The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-05-22 | 7.6 | CVE-2017-2501 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement. | 2017-05-22 | 7.5 | CVE-2017-2513 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | 9.3 | CVE-2017-2494 CONFIRM |
| apple -- mac_os_x | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | 9.3 | CVE-2017-2503 CONFIRM |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12. | 2017-05-23 | 7.5 | CVE-2017-9151 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41. | 2017-05-23 | 7.5 | CVE-2017-9152 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13. | 2017-05-23 | 7.5 | CVE-2017-9153 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12. | 2017-05-23 | 7.5 | CVE-2017-9160 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23. | 2017-05-23 | 7.5 | CVE-2017-9161 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2. | 2017-05-23 | 7.5 | CVE-2017-9162 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in pxl-outline.c:106:54. | 2017-05-23 | 7.5 | CVE-2017-9163 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11. | 2017-05-23 | 7.5 | CVE-2017-9164 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11. | 2017-05-23 | 7.5 | CVE-2017-9165 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11. | 2017-05-23 | 7.5 | CVE-2017-9166 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25. | 2017-05-23 | 7.5 | CVE-2017-9167 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25. | 2017-05-23 | 7.5 | CVE-2017-9168 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25. | 2017-05-23 | 7.5 | CVE-2017-9169 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25. | 2017-05-23 | 7.5 | CVE-2017-9170 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24. | 2017-05-23 | 7.5 | CVE-2017-9171 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:496:29. | 2017-05-23 | 7.5 | CVE-2017-9172 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29. | 2017-05-23 | 7.5 | CVE-2017-9173 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7. | 2017-05-23 | 7.5 | CVE-2017-9183 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7. | 2017-05-23 | 7.5 | CVE-2017-9184 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7. | 2017-05-23 | 7.5 | CVE-2017-9185 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17. | 2017-05-23 | 7.5 | CVE-2017-9186 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7. | 2017-05-23 | 7.5 | CVE-2017-9187 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63. | 2017-05-23 | 7.5 | CVE-2017-9188 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15. | 2017-05-23 | 7.5 | CVE-2017-9191 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7. | 2017-05-23 | 7.5 | CVE-2017-9192 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33. | 2017-05-23 | 7.5 | CVE-2017-9193 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29. | 2017-05-23 | 7.5 | CVE-2017-9194 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27. | 2017-05-23 | 7.5 | CVE-2017-9195 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7. | 2017-05-23 | 7.5 | CVE-2017-9196 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55. | 2017-05-23 | 7.5 | CVE-2017-9197 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18. | 2017-05-23 | 7.5 | CVE-2017-9198 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19. | 2017-05-23 | 7.5 | CVE-2017-9199 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63. | 2017-05-23 | 7.5 | CVE-2017-9200 MISC |
| cisco -- firepower_threat_defense | A vulnerability in the logging configuration of Secure Sockets Layer (SSL) policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain TCP packets by the affected software. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to cause a DoS condition. The success of an exploit is dependent on how an administrator has configured logging for SSL policies for a device. This vulnerability affects Cisco FirePOWER System Software that is configured to log connections by using SSL policy default actions. Cisco Bug IDs: CSCvd07072. | 2017-05-21 | 7.8 | CVE-2017-6632 BID CONFIRM |
| dropbear_ssh_project -- dropbear_ssh | The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | 2017-05-19 | 9.3 | CVE-2017-9078 CONFIRM |
| libtiff -- libtiff | In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff. | 2017-05-21 | 7.5 | CVE-2017-9117 MISC BID |
| mimosa -- client_radios | An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user. | 2017-05-21 | 9.0 | CVE-2017-9133 MISC |
| mimosa -- client_radios | An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program like cURL. There is one test accessible via cURL that does not properly sanitize user input, allowing an attacker to execute shell commands as the root user. | 2017-05-21 | 9.0 | CVE-2017-9135 MISC |
| mimosa -- client_radios | An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file from the device's filesystem. This can be used to view unsalted, MD5-hashed administrator passwords, which can then be cracked, giving the attacker full admin access to the device's web interface. This vulnerability can also be used to view the plaintext pre-shared key (PSK) for encrypted wireless connections, or to view the device's serial number (which allows an attacker to factory reset the device). | 2017-05-21 | 7.8 | CVE-2017-9136 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| allendisk_project -- allendisk | reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | 2017-05-19 | 5.0 | CVE-2017-9090 CONFIRM |
| allendisk_project -- allendisk | /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. | 2017-05-19 | 5.0 | CVE-2017-9091 CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly interacts with the history menu. | 2017-05-22 | 4.3 | CVE-2017-2495 CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | 6.8 | CVE-2017-2496 CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book. | 2017-05-22 | 5.8 | CVE-2017-2497 CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. | 2017-05-22 | 5.0 | CVE-2017-2498 BID CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to execute arbitrary unsigned code or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | 6.8 | CVE-2017-2499 CONFIRM CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreAudio" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-05-22 | 4.3 | CVE-2017-2502 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands. | 2017-05-22 | 4.3 | CVE-2017-2504 CONFIRM CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | 6.8 | CVE-2017-2505 CONFIRM CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | 6.8 | CVE-2017-2506 CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | 6.8 | CVE-2017-2514 CONFIRM CONFIRM |
