SB17-282: Vulnerability Summary for the Week of October 2, 2017

By Newsroom America Feeds at 9 Oct 2017

Original release date: October 09, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoersdata -- ers_data_systemERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.2017-09-297.5CVE-2017-14702
MISC
EXPLOIT-DBgnu -- binutilsMemory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.2017-09-297.1CVE-2017-14930
CONFIRMhp -- application_performance_managementA potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.2017-09-2910.0CVE-2017-14350
BID
MISC
CONFIRMhp -- bsm_platform_application_performance_management_system_healthA directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.2017-09-299.0CVE-2017-13982
MISC
CONFIRM
AUSCERThp -- bsm_platform_application_performance_management_system_healthAn authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.2017-09-2910.0CVE-2017-13983
MISC
CONFIRM
AUSCERThp -- ucmdb_configuration_managerA potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.2017-09-297.5CVE-2017-14351
CONFIRMBack to top

 

Medium VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoapache -- geodeWhen a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing data that the user is not authorized to view.2017-09-294.0CVE-2017-9794
MLISTartifex -- gsviewArtifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068."2017-09-296.8CVE-2017-14945
CONFIRMartifex -- gsviewArtifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e."2017-09-296.8CVE-2017-14946
CONFIRMartifex -- gsviewArtifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."2017-09-296.8CVE-2017-14947
CONFIRMblogotext_project -- blogotextStored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog.2017-10-014.3CVE-2017-14957
MISC
MISC
MISC
MISCcfpaypal -- cp_contact_form_with_paypalThe cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.2017-09-296.8CVE-2015-9233
MISC
MISC
MISCcfpaypal -- cp_contact_form_with_paypalThe cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.2017-09-296.5CVE-2015-9234
MISC
MISC
MISCcheck_mk_project -- check_mkCheck_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.2017-10-014.3CVE-2017-14955
CONFIRM
CONFIRMegroupware -- egroupwareStored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.2017-09-294.3CVE-2017-14920
MISC
MISCfreedesktop -- popplerIn Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.2017-09-294.3CVE-2017-14926
CONFIRMfreedesktop -- popplerIn Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.2017-09-294.3CVE-2017-14927
CONFIRMfreedesktop -- popplerIn Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.2017-09-294.3CVE-2017-14928
CONFIRMfreedesktop -- popplerIn Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.2017-09-295.0CVE-2017-14929
CONFIRMfreedesktop -- popplerThe FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.2017-10-015.0CVE-2017-14975
CONFIRMfreedesktop -- popplerThe FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.2017-10-015.0CVE-2017-14976
CONFIRM
CONFIRMfreedesktop -- popplerThe FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.2017-10-015.0CVE-2017-14977
CONFIRMgnu -- binutilsdecode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.2017-09-294.3CVE-2017-14932
CONFIRM
CONFIRMgnu -- binutilsread_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.2017-09-294.3CVE-2017-14933
CONFIRM
CONFIRM
CONFIRMgnu -- binutilsprocess_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.2017-09-294.3CVE-2017-14934
CONFIRM
CONFIRMgnu -- binutils_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.2017-09-294.3CVE-2017-14938
MISC
MISC
MISCgnu -- binutilsdecode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.2017-09-294.3CVE-2017-14939
MISC
MISC
MISCgnu -- binutilsscan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.2017-09-294.3CVE-2017-14940
MISC
MISC
MISCgnu -- binutilsThe *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.2017-10-014.3CVE-2017-14974
CONFIRM
CONFIRMhp -- arcsight_enterprise_security_manager_expressA reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.2017-09-294.3CVE-2017-13986
BID
CONFIRMhp -- arcsight_enterprise_security_manager_expressAn insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.2017-09-294.0CVE-2017-13987
BID
CONFIRMhp -- arcsight_enterprise_security_manager_expressAn improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.2017-09-294.0CVE-2017-13988
BID
CONFIRMhp -- arcsight_enterprise_security_manager_expressAn improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.2017-09-295.5CVE-2017-13989
BID
CONFIRMhp -- arcsight_enterprise_security_manager_expressAn information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.2017-09-295.0CVE-2017-13990
BID
CONFIRMhp -- arcsight_enterprise_security_manager_expressAn information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.2017-09-295.0CVE-2017-13991
BID
CONFIRMhp -- bsm_platform_application_performance_management_system_healthAn authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.2017-09-295.5CVE-2017-13984
MISC
CONFIRM
AUSCERThp -- bsm_platform_application_performance_management_system_healthAn authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.2017-09-294.0CVE-2017-13985
MISC
CONFIRM
AUSCERThp -- ucmdb_configuration_managerA potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.2017-09-294.3CVE-2017-14352
BID
CONFIRMjaspersoft -- jasperreportsJaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector.2017-10-014.0CVE-2017-14941
MISCopenexif_project -- openexifExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file.2017-09-294.3CVE-2017-14931
MISC
MISCopenvswitch -- openvswitchIn lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages.2017-10-015.0CVE-2017-14970
CONFIRM
CONFIRMpivotx -- pivotxlib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.2017-10-016.5CVE-2017-14958
CONFIRMpulsesecure -- pulse_one_on-premisePulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.2017-09-295.0CVE-2017-14935
CONFIRMtiki -- tikiwiki_cms/groupwareCross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.2017-09-296.0CVE-2017-14924
MISC
MISC
MISCtiki -- tikiwiki_cms/groupwareCross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.2017-09-296.0CVE-2017-14925
MISC
MISC
MISCBack to top

 

