US CERT: Security Bulletins

Subscribe to US CERT: Security Bulletins hírcsatorna
Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.
Frissítve: 38 perc 20 másodperc
2017. november 20.

SB17-324: Vulnerability Summary for the Week of November 13, 2017

Original release date: November 20, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no medium vulnerabilities recorded this week.Back to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoalchemist.vim -- alchemist.vim
 Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.2017-11-17not yet calculatedCVE-2017-1000212
CONFIRMaltavault -- ost
 AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution.2017-11-16not yet calculatedCVE-2017-15517
CONFIRMamazon -- key
 Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house for unfilmed activities or (2) attackers to freeze a camera and enter a house if a delivery driver failed to ensure a locked door before leaving.2017-11-16not yet calculatedCVE-2017-16867
MISC
MISC
MISCapache -- camel
 The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.2017-11-15not yet calculatedCVE-2017-12634
CONFIRM
BID
CONFIRMapache -- camel
 The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.2017-11-15not yet calculatedCVE-2017-12633
CONFIRM
BID
CONFIRMapache -- couchdb
 Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.2017-11-14not yet calculatedCVE-2017-12635
BID
MLISTapache -- couchdb
 CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.2017-11-14not yet calculatedCVE-2017-12636
MLISTapache -- cxf
 Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size".2017-11-14not yet calculatedCVE-2017-12624
CONFIRM
BIDapache -- hadoop
 In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file.2017-11-13not yet calculatedCVE-2017-3166
MLISTapache -- karaf
 Apache Karaf enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.2017-11-15not yet calculatedCVE-2014-0219
BID
CONFIRMapache -- openoffice
 An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit.2017-11-13not yet calculatedCVE-2016-6803
BID
SECTRACK
CONFIRMapple -- iosAn issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "UIKit" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event.2017-11-12not yet calculatedCVE-2017-7113
SECTRACK
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to obtain sensitive information via a Siri request for private-content notifications that should not have been available in the lock-screen state.2017-11-12not yet calculatedCVE-2017-13805
SECTRACK
CONFIRMapple -- ios
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.2017-11-12not yet calculatedCVE-2017-13844
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.2017-11-12not yet calculatedCVE-2017-13816
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Audio" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted QuickTime file.2017-11-12not yet calculatedCVE-2017-13807
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2017-11-12not yet calculatedCVE-2017-13846
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-11-12not yet calculatedCVE-2017-13818
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Sandbox" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-11-12not yet calculatedCVE-2017-13838
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg functions.2017-11-12not yet calculatedCVE-2017-13782
SECTRACK
MISC
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-11-12not yet calculatedCVE-2017-13842
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "802.1X" component. It allows attackers to have an unspecified impact by leveraging TLS 1.0 support.2017-11-12not yet calculatedCVE-2017-13832
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "AppleScript" component. It allows remote attackers to execute arbitrary code via a crafted AppleScript file that is mishandled by osadecompile.2017-11-12not yet calculatedCVE-2017-13809
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Fonts" component. It allows remote attackers to spoof the user interface via crafted text.2017-11-12not yet calculatedCVE-2017-13828
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted mach binary.2017-11-12not yet calculatedCVE-2017-13834
SECTRACK
CONFIRMapple -- macosAn issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information or cause a denial of service via a crafted image.2017-11-12not yet calculatedCVE-2017-13831
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "ATS" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted font.2017-11-12not yet calculatedCVE-2017-13820
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents.2017-11-12not yet calculatedCVE-2017-13819
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-11-12not yet calculatedCVE-2017-13821
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Dictionary Widget" component. It allows attackers to read local files if pasted text is used in a search.2017-11-12not yet calculatedCVE-2017-13801
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file.2017-11-12not yet calculatedCVE-2017-13814
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted font file.2017-11-12not yet calculatedCVE-2017-13825
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the third-party "file" product. Versions before 5.31 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.2017-11-12not yet calculatedCVE-2017-13815
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-11-12not yet calculatedCVE-2017-13823
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-11-12not yet calculatedCVE-2017-13822
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-11-12not yet calculatedCVE-2017-13843
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-11-12not yet calculatedCVE-2017-13840
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted archive file.2017-11-12not yet calculatedCVE-2017-13812
SECTRACK
CONFIRMapple -- macos
 An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions.2017-11-12not yet calculatedCVE-2017-13817
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "HFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-11-12not yet calculatedCVE-2017-13830
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript file that is mishandled by osadecompile.2017-11-12not yet calculatedCVE-2017-13824
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-11-12not yet calculatedCVE-2017-13829
CONFIRMapple -- macos
 An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-11-12not yet calculatedCVE-2017-13833
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-11-12not yet calculatedCVE-2017-13841
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.2017-11-12not yet calculatedCVE-2017-13836
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It does not properly restrict the DMA mapping time of FileVault decryption buffers, which allows attackers to read cleartext APFS data via a crafted Thunderbolt adapter.2017-11-12not yet calculatedCVE-2017-13786
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters.2017-11-12not yet calculatedCVE-2017-13810
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-11-12not yet calculatedCVE-2017-13808
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "libarchive" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted archive file.2017-11-12not yet calculatedCVE-2017-13813
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-11-12not yet calculatedCVE-2017-13800
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products, macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-11-12not yet calculatedCVE-2017-13811
SECTRACK
CONFIRMapple -- macos
 An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document.2017-11-12not yet calculatedCVE-2017-7132
SECTRACK
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate.2017-11-12not yet calculatedCVE-2017-13852
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted text file.2017-11-12not yet calculatedCVE-2017-13849
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13783
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "StreamingZip" component. It allows remote attackers to write to unintended pathnames via a crafted ZIP archive.2017-11-12not yet calculatedCVE-2017-13804
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13784
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13794
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13793
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13802
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13798
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13797
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13796
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13795
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13785
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13788
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13803
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13791
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected. tvOS before 11.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.2017-11-12not yet calculatedCVE-2017-13792
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- multiple_products
 An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2017-11-12not yet calculatedCVE-2017-13799
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMapple -- safari
 An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.2017-11-12not yet calculatedCVE-2017-13789
SECTRACK
CONFIRMapple -- safari
 An issue was discovered in certain Apple products. Safari before 11.0.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site.2017-11-12not yet calculatedCVE-2017-13790
SECTRACK
CONFIRMarris -- arris_tg1682g_devices
 Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.2017-11-15not yet calculatedCVE-2017-16836
MISC
EXPLOIT-DBautomationdirect -- click_programming
 An Uncontrolled Search Path Element issue was discovered in AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) versions 2.10 and prior, C-More Programming Software (Part Number EA9-PGMSW) versions 6.30 and prior, C-More Micro (Part Number EA-PGMSW) versions 4.20.01.0 and prior, GS Drives Configuration Software (Part Number GSOFT) versions 4.0.6 and prior, and SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) versions 1.1.0.5 and prior. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.2017-11-13not yet calculatedCVE-2017-14020
BID
MISCb3log -- symphony
 b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid.2017-11-14not yet calculatedCVE-2017-16821
CONFIRMb3log -- symphony
 b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java.2017-11-18not yet calculatedCVE-2017-16881
CONFIRMbig-ip -- big-ip
 On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself.2017-11-17not yet calculatedCVE-2017-6168
SECTRACK
