SB17-184: Vulnerability Summary for the Week of June 26, 2017

By Newsroom America Feeds at 3 Jul 2017

Original release date: July 03, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.2017-06-277.1CVE-2017-9222
MISCaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.2017-06-277.1CVE-2017-9253
MISCaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.2017-06-277.1CVE-2017-9254
MISCaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.2017-06-277.1CVE-2017-9255
MISCaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.2017-06-277.1CVE-2017-9256
MISCaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.2017-06-277.1CVE-2017-9257
MISCeasysitecms -- easysiteSQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element.2017-06-247.5CVE-2017-9848
MISClinux -- linux_kernelThe snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.2017-06-287.2CVE-2017-9984
BID
MISClinux -- linux_kernelThe snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.2017-06-287.2CVE-2017-9985
BID
MISClinux -- linux_kernelThe intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.2017-06-287.2CVE-2017-9986
BID
MISCmicrosoft -- internet_explorerInternet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code.2017-06-277.6CVE-2014-6354
MISC
MSpiwigo -- piwigoThe ws_session_logout function in Piwigo 2.9.1 and earlier does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.2017-06-247.5CVE-2017-9837
MISCBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.2017-06-274.3CVE-2017-9218
MISCaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.2017-06-274.3CVE-2017-9219
MISCaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.2017-06-274.3CVE-2017-9220
MISCaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.2017-06-274.3CVE-2017-9221
MISCaudiocoding -- freeware_advanced_audio_decoder_2The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.2017-06-274.3CVE-2017-9223
MISCcognito -- moneyworksPassword exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.2017-06-265.0CVE-2017-9615
MISC
MISCdolibarr -- dolibarrDolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.2017-06-256.5CVE-2017-9840
MISCexiv2 -- exiv2There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.2017-06-265.0CVE-2017-9953
MISCfreedesktop -- popplerThe function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.2017-06-254.3CVE-2017-9865
MISC
MISCgnu -- binutilsThe getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.2017-06-264.3CVE-2017-9954
BID
MISCgnu -- binutilsThe get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.2017-06-264.3CVE-2017-9955
MISCibm -- qradar_security_information_and_event_managerIBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783.2017-06-275.0CVE-2016-9738
CONFIRM
BID
MISCibm -- qradar_security_information_and_event_managerIBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208.2017-06-274.3CVE-2016-9972
CONFIRM
BID
MISCibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.2017-06-234.0CVE-2017-1131
CONFIRM
BID
MISCibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667.2017-06-234.0CVE-2017-1193
CONFIRM
BID
MISCibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.2017-06-236.5CVE-2017-1347
CONFIRM
BID
MISClame_project -- lameThe lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate.2017-06-254.3CVE-2015-9099
BID
MISClame_project -- lameThe fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.2017-06-254.3CVE-2015-9100
BID
MISClame_project -- lameThe fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.2017-06-254.3CVE-2015-9101
BID
MISC
MISClame_project -- lameThe II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.2017-06-254.3CVE-2017-9869
BID
MISClame_project -- lameThe III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.2017-06-254.3CVE-2017-9870
BID
MISClame_project -- lameThe III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.2017-06-256.8CVE-2017-9871
BID
MISClame_project -- lameThe III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.2017-06-256.8CVE-2017-9872
BID
MISClibmtp_project -- libmtpAn integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable.2017-06-234.6CVE-2017-9831
CONFIRMlibmtp_project -- libmtpAn integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable.2017-06-234.6CVE-2017-9832
CONFIRMlibtiff -- libtiffLibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool.2017-06-264.3CVE-2014-8127
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
SUSE
MISC
MLIST
BID
GENTOOlibtiff -- libtiffIn LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.2017-06-266.8CVE-2017-9935
MISC
BIDlibtiff -- libtiffIn LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.2017-06-264.3CVE-2017-9936
MISC
BIDlibtiff -- libtiffIn LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.2017-06-264.3CVE-2017-9937
MISC
BIDlibtorrent -- libtorrentThe bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.2017-06-244.3CVE-2017-9847
CONFIRMlrzip_project -- lrzipIn lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.2017-06-264.3CVE-2017-9928
MISC
MISClrzip_project -- lrzipIn lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.2017-06-264.3CVE-2017-9929
MISC
MISCmagicwinmail -- winmail_serverWinmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.2017-06-246.5CVE-2017-9846
MISC
MISCntop -- ntopngntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.2017-06-264.3CVE-2017-7416