Low VulnerabilitiesPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infolinux -- linux_kernelThe waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.2017-10-012.1CVE-2017-14954
MISC
MISC
MISC
MISC
MISCtine20 -- tine_2.0Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-293.5CVE-2017-14921
MISC
MISC
MISC
MISC
MISCtine20 -- tine_2.0Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-293.5CVE-2017-14922
MISC
MISC
MISC
MISC
MISCtine20 -- tine_2.0Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.2017-09-293.5CVE-2017-14923
MISC
MISC
MISC
MISC
MISCBack to top

 

Severity Not Yet AssignedPrimary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoakka -- akka
 Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service2017-10-04not yet calculatedCVE-2017-1000118
CONFIRMapache -- geode
 When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster.2017-10-02not yet calculatedCVE-2017-9797
MLISTapache -- impala
 In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works around the authorization requirement that creating a Kudu external table via Impala requires an "ALL" privilege at the server scope. This privilege requirement for "CREATE" commands is enforced to precisely avoid this scenario where a malicious user can change the underlying Kudu table mapping. The fix is to enforce the same privilege requirement for "ALTER" commands that would make existing non-external Kudu tables external.2017-10-03not yet calculatedCVE-2017-9792
BID
CONFIRM
MLISTapache -- opennlp
 When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache OpenNLP are affected.2017-10-02not yet calculatedCVE-2017-12620
CONFIRMapache -- tomcat
 When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.2017-10-03not yet calculatedCVE-2017-12617
BID
MLISTapache -- wicket
 Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTTP header, but also take the Referer HTTP header into account when no Origin was provided. Furthermore, not all Wicket server side targets were subjected to the CSRF check. This was also fixed.2017-10-02not yet calculatedCVE-2016-6806
MLISTapache -- wicket
 In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls handled by Wicket, it is possible to check for the existence of particular classes in the classpath and thus check whether a third party library with a known security vulnerability is in use.2017-10-02not yet calculatedCVE-2014-0043
MLISTatutor -- atutor
 Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.2017-10-02not yet calculatedCVE-2017-14981
CONFIRM
CONFIRMbamboo -- bamdarwin
 Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.2017-10-02not yet calculatedCVE-2015-6576
MISC
BUGTRAQ
CONFIRM
CONFIRMbroadcom -- bcm4355c0_wi-fi_chips
 On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.2017-10-03not yet calculatedCVE-2017-11122
MISC
MISC
CONFIRM
CONFIRMcisco -- adaptive_security_applianceA vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of the HTTP header. An attacker could exploit this vulnerability by sending a crafted HTTP request to the local IP address of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products: ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, ASA 1000V Cloud Firewall, Adaptive Security Virtual Appliance (ASAv), Firepower 4110 Security Appliance, Firepower 9300 ASA Security Module, ISA 3000 Industrial Security Appliance. Cisco Bug IDs: CSCvd59063.2017-10-05not yet calculatedCVE-2017-12246
BID
SECTRACK
CONFIRMcisco -- adaptive_security_appliance
 A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka HREF XSS. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. The vulnerability exists in the Cisco Adaptive Security Appliance (ASA) Software when the WEBVPN feature is enabled. Cisco Bug IDs: CSCve91068.2017-10-05not yet calculatedCVE-2017-12265
BID
SECTRACK
CONFIRMcisco -- anyconnect_secure_mobility_client
 A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539.2017-10-05not yet calculatedCVE-2017-12268
BID
SECTRACK
CONFIRMcisco -- firepower_system_software
 A vulnerability in the detection engine parsing of IPv6 packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause high CPU utilization or to cause a denial of service (DoS) condition because the Snort process restarts unexpectedly. The vulnerability is due to improper input validation of the fields in the IPv6 extension header packet. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. This vulnerability is specific to IPv6 traffic only. This vulnerability affects Cisco Firepower System Software Releases 6.0 and later when the software has one or more file action policies configured and is running on any of the following Cisco products: 3000 Series Industrial Security Appliances (ISR), Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances, Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware. Cisco Bug IDs: CSCvd34776.2017-10-05not yet calculatedCVE-2017-12244
BID
CONFIRMcisco -- firepower_threat_defense
 A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak persists over time, a denial of service (DoS) condition could develop because traffic can cease to be forwarded through the device. The vulnerability is due to an error in how the Firepower Detection Snort Engine handles SSL traffic decryption and notifications to and from the Adaptive Security Appliance (ASA) handler. An attacker could exploit this vulnerability by sending a steady stream of malicious Secure Sockets Layer (SSL) traffic through the device. An exploit could allow the attacker to cause a DoS condition when the device runs low on system memory. This vulnerability affects Cisco Firepower Threat Defense (FTD) Software Releases 6.0.1 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Firepower 2100 Series Security Appliances, Firepower 4100 Series Security Appliances, Firepower 9300 Series Security Appliances. Cisco Bug IDs: CSCve02069.2017-10-05not yet calculatedCVE-2017-12245
BID
CONFIRMcisco -- ios_xr_software_for_cisco_network_convergence_system
 A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops. Cisco Bug IDs: CSCvb99388.2017-10-05not yet calculatedCVE-2017-12270
BID
SECTRACK
CONFIRMcisco -- license_manager
 A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577.2017-10-05not yet calculatedCVE-2017-12263
BID
CONFIRMcisco -- meeting_app_for_windows
 A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete input validation of the path name for DLL files before they are loaded. An attacker could exploit this vulnerability by installing a crafted DLL file in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to those of Cisco Meeting App. The attacker would need valid user credentials to exploit this vulnerability. Cisco Bug IDs: CSCvd77907.2017-10-05not yet calculatedCVE-2017-12266
BID
CONFIRMcisco -- meeting_server
 A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bound checks performed by the affected software. An attacker could exploit this vulnerability by sending a malicious HTTP packet to the affected system. A successful exploit could allow the attacker to cause a reload of the Web Admin Server. Cisco Bug IDs: CSCve89149.2017-10-05not yet calculatedCVE-2017-12264
BID
SECTRACK
CONFIRMcisco -- spark_messaging
 A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected software. An attacker could exploit this vulnerability by injecting XSS content into the web UI of the affected software. A successful exploit could allow the attacker to force a user to execute code of the attacker's choosing or allow the attacker to retrieve sensitive information from the user. Cisco Bug IDs: CSCvf70587, CSCvf70592.2017-10-05not yet calculatedCVE-2017-12269
BID
CONFIRMcisco -- unified_communications_manager
 A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames (iframes). An attacker could exploit this vulnerability by directing a user of the affected software to an attacker-controlled web page that contains a malicious HTML inline frame. A successful exploit could allow the attacker to conduct click-jacking or other types of client-side browser attacks. Cisco Bug IDs: CSCve60993.2017-10-05not yet calculatedCVE-2017-12258
BID
SECTRACK
CONFIRMcisco -- webex_meetings_server
 A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608.2017-10-05not yet calculatedCVE-2017-12257
BID
CONFIRMcisco -- wide_area_application_services
 A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA application optimization-related process to restart, resulting in a partial denial of service (DoS) condition. The vulnerability is due to improperly aborting a connection when an unexpected protocol packet is received. An attacker could exploit this vulnerability by sending a crafted ICA traffic through the targeted device. A successful exploit could allow the attacker to cause a DoS condition that is due to a process unexpectedly restarting. The Cisco WAAS could drop ICA traffic while the process is restarting. This vulnerability affects Cisco Wide Area Application Services (WAAS) and Cisco Virtual Wide Area Application Services (vWAAS). Cisco Bug IDs: CSCve74457.2017-10-05not yet calculatedCVE-2017-12267
BID
CONFIRMcisco -- wide_area_application_services
 A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain file-handling inefficiencies of the affected system. An attacker could exploit this vulnerability by directing client systems to access a corrupted file that the client systems cannot decompress correctly. A successful exploit could allow the attacker to cause the affected device to crash or hang unexpectedly and result in a DoS condition that may require manual intervention to regain normal operating conditions. Cisco Bug IDs: CSCve82472.2017-10-05not yet calculatedCVE-2017-12256
BID
CONFIRMcloud_foundry_foundation -- capi-release
 In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.2017-10-03not yet calculatedCVE-2017-8048
CONFIRMcloud_foundry_foundation -- routing-release
 In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275.2017-10-03not yet calculatedCVE-2017-8047
CONFIRMcomputerinsel -- photoline
 A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA file to trigger this vulnerability.2017-10-05not yet calculatedCVE-2017-12106
BID
MISCcomputerinsel -- photoline
 An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability.2017-10-05not yet calculatedCVE-2017-2880
BID
MISCctek -- skyrouter
 An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating.2017-10-04not yet calculatedCVE-2017-14000
BID
MISCcurl -- curl
 curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.2017-10-04not yet calculatedCVE-2017-1000101
BID
SECTRACK
CONFIRM
GENTOOcurl_and_libcurl -- curl_and_libcurl
 When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.2017-10-04not yet calculatedCVE-2017-1000100
BID
SECTRACK
CONFIRM
GENTOOcyassl -- cyassl
 CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.2017-10-06not yet calculatedCVE-2014-2903
SECUNIA
MLISTcybele -- thinfinity_remote_desktop_workstation
 Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspecified parameter.2017-10-06not yet calculatedCVE-2015-1429
CONFIRM
MISCdarwin -- darwin
 On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.2017-10-04not yet calculatedCVE-2017-1000097
CONFIRM
CONFIRM
CONFIRM

