Vulnerability Summary for the Week of November 6, 2017
Released
Nov 13, 2017
Document ID
SB17-317
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no high vulnerabilities recorded this week. | ||||
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| graphicsmagick -- graphicsmagick | The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. | 2017-11-05 | 6.8 | CVE-2017-16545 CONFIRM CONFIRM |
| graphicsmagick -- graphicsmagick | The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. | 2017-11-06 | 6.8 | CVE-2017-16547 CONFIRM CONFIRM |
| imagemagick -- imagemagick | The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. | 2017-11-05 | 6.8 | CVE-2017-16546 CONFIRM CONFIRM CONFIRM |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abb -- fox515t | An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. | 2017-11-06 | not yet calculated | CVE-2017-14025 BID MISC |
| advantech -- webaccess | An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. | 2017-11-06 | not yet calculated | CVE-2017-12719 BID MISC |
| advantech -- webaccess | A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | 2017-11-06 | not yet calculated | CVE-2017-14016 BID MISC |
| asterisk -- open_source_certified_asterisk | A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer. | 2017-11-08 | not yet calculated | CVE-2017-16671 CONFIRM BID CONFIRM |
| asterisk -- open_source_certified_asterisk | An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash. | 2017-11-08 | not yet calculated | CVE-2017-16672 CONFIRM BID CONFIRM |
| avaya -- ip_office_contact_center | Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. | 2017-11-09 | not yet calculated | CVE-2017-12969 CONFIRM MISC MISC FULLDISC BID EXPLOIT-DB |
| avaya -- ip_office | Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. | 2017-11-09 | not yet calculated | CVE-2017-11309 CONFIRM MISC MISC BID EXPLOIT-DB |
| backintime -- backintime | backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands. | 2017-11-08 | not yet calculated | CVE-2017-16667 CONFIRM CONFIRM CONFIRM |
| bludit -- bludit | In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts. | 2017-11-06 | not yet calculated | CVE-2017-16636 MISC |
| bolt_technology -- bolt | Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. | 2017-11-09 | not yet calculated | CVE-2017-16754 BID MISC MISC |
| brother -- debut_software | The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. NOTE: this might overlap CVE-2017-12568. | 2017-11-09 | not yet calculated | CVE-2017-16249 MISC EXPLOIT-DB |
| cacti -- cacti | Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. | 2017-11-08 | not yet calculated | CVE-2017-16660 MISC |
| cacti -- cacti | Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. | 2017-11-08 | not yet calculated | CVE-2017-16661 MISC |
| cacti -- cacti | Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | 2017-11-10 | not yet calculated | CVE-2017-16785 MISC |
| cacti -- cacti | lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. | 2017-11-07 | not yet calculated | CVE-2017-16641 CONFIRM |
| cesanta -- mongoose | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2892 MISC |
| cesanta -- mongoose | An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2891 MISC |
| cesanta -- mongoose | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2922 MISC |
| cesanta -- mongoose | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2921 MISC |
| cesanta -- mongoose | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2895 MISC |
| cesanta -- mongoose | An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2893 MISC |
| cesanta -- mongoose | An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2894 MISC |
| cesanta -- mongoose | An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2909 MISC |
| cms_made_simple -- cms_made_simple | In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | 2017-11-10 | not yet calculated | CVE-2017-16784 MISC |
| cms_made_simple -- cms_made_simple | In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. | 2017-11-10 | not yet calculated | CVE-2017-16783 MISC |
| confire -- confire | An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. | 2017-11-10 | not yet calculated | CVE-2017-16763 MISC |
| cumulus_networks -- linux | bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492). | 2017-11-08 | not yet calculated | CVE-2017-15865 CONFIRM CONFIRM CONFIRM CONFIRM |
| d-link -- dwr-933_device | XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. | 2017-11-10 | not yet calculated | CVE-2017-16765 MISC |
| datto -- backup_agent | Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto." | 2017-11-08 | not yet calculated | CVE-2017-16673 CONFIRM |
| datto -- windows_agent | Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA versions. | 2017-11-08 | not yet calculated | CVE-2017-16674 CONFIRM |
| disney -- circle | An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2916 MISC |
| disney -- circle | An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2898 MISC |
| disney -- circle | An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-12094 MISC |
| disney -- circle | An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2913 MISC |
| disney -- circle | An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2917 MISC |