CONFIRMntop -- ntopngThe NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.2017-06-265.0CVE-2017-7458
MISC
MISCntop -- ntopngntopng before 3.0 allows HTTP Response Splitting.2017-06-265.0CVE-2017-7459
CONFIRMopenvpn -- openvpnOpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet.2017-06-275.0CVE-2017-7508
BID
CONFIRMopenvpn -- openvpnOpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.2017-06-274.0CVE-2017-7522
BID
CONFIRMzohocorp -- manageengine_firewall_analyzerDirectory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.2017-06-274.0CVE-2015-7780
JVN
JVNDBzohocorp -- manageengine_firewall_analyzerManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.2017-06-275.0CVE-2015-7781
JVN
JVNDBBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoibm -- qradar_security_information_and_event_managerIBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123913.2017-06-273.5CVE-2017-1234
CONFIRM
BID
MISCibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.2017-06-232.1CVE-2016-5893
CONFIRM
BID
MISCibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418.2017-06-233.5CVE-2017-1132
CONFIRM
BID
MISCibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.2017-06-232.1CVE-2017-1302
CONFIRM
BID
MISCibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524.2017-06-233.5CVE-2017-1348
CONFIRM
BID
MISCibm -- sterling_b2b_integratorIBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.2017-06-232.1CVE-2017-1349
CONFIRM
BID
MISCmosquitto_project -- mosquittoIn Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.2017-06-252.1CVE-2017-9868
CONFIRMpiwigo -- piwigoCross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).2017-06-243.5CVE-2017-9836
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoadobe -- multiple_products
 Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.2017-06-27not yet calculatedCVE-2016-0959
CONFIRM
CONFIRMgoogle -- android
 The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.2017-06-27not yet calculatedCVE-2015-3840
CONFIRM
MISC
CONFIRMantiy -- antiy_antivirus
 Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a denial of service (BSOD) via a long third argument in a DeviceIoControl call.2017-06-30not yet calculatedCVE-2017-10674
MISCapache -- apache_ignite
 Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.2017-06-28not yet calculatedCVE-2017-7686
CONFIRM
BIDapple -- safariUse after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.2017-06-27not yet calculatedCVE-2017-2491
BID
MISC
CONFIRMarcadyan -- star*
 Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure.2017-06-28not yet calculatedCVE-2016-10042
CONFIRMb._braun_medical -- spacecom_module
 An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.2017-06-29not yet calculatedCVE-2017-6018
MISCbecton_dickinson_and_company -- performa_and_kla_journal
 A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.2017-06-29not yet calculatedCVE-2017-6022
BID
MISCbelden -- hirschmann_gecko_lite_managed_switchA Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination.2017-06-29not yet calculatedCVE-2017-6036
MISCbelden -- hirschmann_gecko_lite_managed_switch
 A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.2017-06-29not yet calculatedCVE-2017-6038
MISCbelden -- hirschmann_gecko_lite_managed_switch
 An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously.2017-06-29not yet calculatedCVE-2017-6040
MISCbiscom -- secure_file_transfer
 Biscom Secure File Transfer version 5.1.1015 (and possibly prior) is vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has been resolved in version 5.1.1025.2017-06-28not yet calculatedCVE-2017-5241
BID
MISCcisco -- asa_5500_series
 ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5520 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5505 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5525-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5585-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5540 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5515-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5555-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.4.x before 9.4.1 Interim, 9.1.x before 9.1.6 Interim, ASA 5580 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.1.x before 9.1.6 Interim, ASA 5585-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 9.4.x before 9.4.1 Interim, ASA 5525-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP. 9.1.x before 9.1.6 ASA does not check the source of the ARP request or GARP packets for addresses it performs NAT translation for under unspecified conditions.2017-06-27not yet calculatedCVE-2012-5010
BID
CONFIRMcisco -- prime_infrastructure_and_evolved_programmable_network_manager
 A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as perform remote code execution. The attacker must have valid user credentials. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file with malicious entries which could allow the attacker to read and write files and execute remote code within the application, aka XML Injection. Cisco Prime Infrastructure software releases 1.1 through 3.1.6 are vulnerable. Cisco EPNM software releases 1.2, 2.0, and 2.1 are vulnerable. Cisco Bug IDs: CSCvc23894 CSCvc49561.2017-06-26not yet calculatedCVE-2017-6662
BID
CONFIRMcisco -- virtualized_packet_core-distributed_instance
