Technology

Namecheap.com - The hassle-free way to buy domains and hosting online

Dnsmasq Contains Multiple Vulnerabilities

United States Computer Emergency Readiness Team -

Original release date: October 03, 2017

Dnsmasq versions 2.77 and prior contain multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VUL Note VU#973527 for more information and update to dnsmasq version 2.78.

This product is provided subject to this Notification and this Privacy & Use policy.


SB17-275: Vulnerability Summary for the Week of September 25, 2017

United States Computer Emergency Readiness Team -

Original release date: October 02, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infogoogle -- androiddrivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process.2017-09-257.6CVE-2016-5868
BID
CONFIRM
CONFIRMibm -- business_process_managerIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.2017-09-267.5CVE-2017-1527
CONFIRM
BID
MISCnvidia -- gpu_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.2017-09-227.2CVE-2017-6268
CONFIRM
BIDnvidia -- gpu_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.2017-09-227.2CVE-2017-6269
CONFIRM
BIDnvidia -- gpu_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.2017-09-227.2CVE-2017-6277
CONFIRM
BIDsam2p_project -- sam2pBecause of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element.2017-09-227.5CVE-2017-14636
MISCsam2p_project -- sam2pIn sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address.2017-09-227.5CVE-2017-14637
MISCschneider-electric -- u.motion_builderA SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.2017-09-257.5CVE-2017-7973
CONFIRM
BIDschneider-electric -- u.motion_builderA path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files.2017-09-257.5CVE-2017-7974
CONFIRM
BIDschneider-electric -- u.motion_builderAn authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. An attacker can use that session ID as part of the HTTP cookie of a web request, resulting in authentication bypass2017-09-257.5CVE-2017-9956
CONFIRM
BIDschneider-electric -- u.motion_builderA vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-privilege credentials.2017-09-257.5CVE-2017-9957
CONFIRM
BIDschneider-electric -- u.motion_builderAn improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.2017-09-257.2CVE-2017-9958
CONFIRM
BIDtrendmicro -- mobile_securitySQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.2017-09-2210.0CVE-2017-14078
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRMtrendmicro -- mobile_securityAuthentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.2017-09-227.5CVE-2017-14080
MISC
CONFIRMtrendmicro -- web_security_virtual_applianceVulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections.2017-09-229.0CVE-2017-11396
CONFIRMxceedium -- xsuiteMultiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0.2017-09-257.5CVE-2015-4667
MISC
BUGTRAQ
EXPLOIT-DBxceedium -- xsuiteThe MySQL "root" user in Xsuite 2.3.0 and 2.4.3.0 does not have a password set, which allows local users to access databases on the system.2017-09-257.2CVE-2015-4669
MISC
BUGTRAQ
EXPLOIT-DBBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- strutsCross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.2017-09-254.3CVE-2015-5169
JVN
JVNDB
BID
CONFIRM
CONFIRMartifex -- mupdfArtifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because xps_load_links_in_glyphs in xps/xps-link.c does not verify that an xps font could be loaded.2017-09-226.8CVE-2017-14685
MISC
MISC
MISCartifex -- mupdfArtifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers.2017-09-226.8CVE-2017-14686
MISC
MISC
MISCartifex -- mupdfArtifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.2017-09-226.8CVE-2017-14687
MISC
MISC
MISCfoxitsoftware -- foxit_readerFoxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f."2017-09-224.6CVE-2017-14694
BID
MISCgeminabox_project -- geminaboxgeminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.2017-09-256.8CVE-2017-14683
MISC
MISCgenixcms -- genixcmsIn GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.2017-09-274.3CVE-2017-14761
MISCgenixcms -- genixcmsIn GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.2017-09-274.3CVE-2017-14762
MISCgenixcms -- genixcmsIn the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.2017-09-276.5CVE-2017-14763
MISCgenixcms -- genixcmsIn the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.2017-09-276.5CVE-2017-14764
MISCgenixcms -- genixcmsIn GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.2017-09-274.3CVE-2017-14765
MISCgnu -- binutilsThe *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.2017-09-256.8CVE-2017-14729
MISC
MISC
MISC
MISCgnu -- binutilsThe *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.2017-09-266.8CVE-2017-14745
CONFIRMgraphicsmagick -- graphicsmagickReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2017-09-254.3CVE-2017-14733
CONFIRM
CONFIRMibm -- business_process_managerIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.2017-09-266.5CVE-2017-1539
CONFIRM
BID
MISCibm -- websphere_mqIBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914.2017-09-254.0CVE-2017-1235
CONFIRM
BID
MISCimagemagick -- imagemagickThe AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.2017-09-255.0CVE-2017-14739
CONFIRMimagemagick -- imagemagickThe ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.2017-09-254.3CVE-2017-14741