| apple -- iphone_os | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | 6.8 | CVE-2017-2515 CONFIRM CONFIRM CONFIRM |
| apple -- safari | An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 2017-05-22 | 4.3 | CVE-2017-2500 CONFIRM |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11. | 2017-05-23 | 5.0 | CVE-2017-9154 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3. | 2017-05-23 | 5.0 | CVE-2017-9155 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12. | 2017-05-23 | 5.0 | CVE-2017-9156 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14. | 2017-05-23 | 5.0 | CVE-2017-9157 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11. | 2017-05-23 | 5.0 | CVE-2017-9158 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15. | 2017-05-23 | 5.0 | CVE-2017-9159 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23. | 2017-05-23 | 5.0 | CVE-2017-9174 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25. | 2017-05-23 | 5.0 | CVE-2017-9175 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25. | 2017-05-23 | 5.0 | CVE-2017-9176 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:390:12. | 2017-05-23 | 5.0 | CVE-2017-9177 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11. | 2017-05-23 | 5.0 | CVE-2017-9178 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:425:14. | 2017-05-23 | 5.0 | CVE-2017-9179 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the ReadImage function in input-bmp.c:440:14. | 2017-05-23 | 5.0 | CVE-2017-9180 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c. | 2017-05-23 | 5.0 | CVE-2017-9181 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11. | 2017-05-23 | 5.0 | CVE-2017-9182 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and application crash), related to the GET_COLOR function in color.c:16:11. | 2017-05-23 | 5.0 | CVE-2017-9189 MISC |
| autotrace_project -- autotrace | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid free), related to the free_bitmap function in bitmap.c:24:5. | 2017-05-23 | 5.0 | CVE-2017-9190 MISC |
| dropbear_ssh_project -- dropbear_ssh | Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. | 2017-05-19 | 4.7 | CVE-2017-9079 CONFIRM |
| google -- android | Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors. | 2017-05-23 | 5.0 | CVE-2015-1529 BID CONFIRM MISC |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. | 2017-05-22 | 4.3 | CVE-2017-9141 BID CONFIRM CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | 2017-05-22 | 4.3 | CVE-2017-9142 CONFIRM CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | 2017-05-22 | 4.3 | CVE-2017-9143 CONFIRM CONFIRM |
| imagemagick -- imagemagick | In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | 2017-05-22 | 4.3 | CVE-2017-9144 BID CONFIRM |
| imageworsener_project -- imageworsener | The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | 2017-05-19 | 4.3 | CVE-2017-9093 CONFIRM |
| imageworsener_project -- imageworsener | The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | 2017-05-19 | 4.3 | CVE-2017-9094 CONFIRM |
| libtiff -- libtiff | LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. | 2017-05-22 | 4.3 | CVE-2017-9147 MISC BID |
| mimosa -- client_radios | An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka "unauthenticated remote command execution." This command can be re-sent endlessly to act as a DoS attack on the client. | 2017-05-21 | 5.0 | CVE-2017-9131 MISC |
| mimosa -- client_radios | A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface. | 2017-05-21 | 5.0 | CVE-2017-9132 MISC |
| mimosa -- client_radios | An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant because there is another page (accessible without any authentication) that allows you to remotely factory reset the device simply by entering the serial number. | 2017-05-21 | 5.0 | CVE-2017-9134 MISC |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| linux -- linux_kernel | The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls. | 2017-05-22 | 2.1 | CVE-2017-9150 MISC MISC MISC MISC |
| rsa -- adaptive_authentication_(on_premise) | EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 2017-05-19 | 3.5 | CVE-2017-4978 CONFIRM BID |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 7_zip -- 7_zip_for_windows |
Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-05-22 | not yet calculated | CVE-2016-7804 JVNDB CONFIRM JVN |
| alienvault -- ossim |
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script. | 2017-05-23 | not yet calculated | CVE-2015-4045 BID MISC CONFIRM |
| alienvault -- ossim |
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. | 2017-05-23 | not yet calculated | CVE-2015-4046 BID MISC CONFIRM |
| apache -- archiva |
Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site opened in the same browser as the archiva site, may send an HTML response that performs arbitrary actions on archiva services, with the same rights as the active archiva session (e.g. administrator rights). | 2017-05-22 | not yet calculated | CVE-2017-5657 CONFIRM BID |
| apache -- knox |
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release. | 2017-05-26 | not yet calculated | CVE-2017-5646 MLIST |
| apple -- ios_macos |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-6991 CONFIRM CONFIRM |
| apple -- ios_safari | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames. | 2017-05-22 | not yet calculated | CVE-2017-2528 CONFIRM CONFIRM |
| apple -- ios_safari | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2526 CONFIRM CONFIRM |
| apple -- ios_safari | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes. | 2017-05-22 | not yet calculated | CVE-2017-2508 CONFIRM CONFIRM |
| apple -- ios_safari |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events. | 2017-05-22 | not yet calculated | CVE-2017-2510 CONFIRM CONFIRM |
| apple -- ios_safari |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2538 CONFIRM CONFIRM |
| apple -- ios_safari |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2547 CONFIRM CONFIRM |
| apple -- ios_safari |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2539 CONFIRM CONFIRM |
| apple -- ios |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6982 BID CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2548 CONFIRM |