 A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending crafted UDP packets to the distributed instance (DI) network addresses of both CF instances on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability can be exploited via IPv4 traffic only. Cisco Bug IDs: CSCvc01665 CSCvc35565.2017-06-26not yet calculatedCVE-2017-6678
BID
CONFIRMcisco -- webex_network_recording_player
 Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via email or URL and convincing the user to launch the file. Exploitation of these vulnerabilities could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. The Cisco WebEx Network Recording Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. The following client builds are affected by this vulnerability: Cisco WebEx Business Suite (WBS29) client builds prior to T29.13.130, Cisco WebEx Business Suite (WBS30) client builds prior to T30.17, Cisco WebEx Business Suite (WBS31) client builds prior to T31.10. Cisco Bug IDs: CSCvc47758 CSCvc51227 CSCvc51242.2017-06-26not yet calculatedCVE-2017-6669
BID
CONFIRMcode42 -- crashplan_5.4.x
 Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.2017-06-27not yet calculatedCVE-2017-9830
MISCdebian -- stalin
 stalin 0.11-5 allows local users to write to arbitrary files.2017-06-27not yet calculatedCVE-2015-8697
MISC
MLIST
BID
CONFIRM
MISC
CONFIRMelephone -- elephone_p9000
 The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.2017-06-30not yet calculatedCVE-2017-10709
MISC
MISC
MISC
MISC
MISCelog -- elog
 elog 3.1.1 allows remote attackers to post data as any username in the logbook.2017-06-27not yet calculatedCVE-2016-6342
CONFIRM
FEDORAemc --vasa_provider_virtual_applianceEMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-06-29not yet calculatedCVE-2017-4997
CONFIRM
BIDfedora -- arm_installer
 fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.2017-06-26not yet calculatedCVE-2017-7496
CONFIRMffmpeg -- ffmpeg
 The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.2017-06-28not yet calculatedCVE-2017-9996
BID
MISC
MISC
MISC
MISCffmpeg -- ffmpeg
 libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.2017-06-28not yet calculatedCVE-2017-9995
BID
MISC
MISC
MISC
MISCffmpeg -- ffmpeg
 libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.2017-06-28not yet calculatedCVE-2017-9994
BID
MISC
MISC
MISCffmpeg -- ffmpeg
 Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.2017-06-28not yet calculatedCVE-2017-9992
BID
MISC
MISCffmpeg -- ffmpeg
 Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.2017-06-28not yet calculatedCVE-2017-9991
BID
MISC
MISCffmpeg -- ffmpeg
 FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.2017-06-28not yet calculatedCVE-2017-9993
BID
MISC
MISCffmpeg -- ffmpeg
 Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.2017-06-28not yet calculatedCVE-2017-9990
BID
MISC
MISCfoscam -- c1_indoor_hd_cameras
 In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.2017-06-27not yet calculatedCVE-2017-2843
BID
MISCfoscam -- c1_indoor_hd_cameras
 An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.2017-06-27not yet calculatedCVE-2017-2841
BID
MISCfoscam -- c1_indoor_hd_cameras
 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.2017-06-29not yet calculatedCVE-2017-2844
BID
MISCfoscam -- c1_indoor_hd_cameras
 In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.2017-06-27not yet calculatedCVE-2017-2842
BID
MISCfoscam -- c1_indoor_hd_cameras
 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.2017-06-29not yet calculatedCVE-2017-2846
BID
MISCfoscam -- c1_indoor_hd_cameras
 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.2017-06-29not yet calculatedCVE-2017-2851
BID
MISCfoscam -- c1_indoor_hd_cameras
 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.2017-06-29not yet calculatedCVE-2017-2850
BID
MISCfoscam -- c1_indoor_hd_cameras
 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.2017-06-29not yet calculatedCVE-2017-2849
BID
MISCfoscam -- c1_indoor_hd_cameras
 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.2017-06-29not yet calculatedCVE-2017-2847
BID
MISCfoscam -- c1_indoor_hd_cameras
 An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution2017-06-29not yet calculatedCVE-2017-2845
BID
MISCfoscam -- c1_indoor_hd_cameras
 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.2017-06-29not yet calculatedCVE-2017-2848
BID
MISCfreeipa -- freeipa
 FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.2017-06-27not yet calculatedCVE-2016-5414
CONFIRM
CONFIRMgeneral_electric -- multilin_sr_750_feeder_protection_relay
 A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands.2017-06-29not yet calculatedCVE-2017-7905
BID
MISCgentoo -- gentoo_linux
 Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.2017-06-27not yet calculatedCVE-2004-2778
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMgentoo -- gnu_c_library
 res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).2017-06-27not yet calculatedCVE-2015-5180
BID
UBUNTU
UBUNTU
CONFIRM
GENTOO
CONFIRM
CONFIRM
CONFIRM
MLISTgetsimple -- getsimple_cmsadmin/profile.php in GetSimple CMS 3.x has XSS in a name field.2017-06-29not yet calculatedCVE-2017-10673
MISCgnu -- libtasn1
 The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.2017-07-01not yet calculatedCVE-2017-10790
MISCgnu -- pspp_0.10.5-pre1