CONFIRMirfanview -- irfanviewIrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613."2017-09-224.6CVE-2017-14693
MISClibbpg_project -- libbpgThe build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to hevc_decode_init1.2017-09-256.8CVE-2017-14734
MISClibbpg_project -- libbpgThe hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.2017-09-276.8CVE-2017-14795
MISClibbpg_project -- libbpgThe hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.2017-09-276.8CVE-2017-14796
MISClibofx_project -- libofxofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.2017-09-254.3CVE-2017-14731
MISCnvidia -- gpu_driverNVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.2017-09-224.9CVE-2017-6266
CONFIRM
BIDnvidia -- gpu_driverNVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.2017-09-224.9CVE-2017-6267
CONFIRM
BIDnvidia -- gpu_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation during a calculation which may lead to a potential divide by zero and denial of service.2017-09-224.9CVE-2017-6270
CONFIRM
BIDnvidia -- gpu_driverNVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiCreateAllocation where untrusted user input is used as a divisor without validation while processing block linear information which may lead to a potential divide by zero and denial of service.2017-09-224.9CVE-2017-6271
CONFIRM
BIDschneider-electric -- citect_anywhereA cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. This type of attack requires some level of social engineering in order to get a legitimate user to click on or access a malicious link/site containing the CSRF attack.2017-09-256.8CVE-2017-7969
CONFIRM
BID
CONFIRMschneider-electric -- citect_anywhereA vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.2017-09-254.0CVE-2017-7971
CONFIRM
BID
CONFIRMschneider-electric -- citect_anywhereA vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.2017-09-255.2CVE-2017-7972
CONFIRM
BID
CONFIRMschneider-electric -- u.motion_builderA vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system accepts reboot in session from unauthenticated users, supporting a denial of service condition.2017-09-254.9CVE-2017-9959
CONFIRM
BIDschneider-electric -- u.motion_builderAn information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should be available to an unauthenticated user.2017-09-255.0CVE-2017-9960
CONFIRM
BIDstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."2017-09-224.4CVE-2017-14688
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e."2017-09-224.6CVE-2017-14689
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7."2017-09-224.6CVE-2017-14690
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a."2017-09-224.6CVE-2017-14691
MISCstdutility -- stdu_viewerSTDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."2017-09-224.4CVE-2017-14692
MISCtheforeman -- foremanCross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.2017-09-254.3CVE-2015-5282
CONFIRM
MLIST
CONFIRM
CONFIRM
CONFIRMtrendmicro -- mobile_securityUnrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.2017-09-226.5CVE-2017-14079
BID
MISC
MISC
MISC
MISC
CONFIRMtrendmicro -- mobile_securityProxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.2017-09-226.5CVE-2017-14081
BID
MISC
MISC
CONFIRMtrendmicro -- smart_protection_serverCommand injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.2017-09-226.5CVE-2017-11395
MISC
BID
CONFIRMweechat -- loggerlogger.c in the logger plugin in WeeChat before 1.9.1 allows a crash via strftime date/time specifiers, because a buffer is not initialized.2017-09-235.0CVE-2017-14727
BID
CONFIRM
CONFIRM
CONFIRMwordpress -- wordpressBefore version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.2017-09-234.3CVE-2017-14718
BID
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components.2017-09-235.0CVE-2017-14719
BID
MISC
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.2017-09-234.3CVE-2017-14720
BID
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.2017-09-234.3CVE-2017-14721
BID
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress allowed a Directory Traversal attack in the Customizer component via a crafted theme filename.2017-09-235.0CVE-2017-14722
BID
MISC
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.2017-09-234.3CVE-2017-14724
BID
MISC
MISC
MISCwordpress -- wordpressBefore version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.2017-09-234.3CVE-2017-14726
BID
MISC
MISC
MISCxceedium -- xsuiteOpen redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.2017-09-255.8CVE-2015-4668
MISC
BUGTRAQ
EXPLOIT-DBBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infogeminabox_project -- geminaboxgeminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.2017-09-253.5CVE-2017-14506
MISC
MISCibm -- business_process_managerIBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.2017-09-251.9CVE-2017-1346
CONFIRM
BID
MISCibm -- business_process_managerIBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477.2017-09-253.5CVE-2017-1424
CONFIRM
BID
MISCibm -- business_process_managerIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409.2017-09-263.5CVE-2017-1530
CONFIRM
BID
MISCibm -- business_process_managerIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.2017-09-263.5CVE-2017-1531
CONFIRM
BID