| apple -- macos | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. | 2017-05-22 | not yet calculated | CVE-2017-6988 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "HFS" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6990 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6986 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6985 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6978 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2546 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2545 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2540 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6977 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2544 CONFIRM CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2542 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2543 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Sandbox" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2512 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2535 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2509 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2534 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2541 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2537 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2533 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "CoreAnimation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via crafted data. | 2017-05-22 | not yet calculated | CVE-2017-2527 CONFIRM |
| apple -- macos |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2516 CONFIRM |
| apple -- multiple_products | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. | 2017-05-22 | not yet calculated | CVE-2017-2520 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products | An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. | 2017-05-22 | not yet calculated | CVE-2017-2522 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6987 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. | 2017-05-22 | not yet calculated | CVE-2017-2523 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2525 CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-6980 CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-6984 CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. | 2017-05-22 | not yet calculated | CVE-2017-2524 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading. | 2017-05-22 | not yet calculated | CVE-2017-2549 CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-2507 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6999 BID CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement. | 2017-05-22 | not yet calculated | CVE-2017-2519 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6996 BID CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2536 CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. | 2017-05-22 | not yet calculated | CVE-2017-2518 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6989 CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2530 CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6997 BID CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6979 BID CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6998 BID CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2531 CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6994 BID CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2521 CONFIRM CONFIRM CONFIRM CONFIRM |
| apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2017-05-22 | not yet calculated | CVE-2017-6995 BID CONFIRM CONFIRM CONFIRM |
| apple -- safari |
An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-2511 CONFIRM |
| apple -- ios_macos |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that uses symlinks. | 2017-05-22 | not yet calculated | CVE-2017-6981 CONFIRM CONFIRM |
| apple -- ios_macos |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 2017-05-22 | not yet calculated | CVE-2017-6983 CONFIRM CONFIRM |
| artifex -- ghostscript | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. | 2017-05-23 | not yet calculated | CVE-2016-7979 CONFIRM MLIST BID CONFIRM |
| artifex -- ghostscript |
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. | 2017-05-23 | not yet calculated | CVE-2016-7977 CONFIRM MLIST MLIST BID CONFIRM CONFIRM |
| artifex -- ghostscript |
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. | 2017-05-23 | not yet calculated | CVE-2016-7978 MLIST BID CONFIRM |
| artifex -- jbig2dec |
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. | 2017-05-24 | not yet calculated | CVE-2017-9216 MISC |
| asp.net -- webforms_report_viewer |
Cross-site scripting (XSS) vulnerability in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-05-22 | not yet calculated | CVE-2017-9140 CONFIRM |
| bitcoin_project -- bitcoin |
The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. | 2017-05-24 | not yet calculated | CVE-2017-9230 MISC BID MISC MISC MISC MISC MISC |
| bmw -- 330i_2011 |
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name. | 2017-05-23 | not yet calculated | CVE-2017-9212 MISC |
| bosh -- bosh_director_vm |
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID. | 2017-05-25 | not yet calculated | CVE-2016-4435 CONFIRM |
| canonical -- juju |
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root. | 2017-05-27 | not yet calculated | CVE-2017-9232 CONFIRM |
| ceregon -- fibeair_ip-10_wireless_radios |
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device's settings. However, when using SSH, this gives an attacker access to a Linux shell. | 2017-05-21 | not yet calculated | CVE-2017-9137 MISC |
| cisco -- identity_services_engine |
A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803. | 2017-05-21 | not yet calculated | CVE-2017-6653 BID CONFIRM |
| cisco -- industrial_ethernet_1000_series_switches |
A vulnerability in the Device Manager web interface of Cisco Industrial Ethernet 1000 Series Switches 1.3 could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the Device Manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the Device Manager web interface and with the privileges of the user. Cisco Bug IDs: CSCvc88811. | 2017-05-21 | not yet calculated | CVE-2017-6634 BID CONFIRM |
| cisco -- ip_phone |
A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795. | 2017-05-21 | not yet calculated | CVE-2017-6630 BID CONFIRM |
| cisco -- nx-os_system_software |
A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus 5000 Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771. | 2017-05-21 | not yet calculated | CVE-2017-6650 BID CONFIRM |
| cisco -- nx-os_system_software |