 There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP 0.10.5-pre2. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.2017-07-01not yet calculatedCVE-2017-10791
MISCgnu -- pspp_0.10.5-pre2
 There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP 0.10.5-pre2. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.2017-07-01not yet calculatedCVE-2017-10792
MISChpt -- helion_openstack_glance
 The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.2017-06-27not yet calculatedCVE-2016-4383
BID
CONFIRM
CONFIRM
CONFIRMhuawei -- ascend_p7
 Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash).2017-06-27not yet calculatedCVE-2015-2245
BID
CONFIRMibm -- api_connect
 IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.2017-06-27not yet calculatedCVE-2017-1322
CONFIRM
BID
MISCibm -- api_connect
 IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID: 126230.2017-06-27not yet calculatedCVE-2017-1328
CONFIRM
BID
MISCibm -- curam_social_program_management
 IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120744.2017-06-28not yet calculatedCVE-2017-1106
CONFIRM
BID
MISCibm -- db2
 IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.2017-06-27not yet calculatedCVE-2017-1105
CONFIRM
BID
MISCibm -- db2
 IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.2017-06-27not yet calculatedCVE-2017-1297
CONFIRM
BID
MISCibm -- informix_dynamic_server_12.1
 IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569.2017-06-29not yet calculatedCVE-2017-1310
CONFIRM
BID
MISCibm -- tivoli_monitoring
 IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.2017-06-27not yet calculatedCVE-2016-6083
CONFIRM
BID
MISCkamailio -- kamailio
 The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.2017-06-27not yet calculatedCVE-2015-1591
MISC
MLIST
CONFIRM
CONFIRM
CONFIRM
MISCkibana -- x-pack_security
 In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.2017-06-30not yet calculatedCVE-2017-8443
CONFIRMlenovo -- lenovo_nerve_center
 Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.2017-06-29not yet calculatedCVE-2017-3747
BID
CONFIRMlenovo -- vibe_mobile_phones
 On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.2017-06-29not yet calculatedCVE-2017-3750
CONFIRMlenovo -- vibe_mobile_phones
 On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.2017-06-29not yet calculatedCVE-2017-3749
CONFIRMlenovo -- vibe_mobile_phones
 On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).2017-06-29not yet calculatedCVE-2017-3748
BID
CONFIRMlibav -- libav_12.1
 There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack.2017-06-28not yet calculatedCVE-2017-9987
MISClibdwarf -- libdwarf
 The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.2017-06-28not yet calculatedCVE-2017-9998
BID
MISClibming -- libming_0.4.8
 The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.2017-06-28not yet calculatedCVE-2017-9988
MISClibming -- libming_0.4.8
 util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack.2017-06-28not yet calculatedCVE-2017-9989
MISClibsass -- libsass
 In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack.2017-06-29not yet calculatedCVE-2017-10687
MISClibtiff -- libtiff
 In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.2017-06-29not yet calculatedCVE-2017-10688
MISClogstash -- logstashLogstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.2017-06-27not yet calculatedCVE-2015-5378
MISC
BUGTRAQ
BUGTRAQ
BID
CONFIRMmarel -- food_processing_systems_m3000
 An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. This vulnerability allows an attacker to modify the operation and upload firmware changes without detection.2017-06-29not yet calculatedCVE-2017-6041
BID
MISCmarel -- food_processing_systems_m3000
 A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.2017-06-29not yet calculatedCVE-2016-9358
BID
MISCmicrosoft -- azure_ad_connect
 Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."2017-06-29not yet calculatedCVE-2017-8613
BID
CONFIRMmicrosoft -- multiple_products
 The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".2017-06-29not yet calculatedCVE-2017-8558
BID
CONFIRMmicrosoft -- multiple_products
 The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application.2017-06-29not yet calculatedCVE-2017-8554
BID
CONFIRMmicrosoft -- skype
 A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.2017-06-26not yet calculatedCVE-2017-9948
BID
MISC
MISC
MISCmicrosoft -- windows_10_gold_and_windows_server_2016The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability."2017-06-29not yet calculatedCVE-2017-8575
BID
CONFIRMmicrosoft -- windows_10_gold_and_windows_server_2016
 The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."2017-06-29not yet calculatedCVE-2017-8579
BID
CONFIRMmicrosoft -- windows_10_gold_and_windows_server_2016
 The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability."2017-06-29not yet calculatedCVE-2017-8576
BID
CONFIRMmpg123 -- mpg123
 In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.2017-06-29not yet calculatedCVE-2017-10683
MISCncurses -- ncurses
 In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.2017-06-29not yet calculatedCVE-2017-10684
MISCncurses -- ncurses
 In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.2017-06-29not yet calculatedCVE-2017-10685
MISCnetwide_assembler -- netwide_assembler
 In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.2017-06-29not yet calculatedCVE-2017-10686
MISC