| disney -- circle | An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2911 MISC |
| disney -- circle | An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2881 MISC |
| disney -- circle | An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-12083 MISC |
| disney -- circle | An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-12085 MISC |
| disney -- circle | An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2914 MISC |
| disney -- circle | A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server. | 2017-11-07 | not yet calculated | CVE-2017-12084 MISC |
| disney -- circle | An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2912 MISC |
| disney -- circle | An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2884 MISC |
| disney -- circle | An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2889 MISC |
| disney -- circle | An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2864 MISC |
| disney -- circle | An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2883 MISC |
| disney -- circle | An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2866 MISC |
| disney -- circle | An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2865 MISC |
| disney -- circle | An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2882 MISC |
| disney -- circle | An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2915 MISC |
| disney -- circle | An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-2890 MISC |
| disney -- circle | An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-12096 MISC |
| django_make_app -- django_make_app | An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. | 2017-11-10 | not yet calculated | CVE-2017-16764 MISC |
| docker -- moby | The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP. | 2017-11-04 | not yet calculated | CVE-2017-16539 MISC MISC MISC MISC MISC |
| drupal -- drupal | Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names. | 2017-11-06 | not yet calculated | CVE-2015-7878 MISC |
| ffmpeg -- ffmpeg | The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. | 2017-11-06 | not yet calculated | CVE-2017-15672 CONFIRM MLIST BID |
| forcepoint -- triton_ap-email | TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory. | 2017-11-06 | not yet calculated | CVE-2017-11177 CONFIRM |
| gentoo -- gentoo | The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script. | 2017-11-06 | not yet calculated | CVE-2017-16638 CONFIRM |
| gentoo -- gentoo | The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script. | 2017-11-08 | not yet calculated | CVE-2017-16659 CONFIRM |
| graphicsmagick -- graphicsmagick | coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. | 2017-11-08 | not yet calculated | CVE-2017-16669 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| hashicorp -- vagrant | In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | 2017-11-06 | not yet calculated | CVE-2017-16001 MISC |
| hola -- hola | Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. | 2017-11-09 | not yet calculated | CVE-2017-16757 MISC |
| home_assistant -- home_assistant | In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. | 2017-11-10 | not yet calculated | CVE-2017-16782 CONFIRM |
| hpe -- content_manager_workgroup_service | A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). | 2017-11-08 | not yet calculated | CVE-2017-14360 CONFIRM |
| inedo -- buildmaster | Inedo BuildMaster before 5.8.2 has XSS. | 2017-11-10 | not yet calculated | CVE-2017-16760 CONFIRM CONFIRM |
| inedo -- buildmaster | In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. | 2017-11-10 | not yet calculated | CVE-2017-16521 MISC MISC MISC MISC MISC |
| inedo -- buildmaster | An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. | 2017-11-10 | not yet calculated | CVE-2017-16761 CONFIRM CONFIRM CONFIRM |
| inedo -- buildmaster | Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. | 2017-11-10 | not yet calculated | CVE-2017-16520 CONFIRM CONFIRM CONFIRM |
| ingenious -- school_management_system | /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request. | 2017-11-07 | not yet calculated | CVE-2017-16561 EXPLOIT-DB |
| inpage -- inpage | Special crafted InPage document leads to arbitrary code execution in InPage reader. | 2017-11-08 | not yet calculated | CVE-2017-12824 MISC |
| ipswitch -- ws_ftp_professional | Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. | 2017-11-03 | not yet calculated | CVE-2017-16513 MISC MISC EXPLOIT-DB |
| itext -- itext | The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. | 2017-11-08 | not yet calculated | CVE-2017-9096 BUGTRAQ MISC |
| joomla! -- joomla! | In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | 2017-11-09 | not yet calculated | CVE-2017-16634 BID SECTRACK CONFIRM |
| joomla! -- joomla! | In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. | 2017-11-09 | not yet calculated | CVE-2017-16633 BID SECTRACK CONFIRM |
| kabona_ab -- webdatorcentral | A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. | 2017-11-07 | not yet calculated | CVE-2016-0872 MISC |
| keystonejs -- keystonejs | KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. | 2017-11-06 | not yet calculated | CVE-2017-16570 MISC MISC MISC |