A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus 5000 Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787. | 2017-05-21 | not yet calculated | CVE-2017-6649 BID CONFIRM |
| cisco -- prime_collaboration_provisioning_software |
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 12.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99597. | 2017-05-21 | not yet calculated | CVE-2017-6635 BID CONFIRM |
| cisco -- prime_collaboration_provisioning_software |
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to delete any file from the system. Cisco Bug IDs: CSCvc99618. | 2017-05-21 | not yet calculated | CVE-2017-6637 BID CONFIRM |
| cisco -- prime_collaboration_provisioning_software |
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software (prior to Release 11.1) could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests and fails to apply role-based access controls (RBACs) to requested HTTP URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request that uses directory traversal techniques to submit a path to a desired file location on an affected system. A successful exploit could allow the attacker to view any file on the system. Cisco Bug IDs: CSCvc99604. | 2017-05-21 | not yet calculated | CVE-2017-6636 BID CONFIRM |
| cisco -- remote_expert_manager_software |
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52856. | 2017-05-21 | not yet calculated | CVE-2017-6642 BID CONFIRM |
| cisco -- remote_expert_manager_software |
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52858. | 2017-05-21 | not yet calculated | CVE-2017-6643 BID CONFIRM |
| cisco -- remote_expert_manager_software |
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52861. | 2017-05-21 | not yet calculated | CVE-2017-6645 BID CONFIRM |
| cisco -- remote_expert_manager_software |
A vulnerability in the TCP connection handling functionality of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to disable TCP ports and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to a lack of rate-limiting functionality in the TCP Listen application of the affected software. An attacker could exploit this vulnerability by sending a crafted TCP traffic stream in which specific types of TCP packets are flooded to an affected device, for example a TCP packet stream in which the TCP FIN bit is set in all the TCP packets. A successful exploit could allow the attacker to cause certain TCP listening ports on the affected system to stop accepting incoming connections for a period of time or until the affected device is restarted, resulting in a DoS condition. In addition, system resources, such as CPU and memory, could be exhausted during the attack. Cisco Bug IDs: CSCva29806. | 2017-05-21 | not yet calculated | CVE-2017-6641 BID CONFIRM |
| cisco -- remote_expert_manager_software |
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52860. | 2017-05-21 | not yet calculated | CVE-2017-6644 BID CONFIRM |
| cisco -- remote_expert_manager_software |
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Temporary File information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52875. | 2017-05-21 | not yet calculated | CVE-2017-6647 BID CONFIRM |
| cisco -- remote_expert_manager_software |
A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52866 CSCvc52868. | 2017-05-21 | not yet calculated | CVE-2017-6646 BID CONFIRM |
| cisco -- secure_bytes_secure_cisco_auditor |
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. | 2017-05-21 | not yet calculated | CVE-2017-9024 MISC EXPLOIT-DB |
| cisco -- ucs_c-rack_servers |
A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544. | 2017-05-21 | not yet calculated | CVE-2017-6633 BID CONFIRM |
| cisco -- unified_communications_manager |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvc06608. | 2017-05-21 | not yet calculated | CVE-2017-6654 BID CONFIRM |
| contao -- contao |
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors. | 2017-05-26 | not yet calculated | CVE-2015-0269 CONFIRM CONFIRM CONFIRM |
| contiki -- operating_system |
An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing function. This resulted in a board crash, which can be used to perform denial of service. | 2017-05-27 | not yet calculated | CVE-2017-7295 MISC |
| contiki -- operating_system |
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configure that device's operation by sending HTTP POST requests. The vulnerability consists of improper input sanitisation of the text fields on the MQTT/IBM Cloud config page, allowing for JavaScript code injection. | 2017-05-27 | not yet calculated | CVE-2017-7296 MISC |
| d-link -- dir-600m |
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | 2017-05-21 | not yet calculated | CVE-2017-9100 MISC EXPLOIT-DB MISC |
| emperical_project_monitor-extended -- emperical_project_monitor-extended |
Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-05-22 | not yet calculated | CVE-2017-2173 JVNDB JVN CONFIRM |
| emperical_project_monitor-extended -- emperical_project_monitor-extended |
Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-05-22 | not yet calculated | CVE-2017-2174 JVNDB JVN CONFIRM |
| emperical_project_monitor-extended -- emperical_project_monitor-extended |
Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-05-22 | not yet calculated | CVE-2017-2175 JVNDB JVN CONFIRM |
| etax -- etax_software |
Untrusted search path vulnerability in The installer of eTax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-05-22 | not yet calculated | CVE-2016-4901 JVNDB MISC BID JVN |
| evernote -- evernote |
Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-05-22 | not yet calculated | CVE-2016-4900 JVNDB BID CONFIRM JVN |
| exiv2 -- exiv2 |
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. | 2017-05-26 | not yet calculated | CVE-2017-9239 MISC MISC |
| f5 -- big-ip |
In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. | 2017-05-23 | not yet calculated | CVE-2017-6131 CONFIRM |
| fortinet -- fortianlyzer_fortimanager |
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | 2017-05-26 | not yet calculated | CVE-2017-3126 CONFIRM |
| fortinet -- fortios |
An escalation of privilege vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.3 and below allows an attacker to gain root privilege via the subproc file. | 2017-05-26 | not yet calculated | CVE-2016-8497 CONFIRM |
| fortinet -- fortios |
A potential execution of unauthorized code or commands vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.2 and below allows attacker to potentially overwrite an existing file via the FortiClient log file. | 2017-05-26 | not yet calculated | CVE-2016-8496 CONFIRM |