dnsmasq -- dnsmasq

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.2017-10-02not yet calculatedCVE-2017-14493
CONFIRM
CONFIRM
BID
SECTRACK
MISC
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.2017-10-02not yet calculatedCVE-2017-14495
CONFIRM
CONFIRM
BID
SECTRACK
MISC
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.2017-10-03not yet calculatedCVE-2017-14491
CONFIRM
CONFIRM
BID
SECTRACK
MISC
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.2017-10-02not yet calculatedCVE-2017-14494
CONFIRM
CONFIRM
BID
SECTRACK
MISC
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.2017-10-02not yet calculatedCVE-2017-14492
CONFIRM
CONFIRM
BID
SECTRACK
MISC
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.2017-10-02not yet calculatedCVE-2017-14496
CONFIRM
CONFIRM
BID
SECTRACK
MISC
CONFIRM
EXPLOIT-DB
MLIST
MLISTdnsmasq -- dnsmasq
 In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.2017-10-02not yet calculatedCVE-2017-13704
CONFIRM
CONFIRM
BID
SECTRACK
FEDORA
MISC
MLIST
MLISTdocker -- docker
 Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.2017-10-06not yet calculatedCVE-2014-0047
MLIST
BID
CONFIRMdrupal-- compass_rose
 Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."2017-10-02not yet calculatedCVE-2015-7980
MLIST
MLIST
BID
CONFIRM
MISCemc -- appsync
 EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.2017-10-02not yet calculatedCVE-2017-8018
CONFIRM
BIDemc -- elastic_cloud_storage
 EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumented account vulnerability that could potentially be leveraged by malicious users to compromise the affected system.2017-10-02not yet calculatedCVE-2017-8021
CONFIRM
BIDemtec -- pyrobatchftp
 EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).2017-10-05not yet calculatedCVE-2017-15035
MISC
CONFIRMeyesofnetwork -- eyesofnetwork
 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.2017-10-02not yet calculatedCVE-2017-14985
MISCeyesofnetwork -- eyesofnetwork
 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php.2017-10-02not yet calculatedCVE-2017-14984
MISCeyesofnetwork -- eyesofnetwork
 Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php.2017-10-02not yet calculatedCVE-2017-14983
MISCfilerun -- filerun
 FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).2017-09-29not yet calculatedCVE-2017-14738
MISC
MISC
EXPLOIT-DBforeman -- foreman
 The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.2017-10-06not yet calculatedCVE-2015-5246
CONFIRM
CONFIRMfrappe.share.get_users -- frappe.share.get_users
 [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.2017-10-04not yet calculatedCVE-2017-1000120
MISCfreebsd -- freebsd
 In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.2017-10-05not yet calculatedCVE-2017-15037
BID
CONFIRM
CONFIRMge -- cimplicity
 A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.2017-10-05not yet calculatedCVE-2017-12732
BID
MISCgitmodules -- gitmodules
 A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.2017-10-04not yet calculatedCVE-2017-1000117
BID
SECTRACK
GENTOO
EXPLOIT-DB
MISCgnu -- binutils
 find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.2017-10-04not yet calculatedCVE-2017-15024
MISC
MISC
MISCgnu -- binutils
 decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file.2017-10-04not yet calculatedCVE-2017-15025
MISC
MISC
MISCgnu -- binutils
 read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.2017-10-04not yet calculatedCVE-2017-15023
MISC
MISC
MISCgnu -- binutils
 bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32.2017-10-04not yet calculatedCVE-2017-15021
MISC
MISC
MISCgnu -- binutils
 dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit.2017-10-04not yet calculatedCVE-2017-15022
MISC
MISC
MISCgnu -- binutils
 dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.2017-10-04not yet calculatedCVE-2017-15020
MISC
MISC
MISCgo -- go
 An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.2017-10-05not yet calculatedCVE-2017-15042
CONFIRM
CONFIRM
CONFIRM
CONFIRMgo -- go
 Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."2017-10-05not yet calculatedCVE-2017-15041
CONFIRM
CONFIRM
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567.2017-10-03not yet calculatedCVE-2017-0815
BID
CONFIRM
CONFIRM

google -- android


 A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.2017-10-03not yet calculatedCVE-2017-0811
BID
CONFIRM
CONFIRM

google -- android


 An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.2017-10-03not yet calculatedCVE-2017-0807
BID
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.2017-10-03not yet calculatedCVE-2017-0806
BID
CONFIRM
CONFIRM

google -- android


 An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781.2017-10-03not yet calculatedCVE-2017-0826
CONFIRMgoogle -- android
 A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046.2017-10-03not yet calculatedCVE-2017-0813
BID
CONFIRM
CONFIRM

google -- android


 A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673128.2017-10-03not yet calculatedCVE-2017-0809
BID
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938.2017-10-03not yet calculatedCVE-2017-0816
BID
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.2017-10-03not yet calculatedCVE-2017-0829
CONFIRM

google -- android


 An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872.2017-10-03not yet calculatedCVE-2017-0827
BID
CONFIRM

google -- android


 An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722.2017-10-03not yet calculatedCVE-2017-0822
CONFIRM
CONFIRM

google -- android


 An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855.2017-10-03not yet calculatedCVE-2017-0828
CONFIRM

google -- android


 A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38207066.2017-10-03not yet calculatedCVE-2017-0810
BID
CONFIRM
CONFIRM

google -- android


 An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001.2017-10-03not yet calculatedCVE-2017-0824
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.2017-10-03not yet calculatedCVE-2017-0814
BID
CONFIRM
CONFIRM

google -- android


 An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002.2017-10-03not yet calculatedCVE-2017-0825
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.2017-10-03not yet calculatedCVE-2017-0819
BID
CONFIRM
CONFIRMgoogle -- android
 An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231.2017-10-03not yet calculatedCVE-2017-0812
BID
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430.2017-10-03not yet calculatedCVE-2017-0817
BID
CONFIRM
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433.2017-10-03not yet calculatedCVE-2017-0820
BID
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.2017-10-03not yet calculatedCVE-2017-0823
CONFIRM
CONFIRMgoogle -- android
 A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.2017-10-03not yet calculatedCVE-2017-0818
BID
CONFIRM
CONFIRMgoogle -- android
 An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183.2017-10-03not yet calculatedCVE-2017-0808
BID
CONFIRM
CONFIRMgoogle -- chrome
 Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.2017-10-06not yet calculatedCVE-2015-1206
CONFIRM
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagick
 GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.2017-10-03not yet calculatedCVE-2017-14997
CONFIRM
BID
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagick
 ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.2017-10-03not yet calculatedCVE-2017-14994
CONFIRM
BID
MISC
CONFIRMgxlcms -- gxlcms
 Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.2017-10-02not yet calculatedCVE-2017-14979
MISC