CONFIRMblackberry -- qnx_software_development_platform
 In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.2017-11-14not yet calculatedCVE-2017-9369
CONFIRMblackberry -- qnx_software_development_platform
 In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.2017-11-14not yet calculatedCVE-2017-3893
CONFIRMblackberry -- qnx_software_development_platform
 In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources.2017-11-14not yet calculatedCVE-2017-3892
CONFIRMblackberry -- qnx_software_development_platform
 In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.2017-11-14not yet calculatedCVE-2017-3891
CONFIRMblackberry -- qnx_software_development_platform
 In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.2017-11-14not yet calculatedCVE-2017-9371
CONFIRMbook_walker -- book_walker
 Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-11-17not yet calculatedCVE-2017-10887
CONFIRM
JVNbook_walker -- book_walker
 BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver.1.2.5 and earlier allow an attacker to access local files via unspecified vectors.2017-11-17not yet calculatedCVE-2017-10888
CONFIRM
JVNbritish_columbia_institute_of_technology -- codeigniter
 British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.2017-11-16not yet calculatedCVE-2017-1000247
MISCca_technologies -- ca_identity_governance
 A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user.2017-11-14not yet calculatedCVE-2017-9394
BID
CONFIRMcacti -- cacti
 Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.2017-11-10not yet calculatedCVE-2017-16785
SECTRACK
MISCcacti -- cacti
 Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).2017-11-15not yet calculatedCVE-2014-4000
CONFIRM
CONFIRM
GENTOO
CONFIRMcern -- root
 ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution2017-11-17not yet calculatedCVE-2017-1000203
CONFIRMcern -- root
 ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution2017-11-17not yet calculatedCVE-2017-1000215
MISC
CONFIRM
CONFIRMcisco -- asa_next-generation_firewall_services
 A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, bypassing any filters that are configured to deny local IP management traffic. The vulnerability is due to an implementation error that exists in the process of creating default IP blocks when the device is initialized, and the way in which those IP blocks interact with user-configured filters for local IP management traffic (for example, SSH to the device). An attacker could exploit this vulnerability by sending traffic to the local IP address of the targeted device. A successful exploit could allow the attacker to connect to the local IP address of the device even when there are filters configured to deny the traffic. Cisco Bug IDs: CSCvd97962.2017-11-16not yet calculatedCVE-2017-12299
CONFIRMcisco -- asyncos
 A vulnerability in the Advanced Malware Protection (AMP) file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. The vulnerability is due to incorrect and different file hash values when AMP scans the file. An attacker could exploit this vulnerability by sending a crafted email file attachment through the targeted device. An exploit could allow the attacker to bypass a configured AMP file filter. Cisco Bug IDs: CSCvf52943.2017-11-16not yet calculatedCVE-2017-12303
SECTRACK
CONFIRMcisco -- email_security_appliance
 A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize input values. An attacker could exploit this vulnerability by injecting malicious HTTP headers, controlling the response body, or splitting the response into multiple responses. An exploit could allow the attacker to perform cross-site scripting attacks, cross-user defacement, web cache poisoning, and similar exploits. Cisco Bug IDs: CSCvf16705.2017-11-16not yet calculatedCVE-2017-12309
SECTRACK
CONFIRMcisco -- findit_network_discovery_utility
 A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Library Loading. The vulnerability is due to the application loading a malicious copy of a specific, nondefined DLL file instead of the DLL file it was expecting. An attacker could exploit this vulnerability by placing an affected DLL within the search path of the host system. An exploit could allow the attacker to load a malicious DLL file into the system, thus partially compromising confidentiality, integrity, and availability on the device. Cisco Bug IDs: CSCvf37955.2017-11-16not yet calculatedCVE-2017-12314
CONFIRMcisco -- firepower_system_software
 A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is due to the incorrect detection of an SMB2 file when the detection is based on the length of the file. An attacker could exploit this vulnerability by sending a crafted SMB2 transfer request through the targeted device. A successful exploit could allow the attacker to bypass filters that are configured to block SMB2 traffic. Cisco Bug IDs: CSCve58398.2017-11-16not yet calculatedCVE-2017-12300
BID
CONFIRMcisco -- hyperflex_system
 A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472.2017-11-16not yet calculatedCVE-2017-12315
BID
CONFIRMcisco -- identity_services_engine
 A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518.2017-11-16not yet calculatedCVE-2017-12316
SECTRACK
CONFIRMcisco -- immunet_antimalware_installer
 An untrusted search path (aka DLL Preloading) vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvf23928.2017-11-16not yet calculatedCVE-2017-12312
CONFIRMcisco -- ios_and_ios_xe
 A vulnerability in the IOS daemon (IOSd) web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the web-based management interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf60862.2017-11-16not yet calculatedCVE-2017-12304
BID
SECTRACK
CONFIRMcisco -- ip_phone_8800_series
 A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.2017-11-16not yet calculatedCVE-2017-12305
BID
SECTRACK
CONFIRMcisco -- meeting_serverA vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid picture parameter set (PPS) value. An attacker could exploit this vulnerability by sending a malformed H.264 frame to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition because the media process could restart. The media session should be re-established within a few seconds, during which there could be a brief interruption in service. Cisco Bug IDs: CSCvg12559.2017-11-16not yet calculatedCVE-2017-12311
BID
SECTRACK
CONFIRMcisco -- network_academy_packet_tracer
 An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has been placed by an attacker. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An attacker would need valid user credentials to exploit this vulnerability.2017-11-16not yet calculatedCVE-2017-12313
BID
CONFIRMcisco -- registered_envelope_service
 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.2017-11-16not yet calculatedCVE-2017-12323
BID
CONFIRMcisco -- registered_envelope_service
 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.2017-11-16not yet calculatedCVE-2017-12290
BID
CONFIRMcisco -- registered_envelope_service
 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.2017-11-16not yet calculatedCVE-2017-12320
BID
CONFIRMcisco -- registered_envelope_service
 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.2017-11-16not yet calculatedCVE-2017-12292
BID
CONFIRMcisco -- registered_envelope_service
 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.2017-11-16not yet calculatedCVE-2017-12322
BID
CONFIRMcisco -- registered_envelope_service
 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.2017-11-16not yet calculatedCVE-2017-12321
BID
CONFIRMcisco -- registered_envelope_service
 Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999.2017-11-16not yet calculatedCVE-2017-12291
BID
CONFIRMcisco -- rf_gateway
 A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of service (DoS) condition. The vulnerability is due to a processing error with TCP connections to the affected device. An attacker could exploit this vulnerability by establishing a large number of TCP connections to an affected device and not actively closing those TCP connections. A successful exploit could allow the attacker to prevent the affected device from delivering SDV or VoD streams to set-top boxes. Cisco Bug IDs: CSCvf19887.2017-11-16not yet calculatedCVE-2017-12318
BID
CONFIRMcisco -- spark_board
 A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process with an upgrade package that the attacker controls. An exploit could allow the attacker to install custom firmware to the Spark Board. Cisco Bug IDs: CSCvf84502.2017-11-16not yet calculatedCVE-2017-12306
CONFIRMcisco -- umbrella_insights_virtual_appliances
 A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker could exploit this vulnerability by using the hypervisor console to connect locally to an affected system and then using the static credentials to log in to an affected virtual appliance. A successful exploit could allow the attacker to log in to the affected appliance with root privileges. Cisco Bug IDs: CSCvg31220.2017-11-16not yet calculatedCVE-2017-12350
BID
CONFIRM
MISCcisco -- unified_communications_manager
 A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to a lack of input validation on user-supplied input in SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected system. An exploit could allow the attacker to determine the presence of certain values in the database. Cisco Bug IDs: CSCvf36682.2017-11-16not yet calculatedCVE-2017-12302
BID
SECTRACK
CONFIRMcisco -- voice_operating_system
 A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.2017-11-16not yet calculatedCVE-2017-12337
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
SECTRACK
CONFIRMcloud_foundry -- foundation_grootfs
 Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.2017-11-13not yet calculatedCVE-2017-14388
CONFIRMcms_made_simple -- cms_made_simple
 In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.2017-11-12not yet calculatedCVE-2017-16799
MISCcms_made_simple -- cms_made_simple
 In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.2017-11-12not yet calculatedCVE-2017-16798
MISCcodiad -- codiad
 Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.2017-11-17not yet calculatedCVE-2017-1000125
MISCconfire -- confire
 An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-10not yet calculatedCVE-2017-16763
CONFIRM
MISC
MISCcreolabs -- gravity
 Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been freed, creating a Heap Use-After-Free condition.2017-11-16not yet calculatedCVE-2017-1000172
MISCcreolabs -- gravity
 Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow.2017-11-16not yet calculatedCVE-2017-1000173
MISCcs-cart -- cs-cart
 Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors.2017-11-17not yet calculatedCVE-2017-10886