| fortinet -- fortios |
A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter. | 2017-05-23 | not yet calculated | CVE-2017-3128 BID CONFIRM |
| fortinet -- fortiportal |
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | 2017-05-26 | not yet calculated | CVE-2017-7343 CONFIRM |
| fortinet -- fortiportal |
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. | 2017-05-26 | not yet calculated | CVE-2017-7337 CONFIRM |
| fortinet -- fortiportal |
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | 2017-05-26 | not yet calculated | CVE-2017-7339 CONFIRM |
| fortinet -- fortiportal |
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | 2017-05-26 | not yet calculated | CVE-2017-7338 CONFIRM |
| fortinet -- fortiportal |
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | 2017-05-26 | not yet calculated | CVE-2017-7731 CONFIRM |
| fortinet -- fortiwlc-sd |
An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'. | 2017-05-26 | not yet calculated | CVE-2017-3134 CONFIRM |
| fortinet -- fortiweb |
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature. | 2017-05-26 | not yet calculated | CVE-2017-3129 CONFIRM |
| gajim -- gajim |
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions. | 2017-05-27 | not yet calculated | CVE-2016-10376 MISC MISC MISC MISC |
| gntls_libtasn1 -- gntls_libtasn1 |
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility. | 2017-05-22 | not yet calculated | CVE-2017-6891 CONFIRM MISC MISC |
| google -- chrome |
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | 2017-05-23 | not yet calculated | CVE-2016-5177 SUSE SUSE REDHAT DEBIAN BID SECTRACK CONFIRM CONFIRM FEDORA FEDORA |
| google -- chrome |
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2017-05-23 | not yet calculated | CVE-2016-5178 SUSE SUSE REDHAT DEBIAN BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM FEDORA FEDORA |
| hancom -- thinkfree_office_neo |
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability. | 2017-05-24 | not yet calculated | CVE-2017-2819 MISC |
| huawei -- p7_phones |
The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application. | 2017-05-23 | not yet calculated | CVE-2015-8089 CONFIRM |
| huawei -- wlan_devices |
The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network. | 2017-05-23 | not yet calculated | CVE-2015-6586 BID CONFIRM |
| ibm -- business_process_manager |
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. | 2017-05-22 | not yet calculated | CVE-2017-1159 CONFIRM BID |
| ibm -- content_navigator_cmis |
IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124760. | 2017-05-22 | not yet calculated | CVE-2017-1282 CONFIRM BID |
| ibm -- informix_open_admin_tool |
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390. | 2017-05-22 | not yet calculated | CVE-2017-1092 CONFIRM |
| ibm -- inotes |
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976. | 2017-05-26 | not yet calculated | CVE-2017-1325 CONFIRM MISC |
| ibm -- marketing_platform |
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282. | 2017-05-22 | not yet calculated | CVE-2016-6112 CONFIRM |
| ibm -- maximo_asset_management |
IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153. | 2017-05-26 | not yet calculated | CVE-2017-1292 CONFIRM MISC |
| ibm -- maximo_asset_management |
IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152. | 2017-05-26 | not yet calculated | CVE-2017-1291 CONFIRM MISC |
| ibm -- sdk |
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. | 2017-05-22 | not yet calculated | CVE-2017-1289 BID CONFIRM |
| ibm -- tivoli_federated_identity_manager |
IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732. | 2017-05-22 | not yet calculated | CVE-2017-1320 CONFIRM |
| imagemagick -- imagemagick_graphicsmagick |
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. | 2017-05-19 | not yet calculated | CVE-2017-9098 MISC BID MISC MISC |
| imageworsener -- imageworsener |
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. | 2017-05-23 | not yet calculated | CVE-2017-9204 MISC MISC |
| imageworsener -- imageworsener |
The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. | 2017-05-23 | not yet calculated | CVE-2017-9207 MISC MISC |
| imageworsener -- imageworsener |
imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. | 2017-05-23 | not yet calculated | CVE-2017-9202 MISC MISC |
| imageworsener -- imageworsener |
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. | 2017-05-23 | not yet calculated | CVE-2017-9206 MISC MISC |
| imageworsener -- imageworsener |
The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. | 2017-05-23 | not yet calculated | CVE-2017-9205 MISC MISC |
| imageworsener -- imageworsener |
imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. | 2017-05-23 | not yet calculated | CVE-2017-9201 MISC MISC |
| imageworsener -- imageworsener |
imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c. | 2017-05-23 | not yet calculated | CVE-2017-9203 MISC MISC |
| jasypt -- jasypt |
jasypt before 1.9.2 allows a timing attack against the password hash comparison. | 2017-05-21 | not yet calculated | CVE-2014-9970 CONFIRM |
| lenovo -- lenovo_solution_center |
The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. | 2017-05-23 | not yet calculated | CVE-2016-1876 CONFIRM |
| libconfig-model-perl -- libconfig-model-perl |
The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file. | 2017-05-23 | not yet calculated | CVE-2017-0373 CONFIRM CONFIRM CONFIRM |
| libconfig-model-perl -- libconfig-model-perl |
lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array. | 2017-05-23 | not yet calculated | CVE-2017-0374 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel |
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application. | 2017-05-23 | not yet calculated | CVE-2017-9211 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel |
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | 2017-05-26 | not yet calculated | CVE-2017-9242 CONFIRM CONFIRM CONFIRM |
| linux -- linux |
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. | 2017-05-23 | not yet calculated | CVE-2017-9214 CONFIRM |
| linux -- linux_kernel | The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 2017-05-19 | not yet calculated | CVE-2017-9077 CONFIRM BID CONFIRM CONFIRM |
| linux -- linux_kernel |
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. | 2017-05-19 | not yet calculated | CVE-2017-9074 CONFIRM BID CONFIRM CONFIRM |
| linux -- linux_kernel |