hp -- hpe_sitescope


 An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data.2017-09-29not yet calculatedCVE-2017-14349
BID
CONFIRM
AUSCERThp -- ucmdb_foundation_software
 A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.2017-10-05not yet calculatedCVE-2017-14354
CONFIRM
AUSCERThp -- ucmdb_foundation_software
 A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.2017-10-05not yet calculatedCVE-2017-14353
CONFIRM
AUSCERThuawei -- fusionserver
 The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack.2017-10-02not yet calculatedCVE-2015-7843
BID
CONFIRMhuawei -- fusionserver
 The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allows remote attackers to bypass access restrictions and enter commands via unspecified parameters, as demonstrated by a "user creation command."2017-10-02not yet calculatedCVE-2015-7841
BID
CONFIRMi-sens -- smartlog_diabetes_management
 An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient.2017-10-04not yet calculatedCVE-2017-13993
BID
MISCibm -- aix_java_6_sdk
 A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.2017-10-03not yet calculatedCVE-2017-1541
CONFIRM
BID
BID
SECTRACK
MISCibm -- bigfix_compliance_analytics
 IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores user credentials in clear text which can be read by a local user. IBM X-Force ID: 123676.2017-10-05not yet calculatedCVE-2017-1201
CONFIRM
MISCibm -- content_navigator_and_cmis
 IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129832.2017-10-05not yet calculatedCVE-2017-1522
CONFIRM
MISCibm -- insights_foundation_for_energy
 IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.2017-10-02not yet calculatedCVE-2017-1311
CONFIRM
BID
MISCibm -- insights_foundation_for_energy
 IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460.2017-10-02not yet calculatedCVE-2017-1345
CONFIRM
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242.2017-10-02not yet calculatedCVE-2017-1334
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126686.2017-10-02not yet calculatedCVE-2017-1359
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862.2017-10-02not yet calculatedCVE-2017-1369
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126243.2017-10-02not yet calculatedCVE-2017-1335
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125975.2017-10-02not yet calculatedCVE-2017-1324
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126857.2017-10-02not yet calculatedCVE-2017-1364
CONFIRM
BID
MISCibm -- relm
 IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127587.2017-10-02not yet calculatedCVE-2017-1429
CONFIRM
BID
MISC