MISCibm -- security_identity_managerIBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.2017-09-252.1CVE-2017-1362
CONFIRM
BID
MISClinux -- linux_kernelThe KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.2017-09-262.1CVE-2017-1000252
CONFIRM
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernelThe prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.2017-09-263.6CVE-2017-12154
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMschneider-electric -- citect_anywhereA vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.2017-09-253.3CVE-2017-7970
CONFIRM
BID
CONFIRMtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.2017-09-223.5CVE-2017-14712
MISCtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter.2017-09-223.5CVE-2017-14713
MISCtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.2017-09-223.5CVE-2017-14714
MISCtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.2017-09-223.5CVE-2017-14715
MISCtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.2017-09-223.5CVE-2017-14716
MISCtelaxius -- epesiIn EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.2017-09-223.5CVE-2017-14717
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoantisamy_project -- antisamy
 OWASP AntiSamy through 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.2017-09-25not yet calculatedCVE-2017-14735
CONFIRMapache -- geode
 When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.2017-09-29not yet calculatedCVE-2017-9794
MLISTapache -- mesos
 When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.2017-09-28not yet calculatedCVE-2017-9790
BID
MLISTapache -- mesos
 When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable.2017-09-28not yet calculatedCVE-2017-7687
BID
MLISTapache -- tika
 Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.2017-09-29not yet calculatedCVE-2016-4434
BUGTRAQ
MLISTapache -- xerces
 During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity (XXE) attacks in Apache Commons Jelly before 1.0.1.2017-09-27not yet calculatedCVE-2017-12621
BID
SECTRACK
CONFIRM
MLISTappstudio -- appstudio
 The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.2017-09-28not yet calculatedCVE-2017-7553
CONFIRMarcsight -- arcsight_esm
 An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.2017-09-29not yet calculatedCVE-2017-13988
BID
CONFIRMarcsight -- arcsight_esm
 An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.2017-09-29not yet calculatedCVE-2017-13990
BID
CONFIRMarcsight -- arcsight_esm
 An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.2017-09-29not yet calculatedCVE-2017-13989
BID
CONFIRMarcsight -- arcsight_esm
 A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.2017-09-29not yet calculatedCVE-2017-13986
BID
CONFIRMarcsight -- arcsight_esm
 An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.2017-09-29not yet calculatedCVE-2017-13991
BID
CONFIRMarcsight -- arcsight_esm
 An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.2017-09-29not yet calculatedCVE-2017-13987
BID
CONFIRMartifex -- gsview
 Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068."2017-09-29not yet calculatedCVE-2017-14945
CONFIRMartifex -- gsview
 Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e."2017-09-29not yet calculatedCVE-2017-14946
CONFIRMartifex -- gsview
 Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."2017-09-29not yet calculatedCVE-2017-14947
CONFIRMblizzard -- overwatch
 Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match.2017-09-26not yet calculatedCVE-2017-14748
MISC
MISCbotan -- botan
 A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.2017-09-25not yet calculatedCVE-2017-14737
MISC
MISCbranagh_information_group -- ers_data_system
 ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.2017-09-29not yet calculatedCVE-2017-14702
MISCbroadcom -- bcm4355c0_wi-fi_chips
 On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka B-V2017061205.2017-09-27not yet calculatedCVE-2017-11121
MISC
BID
MISC
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRMbroadcom -- bcm4355c0_wi-fi_chips
 On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.2017-09-27not yet calculatedCVE-2017-11120
MISC
BID
MISC
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DBcash_back_comparison_script -- cash_back_comparison_script
 SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.2017-09-26not yet calculatedCVE-2017-14703
EXPLOIT-DBcisco -- ios
 A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. Beginning with Cisco IOS Software Release 12.2(52)SE, PROFINET is enabled by default on all the base switch module and expansion-unit Ethernet ports. Cisco Bug IDs: CSCuz47179.2017-09-28not yet calculatedCVE-2017-12235
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277.2017-09-28not yet calculatedCVE-2017-12237
BID
SECTRACK
CONFIRMcisco -- ios
 The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.2017-09-28not yet calculatedCVE-2017-12240
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRMcisco -- ios
 Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334.2017-09-28not yet calculatedCVE-2017-12233
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809.2017-09-28not yet calculatedCVE-2017-12232
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132.2017-09-28not yet calculatedCVE-2017-12239
BID
SECTRACK