CONFIRM
JVNcyberduck -- cyberduck
 Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.2017-11-15not yet calculatedCVE-2014-2845
SECUNIA
BUGTRAQ
CONFIRMcygnux -- syspass
 Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information.2017-11-17not yet calculatedCVE-2017-1000192
CONFIRMd-link -- dcs-936l_devices
 D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.2017-11-15not yet calculatedCVE-2017-7851
MISC
MISC

dahua_technology -- network_video_recorders

Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.2017-11-13not yet calculatedCVE-2017-9314
CONFIRMdayrui_finecms -- dayrui_finecms
 dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.2017-11-16not yet calculatedCVE-2017-16866
CONFIRMdebian -- postgresql
 The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.2017-11-13not yet calculatedCVE-2017-8806
CONFIRM
BID
CONFIRM
CONFIRMdjango_make_app -- django_make_app
 An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-10not yet calculatedCVE-2017-16764
MISC
MISCellislab -- expressionengine
 EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection2017-11-17not yet calculatedCVE-2017-1000160
MISCexiv2 -- exiv2
 exiv2 0.26 contains a Stack out of bounds read in webp parser2017-11-17not yet calculatedCVE-2017-1000126
MLISTexiv2 -- exiv2
 Exiv2 0.26 contains a heap buffer overflow in tiff parser2017-11-17not yet calculatedCVE-2017-1000127
MLISTexiv2 -- exiv2
 Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser2017-11-17not yet calculatedCVE-2017-1000128
MLISTfilp_whoops -- filp_whoops
 The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.2017-11-17not yet calculatedCVE-2017-16880
CONFIRMfortinet -- fortios
 A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim.2017-11-13not yet calculatedCVE-2017-7739
BID
SECTRACK
CONFIRMfreebsd -- freebsd
 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace.2017-11-16not yet calculatedCVE-2017-1086
BID
SECTRACK
FREEBSDfreebsd -- freebsd
 In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.2017-11-16not yet calculatedCVE-2017-1088
BID
SECTRACK
FREEBSDfreebsd -- freebsd
 In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.2017-11-16not yet calculatedCVE-2017-1087
BID
SECTRACK
FREEBSDgeminabox -- geminabox
 Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.2017-11-13not yet calculatedCVE-2017-16792
CONFIRM
CONFIRM
MISCgemirro -- gemirro
 Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file.2017-11-15not yet calculatedCVE-2017-16833
CONFIRMgnu -- binutils
 The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.2017-11-15not yet calculatedCVE-2017-16827
CONFIRM
CONFIRMgnu -- binutils
 The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.2017-11-15not yet calculatedCVE-2017-16828
CONFIRM
CONFIRMgnu -- binutils
 The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.2017-11-15not yet calculatedCVE-2017-16830
CONFIRM
CONFIRMgnu -- binutils
 The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.2017-11-15not yet calculatedCVE-2017-16826
CONFIRM
CONFIRMgnu -- binutils
 coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.2017-11-15not yet calculatedCVE-2017-16831
CONFIRM
CONFIRMgnu -- binutils
 The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.2017-11-15not yet calculatedCVE-2017-16829
CONFIRM
CONFIRMgnu -- binutils
 The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.2017-11-15not yet calculatedCVE-2017-16832
CONFIRM
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. Android ID: A-36006981.2017-11-16not yet calculatedCVE-2017-0861
CONFIRMgoogle -- androidAnother vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894.2017-11-16not yet calculatedCVE-2017-0858
CONFIRMgoogle -- androidAnother vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131.2017-11-16not yet calculatedCVE-2017-0859
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-63522818.2017-11-16not yet calculatedCVE-2017-0838
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.2017-11-16not yet calculatedCVE-2017-0862
CONFIRMgoogle -- androidA denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506.2017-11-16not yet calculatedCVE-2017-0852
CONFIRMgoogle -- androidAn elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064.2017-11-16not yet calculatedCVE-2017-0860
CONFIRMgoogle -- androidA remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.2017-11-16not yet calculatedCVE-2017-0836
BID
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941.2017-11-16not yet calculatedCVE-2017-0831
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837.2017-11-16not yet calculatedCVE-2017-0854
CONFIRMgoogle -- android
 A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.2017-11-16not yet calculatedCVE-2017-0845
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488.2017-11-16not yet calculatedCVE-2017-0843
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.2017-11-16not yet calculatedCVE-2017-0830
BID
CONFIRMgoogle -- android
 An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-34705801. References: N-CVE-2017-6274.2017-11-14not yet calculatedCVE-2017-6274
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399.2017-11-16not yet calculatedCVE-2017-0849
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941.2017-11-16not yet calculatedCVE-2017-0850
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.2017-11-16not yet calculatedCVE-2017-0865
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670.2017-11-16not yet calculatedCVE-2017-0840
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644.2017-11-16not yet calculatedCVE-2017-0853
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999.2017-11-16not yet calculatedCVE-2017-0847
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217.2017-11-16not yet calculatedCVE-2017-0848
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62887820.2017-11-16not yet calculatedCVE-2017-0832
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003.2017-11-16not yet calculatedCVE-2017-0839
BID
CONFIRMgoogle -- android
 An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264.2017-11-14not yet calculatedCVE-2017-6264
BID
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513.2017-11-16not yet calculatedCVE-2017-0842
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570.2017-11-16not yet calculatedCVE-2017-0851
CONFIRMgoogle -- android
 Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447.2017-11-16not yet calculatedCVE-2017-0857
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571.2017-11-16not yet calculatedCVE-2017-0864
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62896384.2017-11-16not yet calculatedCVE-2017-0833
BID
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.2017-11-16not yet calculatedCVE-2017-0863
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832.2017-11-16not yet calculatedCVE-2017-0835
BID
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953.2017-11-16not yet calculatedCVE-2017-0834
BID
CONFIRMgoogle -- android
 An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275.2017-11-14not yet calculatedCVE-2017-6275
CONFIRMgoogle -- android
 A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.2017-11-16not yet calculatedCVE-2017-0841
BID
CONFIRMgoogle -- pixel
 An elevation of privilege vulnerability in the Direct rendering infrastructure of the NVIDIA Tegra X1 where an unchecked input from userspace is passed as a pointer to kfree. This could lead to kernel memory corruption and possible code execution. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-38415808. References: N-CVE-2017-0866.2017-11-16not yet calculatedCVE-2017-0866
CONFIRMhashicorp -- vagrant-vmware-fusion
 If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.2017-11-16not yet calculatedCVE-2017-16777
MISCi-o_data_device -- lan_disk_connect
 I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors.2017-11-13not yet calculatedCVE-2017-10875
JVN
CONFIRMiBall -- ib-wra300n3gt
 Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi.2017-11-13not yet calculatedCVE-2017-11169
MISCi_librarian -- i_librarian
 I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.2017-11-16not yet calculatedCVE-2017-1000237
MISCi_librarian -- i_librarian
 I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.2017-11-16not yet calculatedCVE-2017-1000236
MISCi_librarian -- i_librarian
 I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.2017-11-16not yet calculatedCVE-2017-1000235
MISCi_librarian -- i_librarian
 I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter2017-11-16not yet calculatedCVE-2017-1000234
MISCibm -- security_access_manager_appliance
 IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372.2017-11-13not yet calculatedCVE-2017-1453
CONFIRM
MISCibm -- security_access_manager_appliance
 IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612.2017-11-13not yet calculatedCVE-2017-1477
CONFIRM
MISCibm -- storwize
 A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.2017-11-13not yet calculatedCVE-2017-1710
CONFIRM
BID
SECTRACK
MISCibm -- tivoli_endpoint_manager
 IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 123908.2017-11-13not yet calculatedCVE-2017-1229
CONFIRM
MISCibm -- tivoli_endpoint_manager
 IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861.2017-11-13not yet calculatedCVE-2017-1221
CONFIRM
BID
MISCicinga_core -- icinga_core
 Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.2017-11-18not yet calculatedCVE-2017-16882
MISCicon_time -- icon_time_systems_rtc-1000
 A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.2017-11-17not yet calculatedCVE-2017-16819
MISCikarus -- ikarus_anti.virus
 In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.2017-11-15not yet calculatedCVE-2017-14961
MISC
MISC
EXPLOIT-DB
CONFIRMintel -- unite_app
 Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure.2017-11-16not yet calculatedCVE-2017-5738
CONFIRMinvoiceplane -- invoiceplane
 InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site.2017-11-16not yet calculatedCVE-2017-1000239
MISCinvoiceplane -- invoiceplane
 InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.2017-11-16not yet calculatedCVE-2017-1000238
MISCipsilon -- ipsilon
 Ipsilon before 2.1.0 has a "SAML2 multi-session vulnerability."2017-11-16not yet calculatedCVE-2017-16855
MISCjava -- java
 The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate.2017-11-16not yet calculatedCVE-2017-1000209
CONFIRMjooan -- ip_camera_a5_2.3.36_devices
 On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.2017-11-17not yet calculatedCVE-2017-16566
MISCjool -- jool
 Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.2017-11-17not yet calculatedCVE-2017-1000191
CONFIRMjqueryfiletree -- jqueryfiletree
 jqueryFileTree 2.1.5 and older Directory Traversal2017-11-17not yet calculatedCVE-2017-1000170