ibm -- spectrum_protect

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.2017-10-05not yet calculatedCVE-2017-1301
CONFIRM
BID
MISCibm -- spectrum_protect
 IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.2017-10-05not yet calculatedCVE-2017-1378
CONFIRM
MISCibm -- spectrum_protect
 IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.2017-10-05not yet calculatedCVE-2017-1339
CONFIRM
BID
SECTRACK
MISCibm -- tivoli_storage_manager
 The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to the TSM server. IBM X-Force ID: 118750.2017-10-05not yet calculatedCVE-2016-8937
CONFIRM
MISCibm -- websphere_commerce
 IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.2017-10-02not yet calculatedCVE-2017-1569
CONFIRM
BID
MISCibm -- websphere_message_broker
 IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Force ID: 121341.2017-10-03not yet calculatedCVE-2017-1126
CONFIRM
BID
MISCidm -- idm
 The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.2017-10-06not yet calculatedCVE-2017-9273
MISCidm -- idm
 The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.2017-10-06not yet calculatedCVE-2017-9272
MISCimagemagick -- imagemagick
 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.2017-10-04not yet calculatedCVE-2017-15015
CONFIRMimagemagick -- imagemagick
 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.2017-10-02not yet calculatedCVE-2017-14989
CONFIRMimagemagick -- imagemagick
 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.2017-10-04not yet calculatedCVE-2017-15016
CONFIRMimagemagick -- imagemagick
 ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.2017-10-05not yet calculatedCVE-2017-15033
CONFIRMimagemagick -- imagemagick
 ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.2017-10-05not yet calculatedCVE-2017-15032
CONFIRMimagemagick -- imagemagick
 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.2017-10-04not yet calculatedCVE-2017-15017
CONFIRMininet_solutions -- ininet_webserver
 An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables.2017-10-04not yet calculatedCVE-2017-13995
BID
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Hitron devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Hitron.2017-10-06not yet calculatedCVE-2017-15069
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on UPC branded Compal CH7465-LG devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15067. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from UPC.2017-10-06not yet calculatedCVE-2017-15077
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Quantenna devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Quantenna.2017-10-06not yet calculatedCVE-2017-15072
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Comcast branded devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Comcast.2017-10-06not yet calculatedCVE-2017-15068
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on ASUS CM-32 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from ASUS.2017-10-06not yet calculatedCVE-2017-15065
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Linksys devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Linksys.2017-10-06not yet calculatedCVE-2017-15070
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Arris devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Arris.2017-10-06not yet calculatedCVE-2017-15064
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on Virgin Media branded Arris TG2492 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports, a related issue to CVE-2017-15064. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Virgin Media.2017-10-06not yet calculatedCVE-2017-15078
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on Samsung Home Media Server devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Samsung.2017-10-06not yet calculatedCVE-2017-15073
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 ** DISPUTED ** The Intel Puma 5, 6, and 7 chips, as used on Telstra branded NETGEAR C6300BD devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Telstra. NOTE: NETGEAR states "This vulnerability does not affect the following products: C6300BD-Telstra."2017-10-06not yet calculatedCVE-2017-15076
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Technicolor (formerly branded as Cisco) devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Technicolor.2017-10-06not yet calculatedCVE-2017-15075
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various Compal devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from Compal.2017-10-06not yet calculatedCVE-2017-15067
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on various AVM FRITZ!Box devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from AVM.2017-10-06not yet calculatedCVE-2017-15066
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on NETGEAR C6300, CM400, CM700, and CMD31T devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from NETGEAR.2017-10-06not yet calculatedCVE-2017-15071
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCintel -- puma
 The Intel Puma 5, 6, and 7 chips, as used on SMC D3G2408 devices, allow remote attackers to cause a denial of service (performance degradation) by sending a moderate volume of small packets to many TCP or UDP ports. NOTE: Intel has advised that they are only a hardware manufacturer in this instance; they do NOT own the mitigation distribution channel for these chips. Any details about mitigations would need to come from SMC.2017-10-06not yet calculatedCVE-2017-15074
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISCipswitch -- imail_server
 Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETRE or ETCTERARED.2017-10-02not yet calculatedCVE-2017-12639
CONFIRMipswitch -- imail_server
 Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE.2017-10-02not yet calculatedCVE-2017-12638
CONFIRMissuetracker -- phpbugtracker
 Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.2017-10-06not yet calculatedCVE-2015-2143
MLISTissuetracker -- phpbugtracker
 Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.2017-10-06not yet calculatedCVE-2015-2148
MLISTissuetracker -- phpbugtracker
 Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.2017-10-06not yet calculatedCVE-2015-2145
MLISTissuetracker -- phpbugtracker
 Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php.2017-10-06not yet calculatedCVE-2015-2146
MLIST
CONFIRMissuetracker -- phpbugtracker
 Multiple cross-site scriping (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name parameter to project.php; the (2) use_js parameter to user.php; the (3) use_js parameter to group.php; the (4) Description parameter to status.php; the (5) Description parameter to severity.php; the (6) Regex parameter to os.php; or the (7) Name parameter to database.php.2017-10-06not yet calculatedCVE-2015-2144
MLIST
CONFIRMissuetracker -- phpbugtracker
 Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.2017-10-06not yet calculatedCVE-2015-2147
MISC
MLISTissuetracker -- phpbugtracker
 Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php.2017-10-06not yet calculatedCVE-2015-2142
MLIST
CONFIRMjboss -- application_server
 In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.2017-10-04not yet calculatedCVE-2017-12149
BID
CONFIRMjenkins -- jenkins
 GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.2017-10-04not yet calculatedCVE-2017-1000087
CONFIRMjenkins -- jenkins
 The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form.2017-10-04not yet calculatedCVE-2017-1000114
BID
CONFIRMjenkins -- jenkins
 The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin now integrates with Credentials Plugin to store passwords securely, and automatically migrates existing passwords.2017-10-04not yet calculatedCVE-2017-1000113