| libebml2 -- libebml2 | The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | 2017-11-09 | not yet calculated | CVE-2017-12800 MISC FULLDISC CONFIRM |
| libebml2 -- libebml2 | The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | 2017-11-09 | not yet calculated | CVE-2017-12801 MISC FULLDISC CONFIRM |
| libebml2 -- libebml2 | The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | 2017-11-09 | not yet calculated | CVE-2017-12802 MISC FULLDISC CONFIRM |
| libebml2 -- libebml2 | The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | 2017-11-09 | not yet calculated | CVE-2017-12783 MISC FULLDISC CONFIRM |
| libebml2 -- libebml2 | The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | 2017-11-09 | not yet calculated | CVE-2017-12781 MISC FULLDISC CONFIRM |
| libebml2 -- libebml2 | The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | 2017-11-09 | not yet calculated | CVE-2017-12782 MISC FULLDISC CONFIRM |
| libebml2 -- libebml2 | The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file. | 2017-11-09 | not yet calculated | CVE-2017-12780 MISC FULLDISC CONFIRM |
| librenms -- librenms | The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. | 2017-11-09 | not yet calculated | CVE-2017-16759 CONFIRM CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel | The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. | 2017-11-06 | not yet calculated | CVE-2017-15306 MISC MISC MISC BID MISC |
| linux -- linux_kernel | The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-07 | not yet calculated | CVE-2017-16650 MISC MISC |
| linux -- linux_kernel | The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-07 | not yet calculated | CVE-2017-16644 MISC MISC |
| linux -- linux_kernel | The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-07 | not yet calculated | CVE-2017-16643 MISC BID MISC MISC |
| linux -- linux_kernel | The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-07 | not yet calculated | CVE-2017-16645 BID MISC MISC |
| linux -- linux_kernel | drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-07 | not yet calculated | CVE-2017-16646 MISC MISC |
| linux -- linux_kernel | The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. | 2017-11-07 | not yet calculated | CVE-2017-16648 BID MISC MISC |
| linux -- linux_kernel | drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-07 | not yet calculated | CVE-2017-16647 BID MISC MISC |
| linux -- linux_kernel | The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. | 2017-11-07 | not yet calculated | CVE-2017-16649 BID MISC MISC |
| logitech -- media_server | Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite." | 2017-11-09 | not yet calculated | CVE-2017-16567 EXPLOIT-DB |
| logitech -- media_server | Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. | 2017-11-09 | not yet calculated | CVE-2017-16568 EXPLOIT-DB |
| manageengine -- applications_manager | Zoho ManageEngine Applications Manager 13 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. | 2017-11-05 | not yet calculated | CVE-2017-16543 MISC EXPLOIT-DB |
| manageengine -- applications_manager | Zoho ManageEngine Applications Manager 13 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. | 2017-11-05 | not yet calculated | CVE-2017-16542 MISC EXPLOIT-DB |
| manageengine -- servicedesk | The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | 2017-11-08 | not yet calculated | CVE-2017-11512 MISC |
| manageengine -- servicedesk | The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. | 2017-11-08 | not yet calculated | CVE-2017-11511 MISC |
| matroska -- mkvalidator | The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. | 2017-11-09 | not yet calculated | CVE-2017-12779 MISC FULLDISC CONFIRM |
| metalgenix -- genixcms | Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. | 2017-11-08 | not yet calculated | CVE-2015-3933 CONFIRM EXPLOIT-DB |
| mitrastar -- gpt-2541gnac_router | MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. | 2017-11-03 | not yet calculated | CVE-2017-16523 BID MISC EXPLOIT-DB |
| mkclean -- mkclean | The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. | 2017-11-09 | not yet calculated | CVE-2017-12803 MISC FULLDISC CONFIRM |
| mlalchemy -- mlalchemy | An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-16615 CONFIRM CONFIRM MISC |
| mybb_group -- mybb | The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. | 2017-11-10 | not yet calculated | CVE-2017-16780 CONFIRM |
| mybb_group -- mybb | The installer in MyBB before 1.8.13 has XSS. | 2017-11-10 | not yet calculated | CVE-2017-16781 CONFIRM |
| netapp -- clustered_data_ontap | NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. | 2017-11-09 | not yet calculated | CVE-2017-5201 BID CONFIRM |
| netapp -- oncommand_unified_manager | NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface. | 2017-11-09 | not yet calculated | CVE-2017-11461 BID CONFIRM |
| netiq -- imanager | Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. | 2017-11-06 | not yet calculated | CVE-2017-7425 CONFIRM CONFIRM CONFIRM CONFIRM |
| owlmixin -- owlmixin | An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-16618 CONFIRM CONFIRM MISC |
| perl -- perl | The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used. | 2017-11-07 | not yet calculated | CVE-2008-7319 MISC MISC MISC MISC |