MISCkickbase -- kickbase_bundesliga_manager
 The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registration and authentication.2017-11-13not yet calculatedCVE-2017-14711
MISCkirby_panel -- kirby_panel
 A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.2017-11-13not yet calculatedCVE-2017-16807
CONFIRM
MISC
EXPLOIT-DBkodak -- insite
 Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp.2017-11-14not yet calculatedCVE-2017-9085
MISCkonversation -- konversation
 Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote attackers to cause a denial of service (crash) via vectors related to parsing of IRC color formatting codes.2017-11-15not yet calculatedCVE-2017-15923
CONFIRM
CONFIRM
DEBIANlansweeper -- lansweeper
 LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.2017-11-15not yet calculatedCVE-2017-16841
EXPLOIT-DB
MISCldns -- ldns
 A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.2017-11-16not yet calculatedCVE-2017-1000232
MISCldns -- ldns
 A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.2017-11-16not yet calculatedCVE-2017-1000231
MISClibav -- libav
 In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.2017-11-13not yet calculatedCVE-2017-16803
BID
CONFIRM
CONFIRMlibavcodec -- libavcodec
 The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact.2017-11-15not yet calculatedCVE-2017-14034
MISClibbpg -- libbpg
 The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.2017-11-15not yet calculatedCVE-2017-13136
MISClibbpg -- libbpg
 A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg 0.9.7 and other products, because the CUData::initialize function in common/cudata.cpp mishandles memory-allocation failure.2017-11-15not yet calculatedCVE-2017-13135
MISClibming -- libming
 The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.2017-11-18not yet calculatedCVE-2017-16883
CONFIRMlightftp -- lightftp
 LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.2017-11-16not yet calculatedCVE-2017-1000218
CONFIRMlinux -- kernel
 The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.2017-11-15not yet calculatedCVE-2017-15115
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMlinux -- kernel
 The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.2017-11-15not yet calculatedCVE-2017-15102
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRMlynx -- lynx
 Lynx version 2.8.8 and older is vulnerable to a use after free in the HTML parser resulting in memory disclosure.2017-11-17not yet calculatedCVE-2017-1000211
MISCmediawiki -- mediawikiMediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.2017-11-15not yet calculatedCVE-2017-8812
SECTRACK
CONFIRM
DEBIANmediawiki -- mediawiki
 api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.2017-11-15not yet calculatedCVE-2017-8809
SECTRACK
CONFIRM
DEBIANmediawiki -- mediawiki
 The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."2017-11-15not yet calculatedCVE-2017-8814
SECTRACK
CONFIRM
DEBIANmediawiki -- mediawiki
 The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.2017-11-15not yet calculatedCVE-2017-8815
SECTRACK
CONFIRM
DEBIANmediawiki -- mediawiki
 MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests.2017-11-15not yet calculatedCVE-2017-8810
SECTRACK
CONFIRM
DEBIANmediawiki -- mediawiki
 MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.2017-11-15not yet calculatedCVE-2017-8808
SECTRACK
CONFIRM
DEBIANmediawiki -- mediawiki

 The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.2017-11-15not yet calculatedCVE-2017-8811
SECTRACK
CONFIRM
DEBIANmicrosoft -- .net_core
 .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".2017-11-14not yet calculatedCVE-2017-11883
BID
SECTRACK
CONFIRMmicrosoft -- .net_core
 .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".2017-11-14not yet calculatedCVE-2017-11770
BID
SECTRACK
CONFIRMmicrosoft -- asp.net_core
 ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".2017-11-14not yet calculatedCVE-2017-11879
BID
SECTRACK
CONFIRMmicrosoft -- asp.net_core
 ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".2017-11-14not yet calculatedCVE-2017-8700
BID
SECTRACK
CONFIRMmicrosoft -- device_guard
 Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".2017-11-14not yet calculatedCVE-2017-11830
BID
SECTRACK
CONFIRMmicrosoft -- edge
 Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".2017-11-14not yet calculatedCVE-2017-11845
BID
SECTRACK
CONFIRMmicrosoft -- excel
 Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".2017-11-14not yet calculatedCVE-2017-11878
BID
SECTRACK
CONFIRMmicrosoft -- excel
 Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".2017-11-14not yet calculatedCVE-2017-11877
BID
SECTRACK
CONFIRMmicrosoft -- excel
 Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882.2017-11-14not yet calculatedCVE-2017-11884
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11855.2017-11-14not yet calculatedCVE-2017-11856
BID
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".2017-11-14not yet calculatedCVE-2017-11827
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability".2017-11-14not yet calculatedCVE-2017-11848
BID
SECTRACK
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856.2017-11-14not yet calculatedCVE-2017-11855
BID
CONFIRMmicrosoft -- internet_explorer
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11869
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_productsMicrosoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874.2017-11-14not yet calculatedCVE-2017-11872
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11839
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791.2017-11-14not yet calculatedCVE-2017-11834
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability".2017-11-14not yet calculatedCVE-2017-11850
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11837
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11836
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.2017-11-14not yet calculatedCVE-2017-11874
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11833.2017-11-14not yet calculatedCVE-2017-11844
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".2017-11-14not yet calculatedCVE-2017-11876
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11870
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11843
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11866
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11833 and CVE-2017-11844.2017-11-14not yet calculatedCVE-2017-11803
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11871.2017-11-14not yet calculatedCVE-2017-11873
BID
SECTRACK
CONFIRM
EXPLOIT-DBmicrosoft -- multiple_products
 ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834.2017-11-14not yet calculatedCVE-2017-11791
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11838
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11840
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11858
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11871
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11846
BID
SECTRACK
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11841
BID
SECTRACK
CONFIRMmicrosoft -- multiple_products
 ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11862
BID
SECTRACK
CONFIRMmicrosoft -- office
 Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.2017-11-14not yet calculatedCVE-2017-11882
BID
SECTRACK
MISC
MISC
CONFIRM
CERT-VNmicrosoft -- office
 Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".2017-11-14not yet calculatedCVE-2017-11854
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831.2017-11-14not yet calculatedCVE-2017-11880
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".2017-11-14not yet calculatedCVE-2017-11847
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851.2017-11-14not yet calculatedCVE-2017-11853
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11849, CVE-2017-11851, and CVE-2017-11853.2017-11-14not yet calculatedCVE-2017-11842
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853.2017-11-14not yet calculatedCVE-2017-11851
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11851, and CVE-2017-11853.2017-11-14not yet calculatedCVE-2017-11849
BID
SECTRACK
CONFIRMmicrosoft -- windows_kernel
 Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11880.2017-11-14not yet calculatedCVE-2017-11831
BID
SECTRACK
CONFIRMmicrosoft -- windows_media_player
 Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability."2017-11-14not yet calculatedCVE-2017-11768
BID
SECTRACK
CONFIRMmicrosoft -- windows_search
 Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability".2017-11-14not yet calculatedCVE-2017-11788
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844.2017-11-14not yet calculatedCVE-2017-11833
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.2017-11-14not yet calculatedCVE-2017-11861
BID
SECTRACK
CONFIRM
EXPLOIT-DBmicrosoft -- windows
 Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874.2017-11-14not yet calculatedCVE-2017-11863
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832.2017-11-14not yet calculatedCVE-2017-11835
BID
SECTRACK
CONFIRMmicrosoft -- windows
 The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835.2017-11-14not yet calculatedCVE-2017-11832
BID
SECTRACK
CONFIRMmicrosoft -- windows
 Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability".2017-11-14not yet calculatedCVE-2017-11852
BID
SECTRACK
CONFIRMmisp -- misp
 In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.2017-11-13not yet calculatedCVE-2017-16802
CONFIRMmodx_revolution -- modx_revolution
 A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.2017-11-17not yet calculatedCVE-2017-1000223
MISCmoxa -- eds-g512e_5.1_build_16072215_devices
 An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.2017-11-17not yet calculatedCVE-2017-13700
MISCmoxa -- eds-g512e_5.1_build_16072215_devices
 An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused.2017-11-17not yet calculatedCVE-2017-13702
MISCmoxa -- eds-g512e_5.1_build_16072215_devices
 An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur.2017-11-17not yet calculatedCVE-2017-13703
MISCmoxa – nport_5110
 An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device.2017-11-16not yet calculatedCVE-2017-16719
MISCmoxa – nport_5110
 A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount of TCP SYN packets.2017-11-16not yet calculatedCVE-2017-14028
MISCmoxa – nport_5110
 An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.2017-11-16not yet calculatedCVE-2017-16715
MISCnetapp – snapcenter_server
 NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.2017-11-16not yet calculatedCVE-2017-15516
CONFIRMnodejs -- nodejs_ejs
 nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function2017-11-16not yet calculatedCVE-2017-1000228