ocaml -- ocaml_compiler_4.04.0_and_4.04.1

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.2017-06-23not yet calculatedCVE-2017-9772
BID
CONFIRM
CONFIRMopendaylight -- defense4all
 OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files.2017-06-27not yet calculatedCVE-2014-8149
MLIST
BID
CONFIRM
CONFIRM
CONFIRMopendaylight -- opendaylight
 The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.2017-06-27not yet calculatedCVE-2015-1778
MLIST
BID
CONFIRM
CONFIRMopenvpn -- openvpn
 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().2017-06-27not yet calculatedCVE-2017-7521
BID
CONFIRMopenvpn -- openvpn
 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker.2017-06-27not yet calculatedCVE-2017-7520
BID
CONFIRMosci_transport_library -- osci_transport_1.2
 Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.2017-06-30not yet calculatedCVE-2017-10669
MISCosci_transport_library -- osci_transport_1.2
 An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conforming OSCI message from within the infrastructure.2017-06-30not yet calculatedCVE-2017-10670
MISCosci_transport_library -- osci_transport_1.2
 A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.2017-06-30not yet calculatedCVE-2017-10668
MISCperl -- dbd::mysql
 The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.2017-07-01not yet calculatedCVE-2017-10788
MISC
MISCperl -- dbd::mysql
 The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.2017-07-01not yet calculatedCVE-2017-10789
MISC
MISCperl -- xml-libxml
 Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.2017-06-29not yet calculatedCVE-2017-10672
MISC