| php -- php | In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. | 2017-11-07 | not yet calculated | CVE-2017-16642 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRM |
| pyanyapi -- pyanyapi | An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. | 2017-11-07 | not yet calculated | CVE-2017-16616 CONFIRM CONFIRM MISC CONFIRM |
| red_hat -- enterprise_linux | It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | 2017-11-08 | not yet calculated | CVE-2017-15087 BID CONFIRM |
| red_hat -- enterprise_linux | It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | 2017-11-08 | not yet calculated | CVE-2017-15086 BID CONFIRM |
| red_hat -- enterprise_linux | It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | 2017-11-08 | not yet calculated | CVE-2017-15085 BID CONFIRM |
| red_hat -- multiple_products | Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 2017-11-09 | not yet calculated | CVE-2015-7501 BID SECTRACK SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
| remobjects -- remobjects | RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL. | 2017-11-08 | not yet calculated | CVE-2017-16665 CONFIRM |
| roundcube -- roundcube | Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. | 2017-11-09 | not yet calculated | CVE-2017-16651 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM DEBIAN |
| rsync -- rsync | The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. | 2017-11-06 | not yet calculated | CVE-2017-16548 CONFIRM CONFIRM |
| sam2p -- sam2p | In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely. | 2017-11-08 | not yet calculated | CVE-2017-16663 CONFIRM |
| samsung -- srn-1670d | Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI. | 2017-11-06 | not yet calculated | CVE-2017-16524 MISC |
| sanic -- sanic | Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. | 2017-11-10 | not yet calculated | CVE-2017-16762 CONFIRM CONFIRM |
| savitech_corp -- savitech_drivers | Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | 2017-11-09 | not yet calculated | CVE-2017-9758 BID MISC CERT-VN MISC |
| siemens -- simatic_pcs_7 | An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. | 2017-11-06 | not yet calculated | CVE-2017-14023 BID SECTRACK MISC |
| sos -- sos | sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. | 2017-11-06 | not yet calculated | CVE-2015-7529 BID UBUNTU MISC MISC CONFIRM CONFIRM |
| suse -- suse_linux_enterprise_desktop | The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. | 2017-11-09 | not yet calculated | CVE-2017-15638 SUSE |
| swftools -- swftools | The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender. | 2017-11-09 | not yet calculated | CVE-2017-16711 MISC |
| symantec -- endpoint_protection | Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system. | 2017-11-06 | not yet calculated | CVE-2017-13680 BID CONFIRM |
| symantec -- endpoint_protection | Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients. | 2017-11-06 | not yet calculated | CVE-2017-6331 BID CONFIRM |
| symantec -- endpoint_protection | Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack. | 2017-11-06 | not yet calculated | CVE-2017-13681 BID CONFIRM |
| synology -- carddav_server | An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. | 2017-11-07 | not yet calculated | CVE-2017-15887 CONFIRM |
| tinywebgallery -- tinywebgallery | In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create. | 2017-11-06 | not yet calculated | CVE-2017-16635 MISC |
| tor -- browser | Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. | 2017-11-04 | not yet calculated | CVE-2017-16541 BID MISC MISC MISC MISC MISC |
| trihedral -- vtscada | An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. | 2017-11-06 | not yet calculated | CVE-2017-14029 MISC |
| trihedral -- vtscada | An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine. | 2017-11-06 | not yet calculated | CVE-2017-14031 MISC |
| vectura -- perfect_privacy_vpn_manager | In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the "FrmAdvancedProtection" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers. | 2017-11-06 | not yet calculated | CVE-2017-16637 MISC MISC |
| vonage/grandstream -- ht802_device | Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. | 2017-11-06 | not yet calculated | CVE-2017-16563 MISC |
| vonage/grandstream -- ht802_device | Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. | 2017-11-06 | not yet calculated | CVE-2017-16565 MISC |
| vonage/grandstream -- ht802_device | Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). | 2017-11-06 | not yet calculated | CVE-2017-16564 MISC |
| wordpress -- wordpress | The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI. | 2017-11-09 | not yet calculated | CVE-2017-16562 CONFIRM EXPLOIT-DB |
| wordpress -- wordpress | Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter. | 2017-11-09 | not yet calculated | CVE-2017-16758 MISC MISC MISC |
| zurmo -- zurmo | An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | 2017-11-06 | not yet calculated | CVE-2017-16569 MISC |
| zurmo -- zurmo | Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | 2017-11-06 | not yet calculated | CVE-2017-15039 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.