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol and are sent to an affected device via IPv4 packets. An attacker could exploit this vulnerability by sending a crafted H.323 RAS packet through an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to use an application layer gateway with NAT (NAT ALG) for H.323 RAS messages. By default, a NAT ALG is enabled for H.323 RAS messages. Cisco Bug IDs: CSCvc57217.2017-09-28not yet calculatedCVE-2017-12231
BID
SECTRACK
CONFIRMcisco -- ios
 Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).2017-09-25not yet calculatedCVE-2010-3050
CISCOcisco -- ios
 A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008.2017-09-28not yet calculatedCVE-2017-12236
BID
SECTRACK
CONFIRMcisco -- ios
 Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.2017-09-28not yet calculatedCVE-2017-12234
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069.2017-09-28not yet calculatedCVE-2017-12222
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is due to insufficient input validation for the REST API of the affected software. An attacker could exploit this vulnerability by sending a malicious API request to an affected device. A successful exploit could allow the attacker to bypass authentication and gain access to the web UI of the affected software. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuz46036.2017-09-28not yet calculatedCVE-2017-12229
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incorrect default permission settings for new users who are created by using the web UI of the affected software. An attacker could exploit this vulnerability by using the web UI of the affected software to create a new user and then logging into the web UI as the newly created user. A successful exploit could allow the attacker to elevate their privileges on the affected device. This vulnerability affects Cisco devices that are running a vulnerable release Cisco IOS XE Software, if the HTTP Server feature is enabled for the device. The newly redesigned, web-based administration UI was introduced in the Denali 16.2 Release of Cisco IOS XE Software. This vulnerability does not affect the web-based administration UI in earlier releases of Cisco IOS XE Software. Cisco Bug IDs: CSCuy83062.2017-09-28not yet calculatedCVE-2017-12230
BID
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.2017-09-28not yet calculatedCVE-2017-12238
BID
SECTRACK
CONFIRMcisco -- ios
 Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).2017-09-25not yet calculatedCVE-2010-3049
CISCOcisco -- ios
 The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions.2017-09-25not yet calculatedCVE-2011-4667
CISCO
CISCOcisco -- ios
 A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker could exploit this vulnerability by authenticating to the Wireless Controller GUI as a Lobby Administrator user of an affected device and subsequently changing the state or protocol for their connection to the GUI. A successful exploit could allow the attacker to elevate their privilege level to administrator and gain full control of the affected device. This vulnerability affects the following Cisco products if they are running Cisco IOS XE Software Release 3.7.0E, 3.7.1E, 3.7.2E, 3.7.3E, 3.7.4E, or 3.7.5E: Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, Cisco New Generation Wireless Controllers (NGWC) 3850. Cisco Bug IDs: CSCvd73746.2017-09-28not yet calculatedCVE-2017-12226
BID
SECTRACK
SECTRACK
CONFIRMcisco -- ios
 A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171.2017-09-28not yet calculatedCVE-2017-12228
SECTRACK
CONFIRMcitrix -- citrix_web_interface
 Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter.2017-09-27not yet calculatedCVE-2015-7349
MISC
CONFIRM
CONFIRMcitrix -- netscaler_application_delivery_controller_and_netscaler_gateway
 A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.2017-09-26not yet calculatedCVE-2017-14602
BID
CONFIRMclaydip -- laravel_airbnb_clone
 Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile.2017-09-26not yet calculatedCVE-2017-14704
EXPLOIT-DBcomicsmart -- ganma!
 GANMA! App for iOS does not verify SSL certificates.2017-09-25not yet calculatedCVE-2015-7785
JVN
JVNDBcyberlink -- labelprint
 Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.2017-09-23not yet calculatedCVE-2017-14627
MISC
EXPLOIT-DBdebian -- fso
 The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.2017-09-25not yet calculatedCVE-2014-8156
MLIST
BID
XFdebian -- inspircd
 inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.2017-09-25not yet calculatedCVE-2012-6696
DEBIAN
MLIST
CONFIRMdevscripts -- devscripts
 scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.2017-09-25not yet calculatedCVE-2015-5704
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
CONFIRMdigium -- asterisk_gui
 An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.2017-09-25not yet calculatedCVE-2017-14001
BID
MISCegroupware -- egroupware _community_edition
 Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.2017-09-29not yet calculatedCVE-2017-14920
MISC
MISCelastic -- x-pack_security
 An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index.2017-09-28not yet calculatedCVE-2017-8447
MISCelasticsearch -- elastic_cloud_enterprise
 The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data.2017-09-28not yet calculatedCVE-2017-8444
MISCelasticsearch -- kibana
 Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.2017-09-28not yet calculatedCVE-2017-11479
