2105 | Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. | 2017-09-25 | not yet calculated | CVE-2015-6592 BID CONFIRM |
| ibm -- api_connect | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545. | 2017-09-25 | not yet calculated | CVE-2017-1555 CONFIRM BID MISC |
| ibm -- api_connect | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291. | 2017-09-25 | not yet calculated | CVE-2017-1551 CONFIRM MISC |
| ibm -- business_process_manager | IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478. | 2017-09-26 | not yet calculated | CVE-2017-1425 CONFIRM BID MISC |
| ibm -- security_identity_manager_adapters | IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621. | 2017-09-27 | not yet calculated | CVE-2017-1483 CONFIRM BID MISC |
| ibm -- security_identity_manager_virtual_appliance | IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394. | 2017-09-27 | not yet calculated | CVE-2017-1407 CONFIRM BID MISC |
| ibm -- websphere_datapower_appliances | IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2017-09-27 | not yet calculated | CVE-2017-1591 CONFIRM BID MISC |
| ibm -- websphere_portal | IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117. | 2017-09-27 | not yet calculated | CVE-2017-1577 CONFIRM BID SECTRACK MISC |
| inedo -- proget | Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | 2017-09-29 | not yet calculated | CVE-2017-14944 CONFIRM |
| intelbras -- wireless_router | Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie. | 2017-09-29 | not yet calculated | CVE-2017-14942 MISC EXPLOIT-DB |
| jerryscript -- jerryscript | JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data. | 2017-09-26 | not yet calculated | CVE-2017-14749 MISC |
| jsoup -- jsoup | Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | 2017-09-25 | not yet calculated | CVE-2015-6748 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM |
| kde -- kmail | KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | 2017-09-27 | not yet calculated | CVE-2014-8878 MLIST BID CONFIRM CONFIRM |
| kupu -- kupu | Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. | 2017-09-25 | not yet calculated | CVE-2015-7317 MLIST CONFIRM CONFIRM CONFIRM |
| laravel -- laravel | Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. | 2017-09-27 | not yet calculated | CVE-2017-14775 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. | 2017-09-25 | not yet calculated | CVE-2015-5327 MLIST CONFIRM CONFIRM |
| magento -- magento | Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field. | 2017-09-25 | not yet calculated | CVE-2015-8707 CONFIRM |
| mahara -- mahara | Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account. | 2017-09-25 | not yet calculated | CVE-2017-9551 CONFIRM CONFIRM |
| man-db -- man-db | The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | 2017-09-27 | not yet calculated | CVE-2015-1336 MISC MISC MISC MLIST BID CONFIRM MISC GENTOO |
| microsoft -- windows_app_studio | It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio. | 2017-09-28 | not yet calculated | CVE-2017-7554 CONFIRM |
| millicore -- millicore | The file editor in millicore allows files to be executed, as well as created. An attacker could use this flaw to compromise other users, or teams projects stored in source control management of the RHMAP Core installation. | 2017-09-28 | not yet calculated | CVE-2017-7552 CONFIRM |
| mojoomla -- annual_maintenance_contract_(amc)_management_system | Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling. | 2017-09-27 | not yet calculated | CVE-2017-14841 EXPLOIT-DB |
| multitech_faxfinder -- multitech_faxfinder | MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext. | 2017-09-29 | not yet calculated | CVE-2016-10512 MISC |
| node.js -- node.js | Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | 2017-09-27 | not yet calculated | CVE-2017-14849 BID CONFIRM CONFIRM |
| norton -- remove_and_reinstall | Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability. | 2017-09-27 | not yet calculated | CVE-2017-13676 BID CONFIRM |
| nvidia -- gpu_display_driver | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges. | 2017-09-22 | not yet calculated | CVE-2017-6272 CONFIRM BID |
| october_cms -- october_cms | Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | 2017-09-27 | not yet calculated | CVE-2015-5613 MLIST CONFIRM CONFIRM |
| ogaki_kyoritsu_bank -- smartphone_passbook | Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | 2017-09-26 | not yet calculated | CVE-2015-0874 JVN JVNDB BID |
| openexif -- openexif | ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file. | 2017-09-29 | not yet calculated | CVE-2017-14931 MISC MISC |
| openhpi -- openhpi | openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption). | 2017-09-26 | not yet calculated | CVE-2015-3248 FEDORA CONFIRM CONFIRM |
| opentext -- documentum_administrator | Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | 2017-09-27 | not yet calculated | CVE-2017-14524 FULLDISC CONFIRM |
| opentext -- documentum_administrator | Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. | 2017-09-27 | not yet calculated | CVE-2017-14526 FULLDISC CONFIRM |
| opentext -- documentum_webtop | Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. | 2017-09-27 | not yet calculated | CVE-2017-14527 FULLDISC CONFIRM |
| opentext -- documentum_webtop | Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | 2017-09-27 | not yet calculated | CVE-2017-14525 FULLDISC CONFIRM |