MISCnodejs -- nodejs_ejs
 nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()2017-11-16not yet calculatedCVE-2017-1000189
MISCnodejs -- nodejs_ejs
 nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection2017-11-16not yet calculatedCVE-2017-1000188
MISCnpm -- npm
 npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user2017-11-16not yet calculatedCVE-2017-1000219
CONFIRMntt_docomo -- wi-fi_station_l-02f
 Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02F-MDM9625-V10h-JUN-23-2017-DCM-JP and earlier allows an attacker to execute arbitrary code via unspecified vectors.2017-11-13not yet calculatedCVE-2017-10871
JVNoctober -- october_cms
 October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.2017-11-16not yet calculatedCVE-2017-1000195
MISCoctober -- october_cms
 October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.2017-11-16not yet calculatedCVE-2017-1000197
MISCoctober -- october_cms
 October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.2017-11-16not yet calculatedCVE-2017-1000196
MISCoctober -- october_cms
 October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.2017-11-16not yet calculatedCVE-2017-1000193
MISCoctober -- october_cms
 October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.2017-11-16not yet calculatedCVE-2017-1000194
MISCoctopus_deploy -- octopus_deploy
 Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.2017-11-13not yet calculatedCVE-2017-16801
CONFIRMoctopus_deploy -- octopus_deploy
 Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter.2017-11-13not yet calculatedCVE-2017-16810
CONFIRM

open_ticket_request_system -- open_ticket_request_system


 In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information

open_ticket_request_system -- open_ticket_request_system

like database user and password.2017-11-16not yet calculatedCVE-2017-15864
CONFIRMopencast -- opencast
 In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. For example, a user with the role ROLE_USER will have access to recordings published only for ROLE_USER_X.2017-11-17not yet calculatedCVE-2017-1000221
CONFIRMopencast -- opencast
 Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.2017-11-17not yet calculatedCVE-2017-1000217
CONFIRMopenemr -- openemr
 The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.2017-11-16not yet calculatedCVE-2017-1000240
MISCopenemr -- openemr
 The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators.2017-11-16not yet calculatedCVE-2017-1000241
MISCopensaml -- opensaml
 The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.2017-11-16not yet calculatedCVE-2017-16853
CONFIRM
CONFIRM
CONFIRM
DEBIANopenssl -- openssl
 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.2017-11-13not yet calculatedCVE-2016-8610
MLIST
BID
SECTRACK
CONFIRM
CONFIRM
MISC
DEBIANopenstack -- nova
 In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected.2017-11-14not yet calculatedCVE-2017-16239
CONFIRM
CONFIRMoptipng -- optipng
 Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.2017-11-17not yet calculatedCVE-2017-1000229
MISCoracle -- tuxedo
 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).2017-11-14not yet calculatedCVE-2017-10272
CONFIRM
BIDoracle -- tuxedo
 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Tuxedo accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).2017-11-14not yet calculatedCVE-2017-10266
CONFIRM
BIDoracle -- tuxedo
 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).2017-11-14not yet calculatedCVE-2017-10267
CONFIRM
BIDoracle -- tuxedo
 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L).2017-11-14not yet calculatedCVE-2017-10269
CONFIRM
BIDoracle -- tuxedo
 Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data as well as unauthorized update, insert or delete access to some of Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L).2017-11-14not yet calculatedCVE-2017-10278
CONFIRM
BIDorange -- livebox
 Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.2017-11-15not yet calculatedCVE-2014-3150
MISCpaperclip -- paperclip
 Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.2017-11-13not yet calculatedCVE-2017-0889
CONFIRM
MISC
MISCpaperclip -- paperclip
 The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.2017-11-13not yet calculatedCVE-2017-0904
MISC
CONFIRM
CONFIRM
MISC
MISCpaperclip -- paperclip
 The private_address_check ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery.2017-11-16not yet calculatedCVE-2017-0909
CONFIRM
MISCphilips_intellispace -- cardiovascular_and_xcelera
 The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.2017-11-17not yet calculatedCVE-2017-14111
BID
MISC
CONFIRMphoenix_framework -- phoenix_framework
 The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.2017-11-17not yet calculatedCVE-2017-1000163
CONFIRMpicotcp -- picotcp
 picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack2017-11-16not yet calculatedCVE-2017-1000210
CONFIRMpjsip -- pjsip
 An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.2017-11-17not yet calculatedCVE-2017-16872
CONFIRM
CONFIRMpjsip -- pjsip
 An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.2017-11-17not yet calculatedCVE-2017-16875
CONFIRM
CONFIRMpnp4nagios -- pnp4nagios
 PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging access to this unprivileged account.2017-11-15not yet calculatedCVE-2017-16834
MISCprocmail -- procmail
 Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.2017-11-16not yet calculatedCVE-2017-16844
MISCpsftpd -- psftpdThe PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server.2017-11-15not yet calculatedCVE-2017-15269
MISC
BUGTRAQ
MISCpsftpd -- psftpd
 The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.2017-11-15not yet calculatedCVE-2017-15272
MISC
BUGTRAQ
MISCpsftpd -- psftpd
 A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.2017-11-15not yet calculatedCVE-2017-15271
MISC
BUGTRAQ
EXPLOIT-DB
MISCpsftpd -- psftpd
 The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.2017-11-15not yet calculatedCVE-2017-15270
MISC
BUGTRAQ
EXPLOIT-DB
MISCpython -- python
 CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)2017-11-17not yet calculatedCVE-2017-1000158
MISCpython --python
 Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.2017-11-16not yet calculatedCVE-2017-1000246
MISCqemu -- qemu
 hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.2017-11-17not yet calculatedCVE-2017-16845
MLISTqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in the service-locator driver function service_locator_send_msg().2017-11-16not yet calculatedCVE-2017-11032
CONFIRMqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge text of length up to 253 bytes, but the driver can not handle challenge text larger than 128 bytes.2017-11-16not yet calculatedCVE-2017-11015
BID
CONFIRMqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and "csr_roam_issue_ft_preauth_req" due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size.2017-11-16not yet calculatedCVE-2017-11035
CONFIRMqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in the rmnet USB control driver can potentially lead to a Use After Free condition.2017-11-16not yet calculatedCVE-2017-11024
CONFIRMqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file.2017-11-16not yet calculatedCVE-2017-11022
CONFIRMqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading "num_of_cea_blocks" from the untrusted source (EDID), kernel memory can be exposed.2017-11-16not yet calculatedCVE-2017-11093
CONFIRMqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel2017-11-16not yet calculatedCVE-2017-11018
CONFIRMqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early.2017-11-16not yet calculatedCVE-2017-11091
CONFIRMqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.2017-11-16not yet calculatedCVE-2017-11029
CONFIRMqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or access uninitialized memory.2017-11-16not yet calculatedCVE-2017-11017
BID
CONFIRMqualcomm -- msmIn android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur.2017-11-16not yet calculatedCVE-2017-11092
BID
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against "MSM_ISP_STATS_MAX".2017-11-16not yet calculatedCVE-2017-9696
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory.2017-11-16not yet calculatedCVE-2017-9701
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability.2017-11-16not yet calculatedCVE-2017-11027
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the boot loader, a buffer overflow can occur while parsing the splash image.2017-11-16not yet calculatedCVE-2017-9721
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpackCore) is increased for each loop, while there is no boundary check against "pIe->arraybound".2017-11-16not yet calculatedCVE-2017-11013
BID
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information.2017-11-16not yet calculatedCVE-2017-8279
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys.2017-11-16not yet calculatedCVE-2017-11026
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver.2017-11-16not yet calculatedCVE-2017-9702
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads.2017-11-16not yet calculatedCVE-2017-11023
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow.2017-11-16not yet calculatedCVE-2017-9690
BID
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range.2017-11-16not yet calculatedCVE-2017-9719
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use.2017-11-16not yet calculatedCVE-2017-11038
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes.2017-11-16not yet calculatedCVE-2017-11090
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data().2017-11-16not yet calculatedCVE-2017-11028
BID
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.2017-11-16not yet calculatedCVE-2017-11058
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c2017-11-16not yet calculatedCVE-2017-11085
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur.2017-11-16not yet calculatedCVE-2017-11012
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes2017-11-16not yet calculatedCVE-2017-11089
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in the function audio_effects_shared_ioctl(), memory corruption can occur.2017-11-16not yet calculatedCVE-2017-11025
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overflow can occur.2017-11-16not yet calculatedCVE-2017-11014
BID
CONFIRMqualcomm -- msm
 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qcacld pktlog allows mapping memory via /proc/ath_pktlog/cld to user space.2017-11-16not yet calculatedCVE-2017-11073
CONFIRMquickerbb -- quickerbb
 QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.2017-11-17not yet calculatedCVE-2017-1000169
CONFIRMradare2 -- radare2