MISCelasticsearch -- x-pack_alerting
 An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges.2017-09-28not yet calculatedCVE-2017-8448
MISCexiv2 -- exiv2
 An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2017-09-28not yet calculatedCVE-2017-14862
MISCexiv2 -- exiv2
 There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.2017-09-28not yet calculatedCVE-2017-14858
MISCexiv2 -- exiv2
 There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.2017-09-28not yet calculatedCVE-2017-14866
MISCexiv2 -- exiv2
 A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2017-09-28not yet calculatedCVE-2017-14863
MISCexiv2 -- exiv2
 There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.2017-09-28not yet calculatedCVE-2017-14860
MISCexiv2 -- exiv2
 There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.2017-09-28not yet calculatedCVE-2017-14861
MISCexiv2 -- exiv2
 An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2017-09-28not yet calculatedCVE-2017-14864
MISCexiv2 -- exiv2
 An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.2017-09-28not yet calculatedCVE-2017-14859
MISCexiv2 -- exiv2
 There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.2017-09-28not yet calculatedCVE-2017-14865
MISCexiv2 -- exiv2
 In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.2017-09-28not yet calculatedCVE-2017-14857
MISCeyesofnetwork -- eyesofnetwork_web_interface
 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.2017-09-26not yet calculatedCVE-2017-14753
BID
MISCfaleemi -- wireless-ip-camera
 Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.2017-09-26not yet calculatedCVE-2017-14743
MISCffmpeg -- ffmpeg
 The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.2017-09-27not yet calculatedCVE-2017-14767
BID
CONFIRMfilerun -- filerun
 FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).2017-09-29not yet calculatedCVE-2017-14738
MISC
MISC
EXPLOIT-DBfreeipa -- freeipa
 FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session.2017-09-27not yet calculatedCVE-2017-11191
MISCgentoo -- gentoo
 The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.2017-09-25not yet calculatedCVE-2017-14730
CONFIRM
CONFIRM
CONFIRM
CONFIRMgit -- git
 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.2017-09-28not yet calculatedCVE-2017-14867
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMgnu -- binutils
 decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.2017-09-29not yet calculatedCVE-2017-14932
CONFIRM
CONFIRMgnu -- binutils
 Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-09-29not yet calculatedCVE-2017-14930
CONFIRMgnu -- binutils
 _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.2017-09-29not yet calculatedCVE-2017-14938
MISC
MISC
MISCgnu -- binutils
 process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.2017-09-29not yet calculatedCVE-2017-14934
CONFIRM
CONFIRMgnu -- binutils
 decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.2017-09-29not yet calculatedCVE-2017-14939
MISC
MISC
MISCgnu -- binutils
 read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.2017-09-29not yet calculatedCVE-2017-14933
CONFIRM
CONFIRM
CONFIRMgnu -- binutils
 scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.2017-09-29not yet calculatedCVE-2017-14940
MISC
MISC
MISCgoogle -- android
 Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.2017-09-25not yet calculatedCVE-2014-8889
MISC
FULLDISC
BUGTRAQ
BID
MISCgoogle -- android
 WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.2017-09-25not yet calculatedCVE-2014-0997
MISC
FULLDISC
BUGTRAQ
BID
MISC
EXPLOIT-DBgoogle -- android
 The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.2017-09-29not yet calculatedCVE-2017-14582
MISCgoogle -- android
 Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.2017-09-27not yet calculatedCVE-2015-1537
BID
CONFIRM
MISCgoogle -- android
 ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.2017-09-25not yet calculatedCVE-2015-5666
JVN
JVNDB
BIDgoogle -- android
 The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.2017-09-27not yet calculatedCVE-2015-1526
BID
MISCgoogle -- googlemaps
 The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428.2017-09-27not yet calculatedCVE-2014-9686
FULLDISC
MISC
MLISThp -- hpe_sitescope
 An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.2017-09-29not yet calculatedCVE-2017-14349
BID
CONFIRMhpe -- application_performance_management_platformAn authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.2017-09-29not yet calculatedCVE-2017-13983
CONFIRMhpe -- application_performance_management_platform
 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.2017-09-29not yet calculatedCVE-2017-13985
CONFIRMhpe -- application_performance_management_platform
 An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.2017-09-29not yet calculatedCVE-2017-13984
CONFIRMhpe -- application_performance_management_platform
 A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.2017-09-29not yet calculatedCVE-2017-13982
CONFIRMhpe -- application_performance_management_platform
 A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.2017-09-29not yet calculatedCVE-2017-14350
BID
CONFIRMhpe -- hp_ucmdb_configuration_manager
 A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.2017-09-29not yet calculatedCVE-2017-14351
CONFIRMhpe -- hp_ucmdb_configuration_manager