CONFIRMjenkins -- jenkins
 Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use to authenticate with a Docker Registry. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.2017-10-04not yet calculatedCVE-2017-1000094
CONFIRMjenkins -- jenkins
 Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.2017-10-04not yet calculatedCVE-2017-1000107
CONFIRMjenkins -- jenkins
 GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.2017-10-04not yet calculatedCVE-2017-1000091
CONFIRMjenkins -- jenkins
 Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.2017-10-04not yet calculatedCVE-2017-1000096
BID
CONFIRMjenkins -- jenkins
 The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient permissions to configure the provided files, view the configuration of the folder in which the configuration files are defined, or have Job/Configure permissions to a job able to use these files.2017-10-04not yet calculatedCVE-2017-1000104
CONFIRMjenkins -- jenkins
 The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links.2017-10-04not yet calculatedCVE-2017-1000088
CONFIRMjenkins -- jenkins
 The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.2017-10-04not yet calculatedCVE-2017-1000108
CONFIRMjenkins -- jenkins
 The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was sufficient.2017-10-04not yet calculatedCVE-2017-1000105
CONFIRMjenkins -- jenkins
 Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.2017-10-04not yet calculatedCVE-2017-1000093
CONFIRMjenkins -- jenkins
 The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.2017-10-04not yet calculatedCVE-2017-1000086
BID
CONFIRMjenkins -- jenkins
 The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.2017-10-04not yet calculatedCVE-2017-1000109
BID
CONFIRMjenkins -- jenkins
 Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.2017-10-04not yet calculatedCVE-2017-1000090
CONFIRMjenkins -- jenkins
 Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.2017-10-04not yet calculatedCVE-2017-1000084
CONFIRMjenkins -- jenkins
 Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.2017-10-04not yet calculatedCVE-2017-1000092
BID
CONFIRMjenkins -- jenkins
 Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the build authentication it was running as and allowed triggering any other project in Jenkins.2017-10-04not yet calculatedCVE-2017-1000089
CONFIRMjenkins -- jenkins
 Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks.2017-10-04not yet calculatedCVE-2017-1000085
BID
CONFIRMjenkins -- jenkins
 The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox by using e.g. currentBuild['rawBuild'] rather than currentBuild.rawBuild. Additionally, the following entries allowed accessing private data that would not be accessible otherwise due to script security: groovy.json.JsonOutput.toJson(Closure); groovy.json.JsonOutput.toJson(Object).2017-10-04not yet calculatedCVE-2017-1000095
CONFIRMjenkins -- jenkins
 Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's authentication and authorization when configuring existing GitHub organization folders. This allowed users with read access to the GitHub organization folder to reconfigure it, including changing the GitHub API endpoint for the organization folder to an attacker-controlled server to obtain the GitHub access token, if the organization folder was initially created using Blue Ocean.2017-10-04not yet calculatedCVE-2017-1000110
CONFIRMjenkins -- jenkins
 Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name.2017-10-04not yet calculatedCVE-2017-1000106
CONFIRMjenkins -- jenkins
 The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.2017-10-04not yet calculatedCVE-2017-1000102
BID
CONFIRMkoji -- koji
 Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.2017-10-06not yet calculatedCVE-2017-1002153
CONFIRMlame -- lame
 LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.2017-10-04not yet calculatedCVE-2017-15019
MISClame -- lame
 LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c.2017-10-04not yet calculatedCVE-2017-15018
MISClame -- lame
 LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.2017-10-06not yet calculatedCVE-2017-15046
MISClame -- lame
 LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.2017-10-06not yet calculatedCVE-2017-15045
MISClenovo -- fingerprint_manager
 Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.2017-10-02not yet calculatedCVE-2015-3321
CONFIRMlenovo -- system-update
 Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.2017-10-02not yet calculatedCVE-2015-6971
CONFIRM
MISClibcsoap  -- libcsoapnanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.2017-10-06not yet calculatedCVE-2015-2297
MLISTlibcurl -- libcurl
 libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.2017-10-06not yet calculatedCVE-2017-1000254
BID
SECTRACK
CONFIRMlibcurl -- libcurl
 When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.2017-10-04not yet calculatedCVE-2017-1000099
BID
SECTRACK
CONFIRM
GENTOOlibofx -- libofx
 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.2017-10-05not yet calculatedCVE-2017-2920
BID
MISClinux -- kernel
 The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.2017-10-03not yet calculatedCVE-2017-14991
CONFIRM
CONFIRM
BID
CONFIRMlinux -- kernel
 Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.2017-10-04not yet calculatedCVE-2017-1000111
BID
SECTRACK
CONFIRMlinux -- kernel
 Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary.2017-10-04not yet calculatedCVE-2017-1000253
BID
SECTRACK
MISClinux -- kernel
 Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.2017-10-04not yet calculatedCVE-2017-1000112
MLIST
BID
SECTRACKloytec -- lvis-3me
 An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access.2017-10-05not yet calculatedCVE-2017-13998
BID
MISCloytec -- lvis-3me
 An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.2017-10-05not yet calculatedCVE-2017-13992
BID
MISCloytec_lvis-3me
 A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.2017-10-05not yet calculatedCVE-2017-13996
BID
MISCmercurial -- mercurial
 Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.2017-10-04not yet calculatedCVE-2017-1000116
BID
GENTOO
CONFIRMmercurial -- mercurial
 Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository2017-10-04not yet calculatedCVE-2017-1000115
BID
GENTOO
CONFIRMmyscada -- mypro
 An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.2017-10-06not yet calculatedCVE-2017-12730
BID
MISCnet/http -- net/http
 The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors.2017-10-04not yet calculatedCVE-2017-1000098
CONFIRM
CONFIRM
CONFIRMnexusphp -- nexusphp
 Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php.2017-10-02not yet calculatedCVE-2017-12792
MISCnode.js -- node.js
 A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.2017-10-03not yet calculatedCVE-2017-15010
BID
CONFIRM
CONFIRM
CONFIRMntdriver.c -- ntdriver.c
 The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.2017-10-02not yet calculatedCVE-2015-7359
MISC
MLIST
MLIST
MISC
CONFIRMoctober -- cms
 October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.2017-10-04not yet calculatedCVE-2017-1000119
CONFIRMopenexr -- openexr
 Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.2017-10-02not yet calculatedCVE-2017-14988
MISCopenkm -- openkm
 Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.2017-10-06not yet calculatedCVE-2014-8957
MISC
BID
MISCopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.2017-10-02not yet calculatedCVE-2017-14759
MISC
MISCopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.2017-10-02not yet calculatedCVE-2017-14755
MISC
MISCopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.2017-10-02not yet calculatedCVE-2017-14754
MISC
MISCopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.2017-10-02not yet calculatedCVE-2017-14757
MISC
MISC
EXPLOIT-DBopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first.2017-10-02not yet calculatedCVE-2017-14758
MISC
MISC
EXPLOIT-DBopentext_document -- sciences_xpression
 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).2017-10-02not yet calculatedCVE-2017-14756
MISC
MISCopenvpn -- openvpn
 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.2017-10-03not yet calculatedCVE-2017-12166
BID
SECTRACK
MISCphilips -- hue_bridge
 Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.2017-09-30not yet calculatedCVE-2017-14797
MISCphpcollab -- phpcollab
 Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.2017-10-02not yet calculatedCVE-2017-6090
MISC
EXPLOIT-DBphpcollab -- phpcollab
 SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php.2017-10-02not yet calculatedCVE-2017-6089
MISC
EXPLOIT-DBpngcrush -- pngcrush
 Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.2017-10-06not yet calculatedCVE-2015-2158
MLIST
BID
CONFIRM
CONFIRMprtg -- network_monitor
 PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.2017-10-03not yet calculatedCVE-2017-15008
MISCprtg -- network_monitor
 PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.2017-10-03not yet calculatedCVE-2017-15009
MISCqnap -- music_station
 QNAP discovered a number of command injection vulnerabilities found in Music Station versions 4.8.6 (for QTS 4.2.x), 5.0.7 (for QTS 4.3.x), and earlier. If exploited, these vulnerabilities may allow a remote attacker to run arbitrary commands on the NAS.2017-10-06not yet calculatedCVE-2017-13069
CONFIRMqnap -- qnap
 QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.2017-10-06not yet calculatedCVE-2017-13068
MISCqt -- qt
 The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.2017-10-03not yet calculatedCVE-2017-15011
MISC
MISCrapid7 -- metasploit
 The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.2017-10-06not yet calculatedCVE-2017-15084
CONFIRMredis -- redis
 The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."2017-10-06not yet calculatedCVE-2017-15047
MISCruby -- ruby
 The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.2017-10-06not yet calculatedCVE-2015-1828
CONFIRM
CONFIRM
CONFIRMsaia_burgess -- pcd_controllers
 An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents.2017-10-04not yet calculatedCVE-2017-9628
BID
MISCschneider_electric -- indusoft_web_studio
 A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes of performing customized calculations or actions. A remote malicious entity could bypass the server authentication and trigger the execution of an arbitrary command. The command is executed under high privileges and could lead to a complete compromise of the server.2017-10-02not yet calculatedCVE-2017-13997
BID
MISCsentinel -- ldk_rte
 Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.2017-10-02not yet calculatedCVE-2017-11498
MISC
MISCsentinel -- ldk_rte
 Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.2017-10-03not yet calculatedCVE-2017-12820
MISCsentinel -- ldk_rte
 Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.2017-10-02not yet calculatedCVE-2017-11496
MISC
MISCsentinel -- ldk_rte
 Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.2017-10-02not yet calculatedCVE-2017-11497
MISC
MISCsentinel -- ldk_rte
 Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution.2017-10-03not yet calculatedCVE-2017-12821
MISCsentinel -- ldk_rte
 Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.2017-10-03not yet calculatedCVE-2017-12822
MISCsentinel -- ldk_rte
 Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.2017-10-03not yet calculatedCVE-2017-12819
MISCsentinel -- ldk_rte
 Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service.2017-10-03not yet calculatedCVE-2017-12818
MISCskybox -- manager_client_application
 Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.2017-10-02not yet calculatedCVE-2017-14772
BID
CONFIRMskybox_security -- skybox_manager_client_application
 Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application.2017-10-02not yet calculatedCVE-2017-14771
BID
CONFIRMskybox_security -- skybox_manager_client_application
 Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process.2017-10-02not yet calculatedCVE-2017-14770
BID
CONFIRMskybox_security -- skybox_manager_client_application
 Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker.2017-10-02not yet calculatedCVE-2017-14773
BID
CONFIRMsmarterstats -- smarterstats
 SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.2017-09-29not yet calculatedCVE-2017-14620
MISC
EXPLOIT-DBsolarwinds -- network_performance_monitor
 The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism.2017-10-02not yet calculatedCVE-2017-9538
BUGTRAQ
BIDsolarwinds -- network_performance_monitor
 Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.2017-10-02not yet calculatedCVE-2017-9537
BUGTRAQ
BIDspidercontrol -- scada_web_server
 An Improper Privilege Management issue was discovered in SpiderControl SCADA Web Server Version 2.02.0007 and prior. Authenticated, non-administrative local users are able to alter service executables with escalated privileges, which could allow an attacker to execute arbitrary code under the context of the current system services.2017-10-04not yet calculatedCVE-2017-12728
BID
MISCstatic_analysis_utilities -- static_analysis_utilities
 The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.2017-10-04not yet calculatedCVE-2017-1000103
BID
CONFIRMsubrion -- cms
 There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.2017-10-06not yet calculatedCVE-2017-15063
MISCtexlive -- texlive
 The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.2017-10-06not yet calculatedCVE-2015-0296
FEDORA
FEDORA
MLIST
BID
CONFIRMtrend_micro -- officescan
 Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.2017-10-05not yet calculatedCVE-2017-14086
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtrend_micro -- officescan
 An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.2017-10-05not yet calculatedCVE-2017-14089
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtrend_micro -- officescan
 A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.2017-10-05not yet calculatedCVE-2017-14084
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtrend_micro -- officescan
 A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.2017-10-05not yet calculatedCVE-2017-14087
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtrend_micro -- officescan
 A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.2017-10-05not yet calculatedCVE-2017-14083
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtrend_micro -- officescan
 Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.2017-10-05not yet calculatedCVE-2017-14088
BID
SECTRACK
MISC
MISC
CONFIRMtrend_micro -- officescan
 Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.2017-10-05not yet calculatedCVE-2017-14085
MISC
BID
SECTRACK
CONFIRM
EXPLOIT-DBtruecrypt -- truecrypt
 The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.2017-10-02not yet calculatedCVE-2015-7358
MISC
MLIST
MLIST
MISC
CONFIRM
EXPLOIT-DBucopia -- wireless_appliance
 The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.2017-10-02not yet calculatedCVE-2017-11322
MISC
EXPLOIT-DBucopia -- wireless_appliance
 The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.2017-10-02not yet calculatedCVE-2017-11321
MISC
EXPLOIT-DBupx -- upx
 p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().2017-10-06not yet calculatedCVE-2017-15056
MISC