 In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c.2017-11-13not yet calculatedCVE-2017-16805
CONFIRM
CONFIRMrealtek -- realtek_audio_driver
 A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.2017-11-13not yet calculatedCVE-2017-3767
CONFIRMrecurly -- recurly
 The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources.2017-11-13not yet calculatedCVE-2017-0907
CONFIRM
CONFIRM
MISCrecurly -- recurly
 The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.2017-11-13not yet calculatedCVE-2017-0906
CONFIRM
CONFIRM
MISCrecurly -- recurly
 The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources.2017-11-13not yet calculatedCVE-2017-0905
CONFIRM
CONFIRM
MISCredis-store -- redis-store
 Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis2017-11-16not yet calculatedCVE-2017-1000248
MISCredmine -- redmine
 In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.2017-11-13not yet calculatedCVE-2017-16804
CONFIRM
CONFIRM
CONFIRMrelevanssi -- relevanssi_premium
 Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can2017-11-17not yet calculatedCVE-2017-1000225
MISCsalutation_responsive -- wordpress_buddypress_theme
 Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can2017-11-17not yet calculatedCVE-2017-1000227
MISCsamtools -- samtools
 samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution2017-11-17not yet calculatedCVE-2017-1000206
CONFIRMsandisk -- secure_access
 SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes.2017-11-16not yet calculatedCVE-2017-16560
MISCsbi_securities -- hyper_sbi
 Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.2017-11-13not yet calculatedCVE-2017-10885
JVNscala -- scala
 The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.2017-11-15not yet calculatedCVE-2017-15288
CONFIRM
CONFIRM
CONFIRM
CONFIRMschneider_electric -- indusoft_web_studio
 A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.2017-11-13not yet calculatedCVE-2017-14024
BID
MISCsecurimage -- securimage
 HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.2017-11-17not yet calculatedCVE-2017-14077
MISCserendipity -- serendipity
 Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure2017-11-17not yet calculatedCVE-2017-1000129
MISCsharp -- multiple_products
 Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.2017-11-17not yet calculatedCVE-2017-10890
JVNshibboleth -- shibboleth_service_provider
 shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.2017-11-16not yet calculatedCVE-2017-16852
CONFIRM
CONFIRM
CONFIRM
DEBIANsiemens -- sicam_rtus_sm-2556_com_module
 An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to obtain sensitive device information over the network.2017-11-15not yet calculatedCVE-2017-12737
CONFIRMsiemens -- sicam_rtus_sm-2556_com_module
 An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into clicking on a malicious link.2017-11-15not yet calculatedCVE-2017-12738
CONFIRMsiemens -- sicam_rtus_sm-2556_com_module
 An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. The integrated web server (port 80/tcp) of the affected devices could allow unauthenticated remote attackers to execute arbitrary code on the affected device.2017-11-15not yet calculatedCVE-2017-12739
CONFIRMsiemens -- snap7
 The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar functions of the S7 protocol implementation in Snap7 are provided with unexpected input, thus resulting in denial of service attack.2017-11-17not yet calculatedCVE-2017-1000230
MISCsimplexml -- simplexml
 SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.2017-11-17not yet calculatedCVE-2017-1000190
CONFIRMsnmp -- snmp
 The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).2017-11-14not yet calculatedCVE-2017-16820
CONFIRM
CONFIRM
CONFIRM
CONFIRMsodiumoxide -- sodiumoxide
 sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys2017-11-17not yet calculatedCVE-2017-1000168
CONFIRMsoyuka/pidusage -- soyuka/pidusage
 soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution2017-11-16not yet calculatedCVE-2017-1000220
MISCswagger-parser -- swagger-parser
 A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.2017-11-16not yet calculatedCVE-2017-1000208
CONFIRMswftools -- swftools
 In SWFTools, a memcpy buffer overflow was found in gif2swf.2017-11-16not yet calculatedCVE-2017-1000185
MISCswftools -- swftools
 In SWFTools, a memory leak was found in wav2swf.2017-11-16not yet calculatedCVE-2017-1000182
MISCswftools -- swftools
 In SWFTools, an address access exception was found in swfdump swf_GetBits().2017-11-16not yet calculatedCVE-2017-1000174
MISCswftools -- swftools
 In SWFTools, a memcpy buffer overflow was found in swfc.2017-11-16not yet calculatedCVE-2017-1000176
MISCswftools -- swftools
 In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file.2017-11-12not yet calculatedCVE-2017-16797
MISCswftools -- swftools
 In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()2017-11-16not yet calculatedCVE-2017-1000187
MISCswftools -- swftools
 In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.2017-11-12not yet calculatedCVE-2017-16796
MISCswftools -- swftools
 The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.2017-11-12not yet calculatedCVE-2017-16793
MISCswftools -- swftools
 In SWFTools, a stack overflow was found in pdf2swf.2017-11-16not yet calculatedCVE-2017-1000186
MISCswftools -- swftools
 In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.2017-11-17not yet calculatedCVE-2017-16868
MISCswftools -- swftools
 The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.2017-11-12not yet calculatedCVE-2017-16794
MISCsymantec – endpoint_encryption
 Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.2017-11-13not yet calculatedCVE-2017-15526
BID
CONFIRMsymantec – endpoint_encryption
 Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.2017-11-13not yet calculatedCVE-2017-15525
BID
CONFIRMtablepress -- tablepress
 TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.2017-11-17not yet calculatedCVE-2017-10889
JVN
CONFIRMtcmu_runner -- tcmu_runner
 tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service2017-11-16not yet calculatedCVE-2017-1000198
MISCtcmu_runner -- tcmu_runner
 tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service2017-11-16not yet calculatedCVE-2017-1000200
MISCtcmu_runner -- tcmu_runner
 The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of service attack2017-11-16not yet calculatedCVE-2017-1000201
MISCtcmu_runner -- tcmu_runner
 tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.2017-11-16not yet calculatedCVE-2017-1000199
MISCtcpdump -- tcpdump
 tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.2017-11-13not yet calculatedCVE-2017-16808
SECTRACK
CONFIRMtibco -- jasperreports
 A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0.2017-11-15not yet calculatedCVE-2017-5533
BID
CONFIRMtibco -- jasperreports
 A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.2017-11-15not yet calculatedCVE-2017-5532
BID
CONFIRMtine -- tine
 Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation2017-11-17not yet calculatedCVE-2017-1000164
MISCtrusted_boot -- trusted_boot
 Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module (TPM) by hooking these function pointers.2017-11-15not yet calculatedCVE-2017-16837
MISCulterius -- ulterius
 The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.2017-11-13not yet calculatedCVE-2017-16806
CONFIRM
EXPLOIT-DBupx -- upx
 ** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."2017-11-17not yet calculatedCVE-2017-16869
MISCvarnish-cache -- varnish_http_cache
 vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a VFP_GetStorage buffer is larger than intended in certain circumstances involving -sfile Stevedore transient objects.2017-11-15not yet calculatedCVE-2017-8807
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIANvmware -- airwatch_console
 VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add a malicious URL to an enrolled device's 'Links' page. Successful exploitation of this issue could result in an unsuspecting AWC user being redirected to a malicious URL.2017-11-16not yet calculatedCVE-2017-4930
BID
SECTRACK
CONFIRMvmware -- airwatch_console
 VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability that could allow an authenticated AWC user to add malicious data to an enrolled device's log files. Successful exploitation of this issue could result in an unsuspecting AWC user opening a CSV file which contains malicious content.2017-11-16not yet calculatedCVE-2017-4931
BID
SECTRACK
CONFIRMvmware -- airwatch_launcher
 VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege.2017-11-16not yet calculatedCVE-2017-4932
BID
SECTRACK
CONFIRMvmware -- nsx_edge
 VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.2017-11-17not yet calculatedCVE-2017-4929
SECTRACK
CONFIRMvmware -- vcenter_server
 VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.2017-11-17not yet calculatedCVE-2017-4927
BID
SECTRACK
CONFIRMvmware -- workstation_and_fusion
 VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.2017-11-17not yet calculatedCVE-2017-4934
SECTRACK
CONFIRMvmware -- workstation_and_fusion
 VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.2017-11-17not yet calculatedCVE-2017-4938
SECTRACK
CONFIRMvmware -- workstation_and_horizon_view_client_for_windows
 VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.2017-11-17not yet calculatedCVE-2017-4935
SECTRACK
SECTRACK
CONFIRMvmware -- workstation_and_horizon_view_client_for_windows
 VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.2017-11-17not yet calculatedCVE-2017-4937
SECTRACK
SECTRACK
CONFIRMvmware -- workstation_and_horizon_view_client_for_windows
 VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.2017-11-17not yet calculatedCVE-2017-4936
SECTRACK
SECTRACK
CONFIRMvmware -- workstation
 VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.2017-11-17not yet calculatedCVE-2017-4939
CONFIRMvonage -- vdv-23_115_3.2.11-0.9.40_devices
 Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.2017-11-16not yet calculatedCVE-2017-16843
MISC
EXPLOIT-DBvsphere -- web_client
 The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.2017-11-17not yet calculatedCVE-2017-4928
BID
SECTRACK
CONFIRMwbce -- wbce
 WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search2017-11-16not yet calculatedCVE-2017-1000213
CONFIRMwordpress -- wordpress
 The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter.2017-11-17not yet calculatedCVE-2017-16871
MISCwordpress -- wordpress
 installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.2017-11-14not yet calculatedCVE-2017-16815
MISC
MISCwordpress -- wordpress
 The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction.2017-11-17not yet calculatedCVE-2017-16870
MISCwordpress -- wordpress