 A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.2017-09-29not yet calculatedCVE-2017-14352
CONFIRMhuawei -- s7700_and_s9700_and_s9300
 Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.2017-09-25not yet calculatedCVE-2015-7846
BID
CONFIRMhuawei -- uap2105
 Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.2017-09-25not yet calculatedCVE-2015-6592
BID
CONFIRMibm -- api_connect
 IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.2017-09-25not yet calculatedCVE-2017-1555
CONFIRM
BID
MISCibm -- api_connect
 IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 131291.2017-09-25not yet calculatedCVE-2017-1551
CONFIRM
MISCibm -- business_process_manager
 IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127478.2017-09-26not yet calculatedCVE-2017-1425
CONFIRM
BID
MISCibm -- security_identity_manager_adapters
 IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 128621.2017-09-27not yet calculatedCVE-2017-1483
CONFIRM
BID
MISCibm -- security_identity_manager_virtual_appliance
 IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394.2017-09-27not yet calculatedCVE-2017-1407
CONFIRM
BID
MISCibm -- websphere_datapower_appliances
 IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.2017-09-27not yet calculatedCVE-2017-1591
CONFIRM
BID
MISCibm -- websphere_portal
 IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.2017-09-27not yet calculatedCVE-2017-1577
CONFIRM
BID
SECTRACK
MISCinedo -- proget
 Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.2017-09-29not yet calculatedCVE-2017-14944
CONFIRMintelbras -- wireless_router
 Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.2017-09-29not yet calculatedCVE-2017-14942
MISC
EXPLOIT-DBjerryscript -- jerryscript
 JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.2017-09-26not yet calculatedCVE-2017-14749
MISCjsoup -- jsoup
 Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.2017-09-25not yet calculatedCVE-2015-6748
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMkde -- kmail
 KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.2017-09-27not yet calculatedCVE-2014-8878
MLIST
BID
CONFIRM
CONFIRMkupu -- kupu
 Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.2017-09-25not yet calculatedCVE-2015-7317
MLIST
CONFIRM
CONFIRM
CONFIRMlaravel -- laravel
 Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.2017-09-27not yet calculatedCVE-2017-14775
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
 Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.2017-09-25not yet calculatedCVE-2015-5327
MLIST
CONFIRM
CONFIRMmagento -- magento
 Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer field.2017-09-25not yet calculatedCVE-2015-8707
CONFIRMmahara -- mahara
 Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.2017-09-25not yet calculatedCVE-2017-9551
CONFIRM
CONFIRMman-db -- man-db
 The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.2017-09-27not yet calculatedCVE-2015-1336
MISC
MISC
MISC
MLIST
BID
CONFIRM
MISC
GENTOOmicrosoft -- windows_app_studio
 It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using App Studio.2017-09-28not yet calculatedCVE-2017-7554
CONFIRMmillicore -- millicore
 The file editor in millicore allows files to be executed, as well as created. An attacker could use this flaw to compromise other users, or teams projects stored in source control management of the RHMAP Core installation.2017-09-28not yet calculatedCVE-2017-7552
CONFIRMmojoomla -- annual_maintenance_contract_(amc)_management_system
 Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.2017-09-27not yet calculatedCVE-2017-14841
EXPLOIT-DBmultitech_faxfinder -- multitech_faxfinder
 MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext.2017-09-29not yet calculatedCVE-2016-10512
MISCnode.js -- node.js
 Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.2017-09-27not yet calculatedCVE-2017-14849
BID
CONFIRM
CONFIRMnorton -- remove_and_reinstall
 Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability.2017-09-27not yet calculatedCVE-2017-13676
BID
CONFIRMnvidia -- gpu_display_driver
 NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.2017-09-22not yet calculatedCVE-2017-6272
CONFIRM
BIDoctober_cms -- october_cms
 Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.2017-09-27not yet calculatedCVE-2015-5613
MLIST
CONFIRM
CONFIRMogaki_kyoritsu_bank -- smartphone_passbook
 Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.2017-09-26not yet calculatedCVE-2015-0874
JVN
JVNDB
BIDopenexif -- openexif
 ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file.2017-09-29not yet calculatedCVE-2017-14931
MISC
MISCopenhpi -- openhpi
 openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).2017-09-26not yet calculatedCVE-2015-3248
FEDORA
CONFIRM
CONFIRMopentext -- documentum_administrator
 Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.2017-09-27not yet calculatedCVE-2017-14524
FULLDISC
CONFIRMopentext -- documentum_administrator
 Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.2017-09-27not yet calculatedCVE-2017-14526
FULLDISC
CONFIRMopentext -- documentum_webtop
 Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.2017-09-27not yet calculatedCVE-2017-14527
FULLDISC
CONFIRMopentext -- documentum_webtop
 Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.2017-09-27not yet calculatedCVE-2017-14525
FULLDISC
CONFIRMpercona -- percona_toolkit