| percona -- percona_toolkit | The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL. | 2017-09-28 | not yet calculated | CVE-2015-1027 CONFIRM CONFIRM |
| percona -- percona_toolkit | The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com. | 2017-09-28 | not yet calculated | CVE-2014-2029 MLIST CONFIRM CONFIRM |
| perl -- perl | Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. | 2017-09-27 | not yet calculated | CVE-2017-12814 BID CONFIRM CONFIRM CONFIRM |
| philips -- hue_bridge | Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | 2017-09-30 | not yet calculated | CVE-2017-14797 MISC |
| php-fusion_9 -- php-fusion_9 | Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | 2017-09-25 | not yet calculated | CVE-2015-8375 MISC MLIST CONFIRM CONFIRM |
| plone -- plone | Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. | 2017-09-25 | not yet calculated | CVE-2015-7318 MLIST CONFIRM CONFIRM CONFIRM |
| plone -- plone | Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator. | 2017-09-25 | not yet calculated | CVE-2015-7315 MLIST CONFIRM CONFIRM CONFIRM |
| plone -- plone | Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. | 2017-09-25 | not yet calculated | CVE-2015-7316 MLIST CONFIRM MISC CONFIRM |
| poppler -- poppler | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. | 2017-09-29 | not yet calculated | CVE-2017-14926 CONFIRM |
| poppler -- poppler | In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. | 2017-09-29 | not yet calculated | CVE-2017-14928 CONFIRM |
| poppler -- poppler | In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. | 2017-09-29 | not yet calculated | CVE-2017-14927 CONFIRM |
| poppler -- poppler | In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | 2017-09-29 | not yet calculated | CVE-2017-14929 CONFIRM |
| protobuf -- protobuf | protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. | 2017-09-25 | not yet calculated | CVE-2015-5237 MLIST CONFIRM CONFIRM |
| pulp -- pulp-consumer-client | pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | 2017-09-25 | not yet calculated | CVE-2015-5263 MISC MLIST CONFIRM CONFIRM |
| pulse_secure -- pulse_one_on-premise | Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. | 2017-09-29 | not yet calculated | CVE-2017-14935 CONFIRM |
| red_hat -- enterprise_virtualization | redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment. | 2017-09-25 | not yet calculated | CVE-2015-7544 CONFIRM REDHAT |
| red_hat -- enterprise_virtualization | ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. | 2017-09-25 | not yet calculated | CVE-2014-8170 CONFIRM MISC |
| red_hat -- jboss_a-mq | The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies. | 2017-09-25 | not yet calculated | CVE-2015-5183 CONFIRM |
| red_hat -- jboss_a-mq | The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | 2017-09-25 | not yet calculated | CVE-2015-5181 REDHAT CONFIRM REDHAT |
| red_hat -- jboss_a-mq | The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact. | 2017-09-25 | not yet calculated | CVE-2015-5184 CONFIRM |
| red_hat -- jboss_a-mq | Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | 2017-09-25 | not yet calculated | CVE-2015-5182 CONFIRM |
red_hat -- openshift_enterprise_2
| selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack. | 2017-09-25 | not yet calculated | CVE-2015-0238 CONFIRM CONFIRM |
| red_hat -- openshift | The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | 2017-09-27 | not yet calculated | CVE-2015-8249 MISC MISC MISC EXPLOIT-DB |
| saltstack -- salt | Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | 2017-09-26 | not yet calculated | CVE-2017-5200 CONFIRM CONFIRM CONFIRM |
| saltstack -- salt | When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | 2017-09-26 | not yet calculated | CVE-2017-5192 CONFIRM CONFIRM CONFIRM |
| sap -- enterprise_portal | Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | 2017-09-28 | not yet calculated | CVE-2017-10701 BID BID BID MISC |
| schneider_electric -- clearscada | Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon. | 2017-09-25 | not yet calculated | CVE-2017-9962 CONFIRM |
| schneider_electric -- pro-face_gp_pro_ex | A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process. | 2017-09-25 | not yet calculated | CVE-2017-9961 CONFIRM BID |
| smarterstats -- smarterstats | SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | 2017-09-29 | not yet calculated | CVE-2017-14620 MISC |
| systemd -- systemd | Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. | 2017-09-25 | not yet calculated | CVE-2015-7510 CONFIRM CONFIRM CONFIRM |
| tcpdump -- tcpdump | print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). | 2017-09-27 | not yet calculated | CVE-2015-3138 SUSE CONFIRM CONFIRM CONFIRM |
| teamwork -- job_links | TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | 2017-09-27 | not yet calculated | CVE-2017-14838 EXPLOIT-DB |
| teamwork -- photo_fusion | TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | 2017-09-27 | not yet calculated | CVE-2017-14839 EXPLOIT-DB |
| teamwork -- ticketplus | TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | 2017-09-27 | not yet calculated | CVE-2017-14840 EXPLOIT-DB |
| testlink -- testlink | SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. | 2017-09-26 | not yet calculated | CVE-2015-7390 BUGTRAQ |