 Stop User Enumeration 1.3.8 allows user enumeration via the REST API2017-11-17not yet calculatedCVE-2017-1000226
MISCwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.2017-11-15not yet calculatedCVE-2017-16842
MISC
MISCyoutube -- youtube
 CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within the plugin2017-11-16not yet calculatedCVE-2017-1000224
MISCzeit_next.js -- zeit_next.js
 ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.2017-11-17not yet calculatedCVE-2017-16877
CONFIRMzeta_components -- mail
 The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."2017-11-15not yet calculatedCVE-2017-15806
BID
CONFIRM
CONFIRM
MISC
MISC
EXPLOIT-DBzoho -- manageengine_applications_manager
 Zoho ManageEngine Applications Manager 13 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.2017-11-16not yet calculatedCVE-2017-16847
MISCzoho -- manageengine_applications_manager
 Zoho ManageEngine Applications Manager 13 allows SQL injection via the /MyPage.do widgetid parameter.2017-11-16not yet calculatedCVE-2017-16851
MISCzoho -- manageengine_applications_manager
 Zoho ManageEngine Applications Manager 13 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.2017-11-16not yet calculatedCVE-2017-16850
MISCzoho -- manageengine_applications_manager
 Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.2017-11-16not yet calculatedCVE-2017-16848
MISCzoho -- manageengine_applications_manager
 Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.2017-11-16not yet calculatedCVE-2017-16846
MISCzoho -- manageengine_applications_manager
 Zoho ManageEngine Applications Manager 13 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.2017-11-16not yet calculatedCVE-2017-16849
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 13.

SB17-317: Vulnerability Summary for the Week of November 6, 2017

Original release date: November 13, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infographicsmagick -- graphicsmagickThe ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.2017-11-056.8CVE-2017-16545
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagickThe DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.2017-11-066.8CVE-2017-16547
CONFIRM
CONFIRMimagemagick -- imagemagickThe ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.2017-11-056.8CVE-2017-16546
CONFIRM
CONFIRM
CONFIRMBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabb -- fox515t
 An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.2017-11-06not yet calculatedCVE-2017-14025
BID
MISCadvantech -- webaccess
 An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.2017-11-06not yet calculatedCVE-2017-12719
BID
MISCadvantech -- webaccess
 A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.2017-11-06not yet calculatedCVE-2017-14016
BID
MISCasterisk -- open_source_certified_asterisk
 A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.2017-11-08not yet calculatedCVE-2017-16671
CONFIRM
BID
CONFIRMasterisk -- open_source_certified_asterisk
 An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.2017-11-08not yet calculatedCVE-2017-16672
CONFIRM
BID
CONFIRMavaya -- ip_office_contact_center
 Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.2017-11-09not yet calculatedCVE-2017-12969
CONFIRM
MISC
MISC
FULLDISC
BID
EXPLOIT-DBavaya -- ip_office
 Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.2017-11-09not yet calculatedCVE-2017-11309
CONFIRM
MISC
MISC
BID
EXPLOIT-DBbackintime -- backintime
 backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.2017-11-08not yet calculatedCVE-2017-16667
CONFIRM
CONFIRM
CONFIRMbludit -- bludit
 In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.2017-11-06not yet calculatedCVE-2017-16636
MISCbolt_technology -- bolt
 Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.2017-11-09not yet calculatedCVE-2017-16754
BID
MISC
MISCbrother -- debut_software
 The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. NOTE: this might overlap CVE-2017-12568.2017-11-09not yet calculatedCVE-2017-16249
MISC
EXPLOIT-DBcacti -- cacti
 Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.2017-11-08not yet calculatedCVE-2017-16660
MISCcacti -- cacti
 Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.2017-11-08not yet calculatedCVE-2017-16661
MISCcacti -- cacti
 Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.2017-11-10not yet calculatedCVE-2017-16785
MISCcacti -- cacti
 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.2017-11-07not yet calculatedCVE-2017-16641
CONFIRMcesanta -- mongoose
 An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2892
MISCcesanta -- mongoose
 An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2891
MISCcesanta -- mongoose
 An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2922
MISCcesanta -- mongoose
 An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2921
MISCcesanta -- mongoose
 An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2895
MISCcesanta -- mongoose
 An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2893
MISCcesanta -- mongoose
 An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2894
MISCcesanta -- mongoose
 An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2909
MISCcms_made_simple -- cms_made_simple
 In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.2017-11-10not yet calculatedCVE-2017-16784
MISCcms_made_simple -- cms_made_simple
 In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.2017-11-10not yet calculatedCVE-2017-16783
MISCconfire -- confire
 An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-10not yet calculatedCVE-2017-16763
MISCcumulus_networks -- linux
 bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).2017-11-08not yet calculatedCVE-2017-15865
CONFIRM
CONFIRM
CONFIRM
CONFIRMd-link -- dwr-933_device
 XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.2017-11-10not yet calculatedCVE-2017-16765
MISCdatto -- backup_agent
 Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."2017-11-08not yet calculatedCVE-2017-16673
CONFIRMdatto -- windows_agent
 Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA versions.2017-11-08not yet calculatedCVE-2017-16674
CONFIRMdisney -- circleAn exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2916
MISCdisney -- circleAn exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2898
MISCdisney -- circle
 An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12094
MISCdisney -- circle
 An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2913
MISCdisney -- circle
 An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2917
MISCdisney -- circle
 An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2911
MISCdisney -- circle
 An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2881
MISCdisney -- circle
 An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12083
MISCdisney -- circle
 An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12085
MISCdisney -- circle
 An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2914
MISCdisney -- circle
 A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server.2017-11-07not yet calculatedCVE-2017-12084
MISCdisney -- circle
 An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2912
MISCdisney -- circle
 An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2884
MISCdisney -- circle
 An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2889
MISCdisney -- circle
 An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2864
MISCdisney -- circle
 An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2883
MISCdisney -- circle
 An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2866
MISCdisney -- circle
 An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2865
MISCdisney -- circle
 An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2882
MISCdisney -- circle
 An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2915
MISCdisney -- circle
 An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2890
MISCdisney -- circle
 An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12096
MISCdjango_make_app -- django_make_app
 An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-10not yet calculatedCVE-2017-16764
MISCdocker -- moby
 The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.2017-11-04not yet calculatedCVE-2017-16539
MISC
MISC
MISC
MISC
MISCdrupal -- drupal
 Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.2017-11-06not yet calculatedCVE-2015-7878
MISCffmpeg -- ffmpeg
 The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.2017-11-06not yet calculatedCVE-2017-15672
CONFIRM
MLIST
BIDforcepoint -- triton_ap-email
 TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory.2017-11-06not yet calculatedCVE-2017-11177
CONFIRMgentoo -- gentoo
 The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.2017-11-06not yet calculatedCVE-2017-16638
CONFIRMgentoo -- gentoo
 The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.2017-11-08not yet calculatedCVE-2017-16659
CONFIRMgraphicsmagick -- graphicsmagick
 coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.2017-11-08not yet calculatedCVE-2017-16669
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISChashicorp -- vagrant
 In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.2017-11-06not yet calculatedCVE-2017-16001
MISChola -- hola
 Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.2017-11-09not yet calculatedCVE-2017-16757
MISChome_assistant -- home_assistant
 In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.2017-11-10not yet calculatedCVE-2017-16782
CONFIRMhpe -- content_manager_workgroup_service
 A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).2017-11-08not yet calculatedCVE-2017-14360
CONFIRMinedo -- buildmasterInedo BuildMaster before 5.8.2 has XSS.2017-11-10not yet calculatedCVE-2017-16760
CONFIRM
CONFIRMinedo -- buildmaster
 In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.2017-11-10not yet calculatedCVE-2017-16521
MISC
MISC
MISC
MISC
MISCinedo -- buildmaster
 An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.2017-11-10not yet calculatedCVE-2017-16761
CONFIRM
CONFIRM
CONFIRMinedo -- buildmaster
 Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.2017-11-10not yet calculatedCVE-2017-16520
CONFIRM
CONFIRM
CONFIRMingenious -- school_management_system
 /view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.2017-11-07not yet calculatedCVE-2017-16561
EXPLOIT-DBinpage -- inpage
 Special crafted InPage document leads to arbitrary code execution in InPage reader.2017-11-08not yet calculatedCVE-2017-12824
MISCipswitch -- ws_ftp_professional
 Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.2017-11-03not yet calculatedCVE-2017-16513
MISC
MISC
EXPLOIT-DBitext -- itext
 The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.2017-11-08not yet calculatedCVE-2017-9096
BUGTRAQ
MISCjoomla! -- joomla!