wordpress -- wordpress

WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability).2017-10-02not yet calculatedCVE-2017-14990
MISCwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php.2017-10-06not yet calculatedCVE-2014-8758
MISC
MISCwordpress -- wordpress
 Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.2017-10-06not yet calculatedCVE-2014-8492
MISC
MISCwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php.2017-10-06not yet calculatedCVE-2014-7240
MISC
MISCwordpress -- wordpress
 The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for Wordpress allows remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.2017-10-06not yet calculatedCVE-2015-2673
MISCwordpress -- wordpress
 WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.2017-10-02not yet calculatedCVE-2017-14848
EXPLOIT-DBwordpress -- wordpress
 The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal.2017-10-06not yet calculatedCVE-2017-15079
CONFIRM
CONFIRMwordpress -- wordpress
 Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>.2017-10-02not yet calculatedCVE-2015-7357
MISC
FULLDISC
CONFIRM
MISCwso2 -- wso2
 The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS.2017-10-03not yet calculatedCVE-2017-14995
CONFIRMzoho_site24x7 -- mobile_network_poller
 The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.2017-09-29not yet calculatedCVE-2017-14582
BID
MISC loytec -- lvis-3me
 A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a malicious link.2017-10-05not yet calculatedCVE-2017-13994
BID
MISCBack to top

This product is provided subject to this Notification and this Privacy & Use policy.


https://www.us-cert.gov/ncas/bulletins/SB17-282

Categories:
Tags:

[D] [Digg] [FB] [R] [SU] [Tweet] [G]

NEWSMAIL