| testlink -- testlink | Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php. | 2017-09-26 | not yet calculated | CVE-2015-7391 BUGTRAQ |
| tiki -- tiki | Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. | 2017-09-29 | not yet calculated | CVE-2017-14924 MISC MISC MISC |
| tiki -- tiki | Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site. | 2017-09-29 | not yet calculated | CVE-2017-14925 MISC MISC MISC |
| tine -- tine | Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 2017-09-29 | not yet calculated | CVE-2017-14921 MISC MISC MISC MISC MISC |
| tine -- tine | Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 2017-09-29 | not yet calculated | CVE-2017-14922 MISC MISC MISC MISC MISC |
| tine -- tine | Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 2017-09-29 | not yet calculated | CVE-2017-14923 MISC MISC MISC MISC MISC |
| ubuntu -- ubuntu | usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method. | 2017-09-27 | not yet calculated | CVE-2015-3643 MLIST MLIST BID MISC UBUNTU UBUNTU EXPLOIT-DB |
| ueditor -- ueditor | UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | 2017-09-26 | not yet calculated | CVE-2017-14744 MISC |
| unify -- openstage_and_openscape_desk_phones | OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. | 2017-09-25 | not yet calculated | CVE-2015-8251 CERT-VN CONFIRM CONFIRM CONFIRM |
| unisys -- libra | Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption. | 2017-09-29 | not yet calculated | CVE-2017-13684 CONFIRM |
| vebto -- pixie_image_editor | Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php. | 2017-09-25 | not yet calculated | CVE-2017-12905 FULLDISC |
| wesnoth -- battle_for_wesnoth | The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. | 2017-09-26 | not yet calculated | CVE-2015-5069 FEDORA FEDORA MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM MISC |
| wesnoth -- battle_for_wesnoth | The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. | 2017-09-26 | not yet calculated | CVE-2015-5070 FEDORA FEDORA MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM MISC |
| wordpress -- wordpress | The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | 2017-09-26 | not yet calculated | CVE-2017-14751 MISC BID MISC |
| wordpress -- wordpress | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php. | 2017-09-29 | not yet calculated | CVE-2015-9233 MISC MISC MISC |
| wordpress -- wordpress | Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | 2017-09-27 | not yet calculated | CVE-2017-14844 EXPLOIT-DB |
| wordpress -- wordpress | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | 2017-09-29 | not yet calculated | CVE-2015-9234 MISC MISC MISC |
| wordpress -- wordpress | SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php. | 2017-09-25 | not yet calculated | CVE-2017-14125 FULLDISC MISC |
| wordpress -- wordpress | Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. | 2017-09-27 | not yet calculated | CVE-2017-14847 EXPLOIT-DB |
| wordpress -- wordpress | Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. | 2017-09-27 | not yet calculated | CVE-2017-14845 EXPLOIT-DB |
| wordpress -- wordpress | Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | 2017-09-27 | not yet calculated | CVE-2017-14842 EXPLOIT-DB |
| wordpress -- wordpress | Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | 2017-09-27 | not yet calculated | CVE-2017-14843 EXPLOIT-DB |
| wordpress -- wordpress | SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. | 2017-09-27 | not yet calculated | CVE-2017-14760 MISC |
| wordpress -- wordpress | Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php. | 2017-09-27 | not yet calculated | CVE-2017-14622 BID MISC CONFIRM |
| wordpress -- wordpress | Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | 2017-09-27 | not yet calculated | CVE-2017-14846 EXPLOIT-DB |
| wordpress -- wordpress | Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download. | 2017-09-27 | not yet calculated | CVE-2017-2551 MISC CONFIRM |
| wordpress -- wordpress | Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | 2017-09-23 | not yet calculated | CVE-2017-14725 BID MISC MISC MISC |
| wordpress -- wordpress | Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php. | 2017-09-28 | not yet calculated | CVE-2017-14507 EXPLOIT-DB |
| wordpress -- wordpress | The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number. | 2017-09-27 | not yet calculated | CVE-2017-14766 MISC MISC MISC |
| wordpress -- wordpress | Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks. | 2017-09-23 | not yet calculated | CVE-2017-14723 BID MISC MISC MISC MISC MISC MISC MISC |
| wordpress -- wordpress | Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter. | 2017-09-26 | not yet calculated | CVE-2015-7670 BUGTRAQ CONFIRM MISC |
| zkteco -- zktime_web | Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens. | 2017-09-26 | not yet calculated | CVE-2017-13129 BUGTRAQ FULLDISC |
| zope_and_plone -- zope_and_plone | Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. | 2017-09-25 | not yet calculated | CVE-2015-7293 MISC CONFIRM CONFIRM EXPLOIT-DB |
| zte -- microwave_nr8000_series_products | All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host. | 2017-09-27 | not yet calculated | CVE-2017-10932 CONFIRM |
| zyxel -- multiple_products | ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. | 2017-09-27 | not yet calculated | CVE-2015-7256 CERT-VN CONFIRM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.