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 2017-05-19 | not yet calculated | CVE-2017-9075 CONFIRM BID CONFIRM CONFIRM |
| linux -- linux_kernel |
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | 2017-05-19 | not yet calculated | CVE-2017-9076 CONFIRM BID CONFIRM CONFIRM |
| mantisbt -- mantisbt |
MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI. | 2017-05-21 | not yet calculated | CVE-2017-7620 MISC CONFIRM CONFIRM EXPLOIT-DB |
| marklogic -- marklogic |
An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. | 2017-05-23 | not yet calculated | CVE-2017-2797 MISC |
| marklogic -- marklogic |
An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. | 2017-05-23 | not yet calculated | CVE-2017-2793 MISC |
| marklogic -- marklogic |
An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious xls file to trigger this vulnerability. | 2017-05-23 | not yet calculated | CVE-2017-2783 MISC |
| marklogic -- marklogic |
An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability. | 2017-05-23 | not yet calculated | CVE-2017-2794 MISC |
| marklogic -- marklogic |
An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability. | 2017-05-24 | not yet calculated | CVE-2017-2798 MISC |
| marklogic -- marklogic |
An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability. | 2017-05-24 | not yet calculated | CVE-2017-2799 MISC |
| metadata_anonymisation_toolkit -- metadata_anonymisation_toolkit |
Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted. | 2017-05-22 | not yet calculated | CVE-2017-9149 MISC MISC MISC MISC |
| microsoft -- multiple_products |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. | 2017-05-26 | not yet calculated | CVE-2017-8542 CONFIRM |
| microsoft -- multiple_products |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540. | 2017-05-26 | not yet calculated | CVE-2017-8541 CONFIRM |
| microsoft -- multiple_products |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | 2017-05-26 | not yet calculated | CVE-2017-8536 CONFIRM |
| microsoft -- multiple_products |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | 2017-05-26 | not yet calculated | CVE-2017-8535 CONFIRM |
| microsoft -- multiple_products |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541. | 2017-05-26 | not yet calculated | CVE-2017-8540 CONFIRM |
| microsoft -- multiple_products |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. | 2017-05-26 | not yet calculated | CVE-2017-8539 CONFIRM |
| microsoft -- multiple_products |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542. | 2017-05-26 | not yet calculated | CVE-2017-8537 CONFIRM |
| microsoft -- multiple_products |
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541. | 2017-05-26 | not yet calculated | CVE-2017-8538 CONFIRM |
| netapp -- oncommand_unified_manager_core_package | SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2017-05-25 | not yet calculated | CVE-2017-7236 CONFIRM |
| netapp -- oncommand_unified_manager_core_package |
NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. | 2017-05-25 | not yet calculated | CVE-2017-7439 CONFIRM |
| netcar -- wnr2000_devices |
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261. | 2017-05-26 | not yet calculated | CVE-2017-6862 CONFIRM |
| ntt_docomo -- l-04d |
Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. | 2017-05-22 | not yet calculated | CVE-2016-4854 JVNDB BID JVN |
| oniguruma -- oniguruma |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. | 2017-05-24 | not yet calculated | CVE-2017-9229 CONFIRM CONFIRM |
| oniguruma -- oniguruma |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. | 2017-05-24 | not yet calculated | CVE-2017-9226 CONFIRM CONFIRM CONFIRM |
| oniguruma -- oniguruma |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. | 2017-05-24 | not yet calculated | CVE-2017-9228 CONFIRM CONFIRM |
| oniguruma -- oniguruma |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. | 2017-05-24 | not yet calculated | CVE-2017-9224 CONFIRM CONFIRM |
| oniguruma -- oniguruma |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. | 2017-05-24 | not yet calculated | CVE-2017-9225 CONFIRM CONFIRM |
| oniguruma -- oniguruma |
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. | 2017-05-24 | not yet calculated | CVE-2017-9227 CONFIRM CONFIRM |
| open_source_solutions -- vimbadmin |
Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) transport parameter to domain/add; the (3) name parameter to mailbox/add/did/<domain id>; the (4) goto parameter to alias/add/did/<domain id>; or the (5) captchatext parameter to auth/lost-password. | 2017-05-23 | not yet calculated | CVE-2017-5870 MLIST MISC |
| open_vpn -- access_server |
CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attackers to inject arbitrary HTTP headers and consequently conduct session fixation attacks and possibly HTTP response splitting attacks via "%0A" characters in the PATH_INFO to __session_start__/. | 2017-05-25 | not yet calculated | CVE-2017-5868 MLIST SECTRACK MISC |
| openexr -- openexr |
In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. | 2017-05-21 | not yet calculated | CVE-2017-9114 MISC |
| openexr -- openexr |
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. | 2017-05-21 | not yet calculated | CVE-2017-9110 MISC |
| openexr -- openexr |
In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. | 2017-05-21 | not yet calculated | CVE-2017-9112 MISC |
| openexr -- openexr |
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. | 2017-05-21 | not yet calculated | CVE-2017-9111 MISC |
| openexr -- openexr |
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. | 2017-05-21 | not yet calculated | CVE-2017-9115 MISC |
| openexr -- openexr |
In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. | 2017-05-21 | not yet calculated | CVE-2017-9116 MISC |
| openexr -- openexr |
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. | 2017-05-21 | not yet calculated | CVE-2017-9113 MISC |
| pegasus_mail -- pegasus_mail |
winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack. | 2017-05-21 | not yet calculated | CVE-2017-9046 MISC |
| pgbouncer -- pgbouncer |
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username. | 2017-05-23 | not yet calculated | CVE-2015-6817 MISC MLIST CONFIRM CONFIRM CONFIRM GENTOO |
| pgbouncer -- pgbouncer |
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet. | 2017-05-23 | not yet calculated | CVE-2015-4054 MLIST BID CONFIRM CONFIRM CONFIRM CONFIRM GENTOO |
| php -- php |
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures. | 2017-05-21 | not yet calculated | CVE-2017-9119 BID MISC |