phpunit -- phpunit

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.2017-06-27not yet calculatedCVE-2017-9841
MISC
MISC
MISCpiwigo -- piwigo
 Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.2017-06-29not yet calculatedCVE-2017-10681
CONFIRM
CONFIRMpiwigo -- piwigo
 SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.2017-06-29not yet calculatedCVE-2017-10682
CONFIRM
CONFIRMpiwigo -- piwigo
 Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. The permalink ID numbers are easily guessed.2017-06-29not yet calculatedCVE-2017-10679
CONFIRM
CONFIRMpiwigo -- piwigo
 Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request.2017-06-29not yet calculatedCVE-2017-10678
CONFIRM
CONFIRMpiwigo -- piwigo
 Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request.2017-06-29not yet calculatedCVE-2017-10680
CONFIRM
CONFIRMpuppet -- mcollective
 Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.2017-06-30not yet calculatedCVE-2017-2292
CONFIRMpuppet -- mcollective
 The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a server-specified identifier as part of a path where a file is written. A compromised server could use this to write a file to an arbitrary location on the client with the filename appended with the string "_pub.pem".2017-06-30not yet calculatedCVE-2017-2298
CONFIRM
CONFIRM
CONFIRMradare -- radare2 _1.5.0
 The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.2017-06-26not yet calculatedCVE-2017-9949
BID
CONFIRM
CONFIRMred_hat -- storage_console
 rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.2017-06-27not yet calculatedCVE-2016-7062
BID
SECTRACK
REDHAT
CONFIRMredhat -- automatic_bug_reporting_tool
 Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.2017-06-26not yet calculatedCVE-2015-3315
REDHAT
MLIST
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRMredhat -- automatic_bug_reporting_tool
 The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.2017-06-26not yet calculatedCVE-2015-1870
REDHAT
BID
CONFIRM
CONFIRM
CONFIRM
CONFIRMredhat -- automatic_bug_reporting_tool
 The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.2017-06-26not yet calculatedCVE-2015-3142
REDHAT
MLIST
BID
CONFIRMredhat -- gluster_storage
 Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.2017-06-27not yet calculatedCVE-2015-1795
REDHAT
REDHAT
BID
SECTRACK
CONFIRMredhat -- netkvm_windows_virtio_driver
 The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options.2017-06-26not yet calculatedCVE-2015-3215
REDHAT
REDHAT
CONFIRM
CONFIRM
MISCredhat -- satellite_6
 Satellite 6.1.0 allows remote authenticated users to read administrator bookmarks.2017-06-27not yet calculatedCVE-2015-7582
CONFIRM
CONFIRMrockwell_automation -- allen-bradley_micrologix_1100_programmable-logic_controllersAn Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords.2017-06-29not yet calculatedCVE-2017-7898
MISCrockwell_automation -- allen-bradley_micrologix_1100_programmable-logic_controllers
 A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed.2017-06-29not yet calculatedCVE-2017-7902
MISCrockwell_automation -- allen-bradley_micrologix_1100_programmable-logic_controllers
 A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. Insufficiently random TCP initial sequence numbers are generated, which may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections, resulting in a denial of service for the target device.2017-06-29not yet calculatedCVE-2017-7901
MISCrockwell_automation -- allen-bradley_micrologix_1100_programmable-logic_controllers
 A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password.2017-06-29not yet calculatedCVE-2017-7903
MISCrockwell_automation -- allen-bradley_micrologix_1100_programmable_logic_controllers
 An Information Exposure issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. User credentials are sent to the web server using the HTTP GET method, which may result in the credentials being logged. This could make user credentials available for unauthorized retrieval.2017-06-29not yet calculatedCVE-2017-7899
MISCsamsung -- samsung_galaxy_s6
 Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).2017-06-27not yet calculatedCVE-2015-7895
MISC
BID
CONFIRM
CONFIRM
EXPLOIT-DBsamsung -- samsung_galaxy_s6
 Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).2017-06-27not yet calculatedCVE-2015-7898
MISC
BID
CONFIRM
EXPLOIT-DB