 In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.2017-11-09not yet calculatedCVE-2017-16634
BID
SECTRACK
CONFIRMjoomla! -- joomla!
 In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.2017-11-09not yet calculatedCVE-2017-16633
BID
SECTRACK
CONFIRMkabona_ab -- webdatorcentral
 A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.2017-11-07not yet calculatedCVE-2016-0872
MISCkeystonejs -- keystonejs
 KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.2017-11-06not yet calculatedCVE-2017-16570
MISC
MISC
MISClibebml2 -- libebml2
 The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12800
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12801
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12802
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12783
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12781
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12782
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
 The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12780
MISC
FULLDISC
CONFIRMlibrenms -- librenms
 The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.2017-11-09not yet calculatedCVE-2017-16759
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.2017-11-06not yet calculatedCVE-2017-15306
MISC
MISC
MISC
BID
MISClinux -- linux_kernel
 The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16650
MISC
MISClinux -- linux_kernel
 The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16644
MISC
MISClinux -- linux_kernel
 The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16643
MISC
BID
MISC
MISClinux -- linux_kernel
 The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16645
BID
MISC
MISClinux -- linux_kernel
 drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16646
MISC
MISClinux -- linux_kernel
 The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.2017-11-07not yet calculatedCVE-2017-16648
BID
MISC
MISClinux -- linux_kernel
 drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16647
BID
MISC
MISClinux -- linux_kernel
 The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16649
BID
MISC
MISClogitech -- media_server
 Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."2017-11-09not yet calculatedCVE-2017-16567
EXPLOIT-DBlogitech -- media_server
 Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL.2017-11-09not yet calculatedCVE-2017-16568
EXPLOIT-DBmanageengine -- applications_manager
 Zoho ManageEngine Applications Manager 13 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.2017-11-05not yet calculatedCVE-2017-16543
MISC
EXPLOIT-DBmanageengine -- applications_manager
 Zoho ManageEngine Applications Manager 13 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.2017-11-05not yet calculatedCVE-2017-16542
MISC
EXPLOIT-DBmanageengine -- servicedesk
 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.2017-11-08not yet calculatedCVE-2017-11512
MISCmanageengine -- servicedesk
 The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.2017-11-08not yet calculatedCVE-2017-11511
MISCmatroska -- mkvalidator
 The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12779
MISC
FULLDISC
CONFIRMmetalgenix -- genixcms
 Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.2017-11-08not yet calculatedCVE-2015-3933
CONFIRM
EXPLOIT-DBmitrastar -- gpt-2541gnac_router
 MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.2017-11-03not yet calculatedCVE-2017-16523
BID
MISC
EXPLOIT-DBmkclean -- mkclean
 The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12803
MISC
FULLDISC
CONFIRMmlalchemy -- mlalchemy
 An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16615
CONFIRM
CONFIRM
MISCmybb_group -- mybb
 The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.2017-11-10not yet calculatedCVE-2017-16780
CONFIRMmybb_group -- mybb
 The installer in MyBB before 1.8.13 has XSS.2017-11-10not yet calculatedCVE-2017-16781
CONFIRMnetapp -- clustered_data_ontap
 NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.2017-11-09not yet calculatedCVE-2017-5201
BID
CONFIRMnetapp -- oncommand_unified_manager
 NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface.2017-11-09not yet calculatedCVE-2017-11461
BID
CONFIRMnetiq -- imanager
 Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.2017-11-06not yet calculatedCVE-2017-7425
CONFIRM
CONFIRM
CONFIRM
CONFIRMowlmixin -- owlmixin
 An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16618
CONFIRM
CONFIRM
MISCperl -- perl
 The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.2017-11-07not yet calculatedCVE-2008-7319
MISC
MISC
MISC
MISCphp -- php
 In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.2017-11-07not yet calculatedCVE-2017-16642
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMpyanyapi -- pyanyapi
 An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16616
CONFIRM
CONFIRM
MISC
CONFIRMred_hat -- enterprise_linux
 It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15087
BID
CONFIRMred_hat -- enterprise_linux
 It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15086
BID
CONFIRMred_hat -- enterprise_linux
 It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15085
BID
CONFIRMred_hat -- multiple_products
 Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.2017-11-09not yet calculatedCVE-2015-7501
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMremobjects -- remobjects
 RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.2017-11-08not yet calculatedCVE-2017-16665
CONFIRMroundcube -- roundcube
 Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.2017-11-09not yet calculatedCVE-2017-16651
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIANrsync -- rsync
 The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.2017-11-06not yet calculatedCVE-2017-16548
CONFIRM
CONFIRMsam2p -- sam2p
 In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely.2017-11-08not yet calculatedCVE-2017-16663
CONFIRMsamsung -- srn-1670d
 Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.2017-11-06not yet calculatedCVE-2017-16524
MISCsanic -- sanic
 Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.2017-11-10not yet calculatedCVE-2017-16762
CONFIRM
CONFIRMsavitech_corp -- savitech_drivers
 Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."2017-11-09not yet calculatedCVE-2017-9758
BID
MISC
CERT-VN
MISCsiemens -- simatic_pcs_7
 An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.2017-11-06not yet calculatedCVE-2017-14023
BID
SECTRACK
MISCsos -- sos
 sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.2017-11-06not yet calculatedCVE-2015-7529
BID
UBUNTU
MISC
MISC
CONFIRM
CONFIRMsuse -- suse_linux_enterprise_desktop
 The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.2017-11-09not yet calculatedCVE-2017-15638
SUSEswftools -- swftools
 The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.2017-11-09not yet calculatedCVE-2017-16711
MISCsymantec -- endpoint_protection
 Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.2017-11-06not yet calculatedCVE-2017-13680
BID
CONFIRMsymantec -- endpoint_protection
 Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.2017-11-06not yet calculatedCVE-2017-6331
BID
CONFIRMsymantec -- endpoint_protection
 Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.2017-11-06not yet calculatedCVE-2017-13681
BID
CONFIRMsynology -- carddav_server
 An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.2017-11-07not yet calculatedCVE-2017-15887
CONFIRMtinywebgallery -- tinywebgallery
 In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create.2017-11-06not yet calculatedCVE-2017-16635
MISCtor -- browser
 Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.2017-11-04not yet calculatedCVE-2017-16541
BID
MISC
MISC
MISC
MISC
MISCtrihedral -- vtscada
 An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.2017-11-06not yet calculatedCVE-2017-14029
MISCtrihedral -- vtscada
 An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.2017-11-06not yet calculatedCVE-2017-14031
MISCvectura -- perfect_privacy_vpn_manager
 In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the "FrmAdvancedProtection" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers.2017-11-06not yet calculatedCVE-2017-16637
MISC
MISCvonage/grandstream -- ht802_device
 Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.2017-11-06not yet calculatedCVE-2017-16563
MISCvonage/grandstream -- ht802_device
 Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.2017-11-06not yet calculatedCVE-2017-16565
MISCvonage/grandstream -- ht802_device
 Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).2017-11-06not yet calculatedCVE-2017-16564
MISCwordpress -- wordpress
 The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.2017-11-09not yet calculatedCVE-2017-16562
CONFIRM
EXPLOIT-DBwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter.2017-11-09not yet calculatedCVE-2017-16758
MISC
MISC
MISCzurmo -- zurmo
 An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.2017-11-06not yet calculatedCVE-2017-16569
MISCzurmo -- zurmo
 Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.2017-11-06not yet calculatedCVE-2017-15039
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.