| picocom -- picocom |
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely. | 2017-05-27 | not yet calculated | CVE-2015-9059 CONFIRM |
| pivotal -- cloud_foundry |
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container. | 2017-05-25 | not yet calculated | CVE-2015-1834 CONFIRM |
| pivotal -- cloud_foundry |
It was discovered that cf-release v231 and lower, Pivotal Cloud Foundry Elastic Runtime 1.5.x versions prior to 1.5.17 and Pivotal Cloud Foundry Elastic Runtime 1.6.x versions prior to 1.6.18 do not properly enforce disk quotas in certain cases. An attacker could use an improper disk quota value to bypass enforcement and consume all the disk on DEAs/CELLs causing a potential denial of service for other applications. | 2017-05-25 | not yet calculated | CVE-2016-0780 CONFIRM |
| pivotal -- cloud_foundry |
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter. | 2017-05-25 | not yet calculated | CVE-2015-3190 CONFIRM |
| pivotal -- cloud_foundry |
Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host. | 2017-05-25 | not yet calculated | CVE-2016-0761 CONFIRM |
| pivotal -- cloud_foundry |
The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in either the OAuth scopes (SCIM groups) or SCIM group descriptions. | 2017-05-25 | not yet calculated | CVE-2016-0781 CONFIRM |
| pivotal -- cloud_foundry |
With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. | 2017-05-25 | not yet calculated | CVE-2015-3191 CONFIRM |
| pivotal -- cloud_foundry |
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. | 2017-05-25 | not yet calculated | CVE-2015-3189 CONFIRM |
| pivotal -- spring_framework |
Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download (RFD) attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the response. | 2017-05-25 | not yet calculated | CVE-2015-5211 CONFIRM MISC |
| pivotal -- spring_framework |
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack. | 2017-05-25 | not yet calculated | CVE-2014-0225 CONFIRM |
| pivotal -- spring_security |
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type. | 2017-05-25 | not yet calculated | CVE-2016-4977 CONFIRM |
| pivotal -- spring_security |
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. | 2017-05-25 | not yet calculated | CVE-2016-5007 BID CONFIRM |
| pivotal -- spring_security |
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password. | 2017-05-25 | not yet calculated | CVE-2014-0097 CONFIRM |
| pivotal -- spring_security |
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users. | 2017-05-25 | not yet calculated | CVE-2014-3527 CONFIRM |
| pivotal -- cloud_foundry |
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. | 2017-05-25 | not yet calculated | CVE-2016-3084 CONFIRM |
| pivotal -- cloud_foundry |
The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts to be written directly into the 404 response. | 2017-05-25 | not yet calculated | CVE-2016-2165 CONFIRM |
| playsms -- playsms |
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file. | 2017-05-21 | not yet calculated | CVE-2017-9101 EXPLOIT-DB |
| pngquant -- pngquant |
Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. | 2017-05-23 | not yet calculated | CVE-2016-5735 MISC CONFIRM |
| power_software -- poweriso |
A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability. | 2017-05-24 | not yet calculated | CVE-2017-2823 MISC |
| power_software -- poweriso |
A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability. | 2017-05-24 | not yet calculated | CVE-2017-2817 MISC |
| qemu -- qemu |
Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. | 2017-05-23 | not yet calculated | CVE-2017-8379 MLIST BID MLIST |
| qemu -- qemu |
Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | 2017-05-23 | not yet calculated | CVE-2017-8309 BID MLIST |
| qpdf -- qpdf |
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. | 2017-05-23 | not yet calculated | CVE-2017-9208 MISC |
| qpdf -- qpdf |
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. | 2017-05-23 | not yet calculated | CVE-2017-9209 MISC |
| qpdf -- qpdf |
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. | 2017-05-23 | not yet calculated | CVE-2017-9210 MISC |
| randombit_botan -- randombit_botan |
A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability. | 2017-05-24 | not yet calculated | CVE-2017-2801 MISC BID |
| red_hat -- jboss_application_server | HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data. | 2017-05-19 | not yet calculated | CVE-2017-7504 BID CONFIRM |
| redmine -- redmine |
Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering. | 2017-05-23 | not yet calculated | CVE-2015-8477 MLIST MLIST CONFIRM CONFIRM CONFIRM |
| roundcube -- roundcube_webmail | program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. | 2017-05-23 | not yet calculated | CVE-2015-5382 MLIST MLIST CONFIRM CONFIRM CONFIRM CONFIRM |
| roundcube -- roundcube_webmail |
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory. | 2017-05-23 | not yet calculated | CVE-2015-5383 MLIST CONFIRM CONFIRM CONFIRM |
| roundcube -- roundcube_webmail |
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. | 2017-05-23 | not yet calculated | CVE-2015-5381 CONFIRM MLIST CONFIRM CONFIRM CONFIRM |
| sap -- business_one_for_android |
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065. | 2017-05-25 | not yet calculated | CVE-2016-6256 MISC BID EXPLOIT-DB |
| sap -- hana_xs |
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694. | 2017-05-23 | not yet calculated | CVE-2017-8914 BID MISC MISC |
| sap -- hana_xs |
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694. | 2017-05-23 | not yet calculated | CVE-2017-8915 BID MISC MISC |
| sap -- netweaver_as_java |
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873. | 2017-05-23 | not yet calculated | CVE-2017-8913 MISC MISC |
| schneider_electric -- wonderwall_indusoft_web_studio |
An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges. | 2017-05-19 | not yet calculated | CVE-2017-7968 MISC BID MISC |
| sitecore -- crm |
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. | 2017-05-23 | not yet calculated | CVE-2017-5966 MISC |
| sitecore -- crm |
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file. | 2017-05-23 | not yet calculated | CVE-2017-5965 MISC |
| synacore -- zimbra_collaboration_suite |
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-05-23 | not yet calculated | CVE-2017-7288 BID CONFIRM CONFIRM |
| synacore -- zimbra_collaboration_suite |