 The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.2017-09-28not yet calculatedCVE-2015-1027
CONFIRM
CONFIRMpercona -- percona_toolkit
 The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.2017-09-28not yet calculatedCVE-2014-2029
MLIST
CONFIRM
CONFIRMperl -- perl
 Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.2017-09-27not yet calculatedCVE-2017-12814
BID
CONFIRM
CONFIRM
CONFIRMphilips -- hue_bridge
 Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.2017-09-30not yet calculatedCVE-2017-14797
MISCphp-fusion_9 -- php-fusion_9
 Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.2017-09-25not yet calculatedCVE-2015-8375
MISC
MLIST
CONFIRM
CONFIRMplone -- plone
 Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.2017-09-25not yet calculatedCVE-2015-7318
MLIST
CONFIRM
CONFIRM
CONFIRMplone -- plone
 Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.2017-09-25not yet calculatedCVE-2015-7315
MLIST
CONFIRM
CONFIRM
CONFIRMplone -- plone
 Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.2017-09-25not yet calculatedCVE-2015-7316
MLIST
CONFIRM
MISC
CONFIRMpoppler -- poppler
 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.2017-09-29not yet calculatedCVE-2017-14926
CONFIRMpoppler -- poppler
 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.2017-09-29not yet calculatedCVE-2017-14928
CONFIRMpoppler -- poppler
 In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.2017-09-29not yet calculatedCVE-2017-14927
CONFIRMpoppler -- poppler
 In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.2017-09-29not yet calculatedCVE-2017-14929
CONFIRMprotobuf -- protobuf
 protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.2017-09-25not yet calculatedCVE-2015-5237
MLIST
CONFIRM
CONFIRMpulp -- pulp-consumer-client
 pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.2017-09-25not yet calculatedCVE-2015-5263
MISC
MLIST
CONFIRM
CONFIRMpulse_secure -- pulse_one_on-premise
 Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.2017-09-29not yet calculatedCVE-2017-14935
CONFIRMred_hat -- enterprise_virtualization
 redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.2017-09-25not yet calculatedCVE-2015-7544
CONFIRM
REDHATred_hat -- enterprise_virtualization
 ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string.2017-09-25not yet calculatedCVE-2014-8170
CONFIRM
MISCred_hat -- jboss_a-mqThe Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.2017-09-25not yet calculatedCVE-2015-5183
CONFIRMred_hat -- jboss_a-mq
 The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.2017-09-25not yet calculatedCVE-2015-5181
REDHAT
CONFIRM
REDHATred_hat -- jboss_a-mq
 The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact.2017-09-25not yet calculatedCVE-2015-5184
CONFIRMred_hat -- jboss_a-mq
 Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.2017-09-25not yet calculatedCVE-2015-5182
CONFIRM

red_hat -- openshift_enterprise_2
 


 selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to obtain process listing information via a privilege escalation attack.2017-09-25not yet calculatedCVE-2015-0238
CONFIRM
CONFIRMred_hat -- openshift
 The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.2017-09-27not yet calculatedCVE-2015-8249
MISC
MISC
MISC
EXPLOIT-DBsaltstack -- salt
 Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.2017-09-26not yet calculatedCVE-2017-5200
CONFIRM
CONFIRM
CONFIRMsaltstack -- salt
 When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.2017-09-26not yet calculatedCVE-2017-5192
CONFIRM
CONFIRM
CONFIRMsap -- enterprise_portal
 Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516.2017-09-28not yet calculatedCVE-2017-10701
BID
BID
BID
MISCschneider_electric -- clearscada
 Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. Client applications affected include ViewX and the Server Icon.2017-09-25not yet calculatedCVE-2017-9962
CONFIRMschneider_electric -- pro-face_gp_pro_ex
 A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. Malicious code installation requires an access to the computer. By placing a specific DLL/OCX file, an attacker is able to force the process to load arbitrary DLL and execute arbitrary code in the context of the process.2017-09-25not yet calculatedCVE-2017-9961
CONFIRM
BIDsmarterstats -- smarterstats
 SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.2017-09-29not yet calculatedCVE-2017-14620
MISCsystemd -- systemd
 Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.2017-09-25not yet calculatedCVE-2015-7510
CONFIRM
CONFIRM
CONFIRMtcpdump -- tcpdump
 print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash).2017-09-27not yet calculatedCVE-2015-3138
SUSE
CONFIRM
CONFIRM
CONFIRMteamwork -- job_links
 TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.2017-09-27not yet calculatedCVE-2017-14838
EXPLOIT-DBteamwork -- photo_fusionTeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.2017-09-27not yet calculatedCVE-2017-14839
EXPLOIT-DBteamwork -- ticketplus
 TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.2017-09-27not yet calculatedCVE-2017-14840
EXPLOIT-DBtestlink -- testlink
 SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.2017-09-26not yet calculatedCVE-2015-7390
BUGTRAQtestlink -- testlink
 Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php; the (3) containerType parameter to lib/testcases/containerEdit.php; the (4) filter_tc_id or (5) filter_testcase_name parameter to lib/testcases/listTestCases.php; the (6) useRecursion parameter to lib/testcases/tcImport.php; the (7) targetTestCase or (8) created_by parameter to lib/testcases/tcSearch.php; or the (9) HTTP Referer header to third_party/user_contribution/fakeRemoteExecServer/client4fakeXMLRPCTestRunner.php.2017-09-26not yet calculatedCVE-2015-7391
BUGTRAQtiki -- tiki
 Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.2017-09-29not yet calculatedCVE-2017-14924
MISC
MISC
MISCtiki -- tiki
 Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.2017-09-29not yet calculatedCVE-2017-14925
MISC
MISC
MISCtine -- tine
 Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-29not yet calculatedCVE-2017-14921
MISC
MISC
MISC
MISC
MISCtine -- tine
 Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-29not yet calculatedCVE-2017-14922
MISC
MISC
MISC
MISC
MISCtine -- tine
 Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-29not yet calculatedCVE-2017-14923
MISC
MISC
MISC
MISC
MISCubuntu -- ubuntu
 usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.2017-09-27not yet calculatedCVE-2015-3643
MLIST
MLIST
BID
MISC
UBUNTU
UBUNTU
EXPLOIT-DBueditor -- ueditor
 UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.2017-09-26not yet calculatedCVE-2017-14744
MISCunify -- openstage_and_openscape_desk_phones
 OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys.2017-09-25not yet calculatedCVE-2015-8251
CERT-VN
CONFIRM
CONFIRM
CONFIRMunisys -- libra
 Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption.2017-09-29not yet calculatedCVE-2017-13684
CONFIRMvebto -- pixie_image_editor
 Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.2017-09-25not yet calculatedCVE-2017-12905
FULLDISCwesnoth -- battle_for_wesnoth
 The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.2017-09-26not yet calculatedCVE-2015-5069
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISCwesnoth -- battle_for_wesnoth
 The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.2017-09-26not yet calculatedCVE-2015-5070
FEDORA
FEDORA
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISCwordpress -- wordpress
 The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.2017-09-26not yet calculatedCVE-2017-14751
MISC
BID
MISCwordpress -- wordpress
 The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.2017-09-29not yet calculatedCVE-2015-9233
MISC
MISC
MISCwordpress -- wordpress
 Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14844
EXPLOIT-DBwordpress -- wordpress
 The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.2017-09-29not yet calculatedCVE-2015-9234
MISC
MISC
MISCwordpress -- wordpress
 SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme task in the wpdevart_gallery_themes page to wp-admin/admin.php.2017-09-25not yet calculatedCVE-2017-14125
FULLDISC
MISCwordpress -- wordpress
 Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14847
EXPLOIT-DBwordpress -- wordpress
 Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14845
EXPLOIT-DBwordpress -- wordpress
 Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14842
EXPLOIT-DBwordpress -- wordpress
 Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14843
EXPLOIT-DBwordpress -- wordpress
 SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.2017-09-27not yet calculatedCVE-2017-14760
MISCwordpress -- wordpress
 Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.2017-09-27not yet calculatedCVE-2017-14622
BID
MISC
CONFIRMwordpress -- wordpress
 Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.2017-09-27not yet calculatedCVE-2017-14846
EXPLOIT-DBwordpress -- wordpress
 Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.2017-09-27not yet calculatedCVE-2017-2551
MISC
CONFIRMwordpress -- wordpress
 Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.2017-09-23not yet calculatedCVE-2017-14725
BID
MISC
MISC
MISCwordpress -- wordpress
 Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.2017-09-28not yet calculatedCVE-2017-14507
EXPLOIT-DBwordpress -- wordpress
 The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.2017-09-27not yet calculatedCVE-2017-14766
MISC
MISC
MISCwordpress -- wordpress
 Before version 4.8.2, WordPress mishandled % characters and additional placeholder values in $wpdb->prepare, and thus did not properly address the possibility of plugins and themes enabling SQL injection attacks.2017-09-23not yet calculatedCVE-2017-14723
BID
MISC
MISC
MISC
MISC
MISC
MISC
MISCwordpress -- wordpress
 Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter.2017-09-26not yet calculatedCVE-2015-7670
BUGTRAQ
CONFIRM
MISCzkteco -- zktime_web
 Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.2017-09-26not yet calculatedCVE-2017-13129
BUGTRAQ
FULLDISCzope_and_plone -- zope_and_plone
 Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.2017-09-25not yet calculatedCVE-2015-7293
MISC
CONFIRM
CONFIRM
EXPLOIT-DBzte -- microwave_nr8000_series_products
 All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.2017-09-27not yet calculatedCVE-2017-10932
CONFIRMzyxel -- multiple_products
 ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.2017-09-27not yet calculatedCVE-2015-7256
CERT-VN
CONFIRMBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


Pages

Subscribe to The small business and technology guru aggregator - Technology