schneider --  electric_modicon_m340_plc

A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover.2017-06-29not yet calculatedCVE-2017-6017
BID
MISCschneider_electric -- modicon_modbus_protocolA Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.2017-06-29not yet calculatedCVE-2017-6032
BID
MISCschneider_electric -- modicon_modbus_protocol
 An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.2017-06-29not yet calculatedCVE-2017-6034
BID
MISCschneider_electric -- modicon_plcs_modicon_m221
 A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.2017-06-29not yet calculatedCVE-2017-6030
BID
MISCschneider_electric -- modicon_plcs_modicon_m241
 An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application.2017-06-29not yet calculatedCVE-2017-6028
BID
MISCschneider_electric -- modicon_plcs_modicon_m241
 A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.2017-06-29not yet calculatedCVE-2017-6026
BID
MISCsierra -- wireless_airlink_raven_xe_and_xt
 An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.2017-06-29not yet calculatedCVE-2017-6044
BID
MISCsierra -- wireless_airlink_raven_xe_and_xt
 A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.2017-06-29not yet calculatedCVE-2017-6042
BID
MISCsierra -- wireless_airlink_raven_xe_and_xt
 An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.2017-06-29not yet calculatedCVE-2017-6046
BID
MISCsitecore -- sitecore.net_7.1_and_7.2
 Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.2017-06-23not yet calculatedCVE-2017-9356
MISC
BIDsthttpd -- sthttpd
 Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted filename.2017-06-29not yet calculatedCVE-2017-10671
MISC
MISC
MISCsymantec -- messaging_gateway
 The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.2017-06-26not yet calculatedCVE-2017-6326
BID
CONFIRMsymantec -- messaging_gateway
 The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application.2017-06-26not yet calculatedCVE-2017-6324
BID
CONFIRMsymantec -- messaging_gateway
 The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application.2017-06-26not yet calculatedCVE-2017-6325
BID
CONFIRMsynology -- audio_station
 Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.2017-06-30not yet calculatedCVE-2015-9104
MISC
CONFIRMsynology -- note_station
 Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.2017-06-30not yet calculatedCVE-2015-9103
MISC
MISC
CONFIRMsynology -- photo_station
 Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.2017-06-30not yet calculatedCVE-2015-9102
MISC
MISC
MISC
MISC
CONFIRMsynology -- video_station
 Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.2017-06-30not yet calculatedCVE-2015-9105
MISC
MISC
CONFIRMsystemd -- systemd
 In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.2017-06-28not yet calculatedCVE-2017-9445
CONFIRM
BID
CONFIRMteamspeak -- teamspeak_client_3.0.19
 TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the &#5610; Unicode character followed by the &#3903; Unicode character.2017-06-27not yet calculatedCVE-2017-9982
BID
MISC
MISCtibco -- jasperreports_library
 JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below).2017-06-29not yet calculatedCVE-2017-5529
CONFIRMtibco -- jasperreports_serverMultiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below).2017-06-29not yet calculatedCVE-2017-5528
CONFIRMtiki -- tiki_wiki_cms_groupwareTikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.2017-06-26not yet calculatedCVE-2017-9145
MISC

tp-link -- tp-link_wr841n_v8_router


 The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces.2017-06-26not yet calculatedCVE-2017-9466
MISCtpm2-tools -- tpm2-tools
 tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.2017-06-27not yet calculatedCVE-2017-7524
CONFIRMvideolan -- vlc_media_player
 avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 2017-06-29, allows out-of-bounds heap memory write due to calling memcpy() with a wrong size, leading to a denial of service (application crash) or possibly code execution.2017-06-30not yet calculatedCVE-2017-10699
CONFIRMvimbadmin -- vimbadmin
 Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php.2017-06-27not yet calculatedCVE-2017-6086
MLISTzen_cart -- zen_cart
 In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.2017-06-28not yet calculatedCVE-2017-10667
MISC
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


http://www.us-cert.gov/ncas/bulletins/SB17-184

Categories:
Tags:

[D] [Digg] [FB] [R] [SU] [Tweet] [G]

NEWSMAIL