A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations. | 2017-05-23 | not yet calculated | CVE-2017-6813 BID CONFIRM CONFIRM |
| synacore -- zimbra_collaboration_suite |
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | 2017-05-23 | not yet calculated | CVE-2017-6821 BID CONFIRM CONFIRM |
| systemd-resolved -- systemd-resolved |
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section. | 2017-05-24 | not yet calculated | CVE-2017-9217 CONFIRM CONFIRM CONFIRM |
| tenda -- routers |
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password. | 2017-05-21 | not yet calculated | CVE-2017-9138 MISC |
| tenda -- routers |
There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seconds. | 2017-05-21 | not yet calculated | CVE-2017-9139 MISC |
| teradata -- teradata_gateway |
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message. | 2017-05-23 | not yet calculated | CVE-2015-5401 MISC SECTRACK MISC |
| the_foreman -- the_foreman |
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. | 2017-05-26 | not yet calculated | CVE-2017-7505 CONFIRM CONFIRM |
| toshiba -- flashair_sdhc_memory_card |
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoShare function through a web browser. | 2017-05-22 | not yet calculated | CVE-2017-2162 JVNDB CONFIRM JVN |
| toshiba -- flashair_sdhc_memory_card |
FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspecified vectors. | 2017-05-22 | not yet calculated | CVE-2017-2161 JVNDB CONFIRM JVN |
| toshiba -- flashair |
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data. | 2017-05-22 | not yet calculated | CVE-2016-4863 JVNDB BID JVN |
| trend_micro -- serverprotect_for_linux |
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T114, (7) T115, (8) T117117, (9) T118, (10) T_action_fail, (11) T_ptn_update, (12) textarea, (13) textfield5, or (14) tmLastConfigFileModifiedDate parameter to notification.cgi. | 2017-05-25 | not yet calculated | CVE-2017-9037 MISC FULLDISC SECTRACK CONFIRM MISC |
| trend_micro -- serverprotect_for_linux |
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi. | 2017-05-25 | not yet calculated | CVE-2017-9032 MISC FULLDISC SECTRACK CONFIRM MISC |
| trend_micro -- serverprotect_for_linux |
Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens. | 2017-05-25 | not yet calculated | CVE-2017-9033 MISC FULLDISC SECTRACK CONFIRM MISC |
| trend_micro -- serverprotect_for_linux |
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. | 2017-05-25 | not yet calculated | CVE-2017-9036 MISC FULLDISC SECTRACK CONFIRM MISC |
| trend_micro -- serverprotect_for_linux |
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. | 2017-05-25 | not yet calculated | CVE-2017-9035 MISC FULLDISC SECTRACK CONFIRM MISC |
| trend_micro -- serverprotect_for_linux |
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates. | 2017-05-25 | not yet calculated | CVE-2017-9034 MISC FULLDISC SECTRACK CONFIRM MISC |
| vanilla_forums -- vanilla_forums |
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request. | 2017-05-23 | not yet calculated | CVE-2016-10073 MISC MISC CONFIRM EXPLOIT-DB |
| videolan_vlc -- videolan_vlc |
Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file. | 2017-05-23 | not yet calculated | CVE-2017-8312 CONFIRM |
| videolan_vlc -- videolan_vlc |
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file. | 2017-05-23 | not yet calculated | CVE-2017-8311 CONFIRM |
| videolan_vlc -- videolan_vlc |
Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file. | 2017-05-23 | not yet calculated | CVE-2017-8310 CONFIRM BID |
| videolan_vlc -- videolan_vlc |
Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process via a crafted subtitles file. | 2017-05-23 | not yet calculated | CVE-2017-8313 CONFIRM |
| virgl -- virglrenderer |
The vrend_clear dispatch function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted value in "buffers." | 2017-05-26 | not yet calculated | CVE-2017-9021 CONFIRM MLIST |
| vmware -- workstation_pro/player |
VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machine. | 2017-05-22 | not yet calculated | CVE-2017-4916 BID CONFIRM |
| vmware -- workstation_pro/player |
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine. | 2017-05-22 | not yet calculated | CVE-2017-4915 BID CONFIRM |
| wolfssl -- wolfssl |
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library. | 2017-05-24 | not yet calculated | CVE-2017-2800 MISC |
| wordpress -- wordpress |
Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-05-22 | not yet calculated | CVE-2017-2168 JVNDB JVN CONFIRM |
| wordpress -- wordpress |
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php. | 2017-05-23 | not yet calculated | CVE-2015-5609 MLIST MLIST MISC |
| wordpress -- wordpress |
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable. | 2017-05-23 | not yet calculated | CVE-2015-5682 MLIST MISC |
| wordpress -- wordpress |
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php. | 2017-05-23 | not yet calculated | CVE-2015-5469 MLIST MLIST MISC |
| wordpress -- wordpress |
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php. | 2017-05-23 | not yet calculated | CVE-2015-4704 MISC MISC |
| wordpress -- wordpress |
Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-05-22 | not yet calculated | CVE-2017-2169 JVNDB JVN CONFIRM |
| wordpress -- wordpress |
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php. | 2017-05-23 | not yet calculated | CVE-2015-5468 MLIST MLIST MISC CONFIRM |
| wordpress -- wordpress |
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu. | 2017-05-22 | not yet calculated | CVE-2017-2171 JVNDB JVN |
| wordpress -- wordpress |
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary. | 2017-05-23 | not yet calculated | CVE-2015-4455 MISC MISC |
| wordpress -- wp-olivecart |
SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors. | 2017-05-22 | not yet calculated | CVE-2016-4905 JVNDB BID CONFIRM JVN |
| wordpress -- wp-olivecart |
Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors. | 2017-05-22 | not yet calculated | CVE-2016-4904 JVNDB BID CONFIRM JVN |
| wordpress -- wp-olivecart |
Cross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2017-05-22 | not yet calculated | CVE-2016-4903 BID CONFIRM JVN |
| xbmc/kodi_foundation -- kodi |
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. | 2017-05-23 | not yet calculated | CVE-2017-8314 BID CONFIRM |
| yodl -- yodl |
Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c. | 2017-05-26 | not yet calculated | CVE-2016-10375 CONFIRM CONFIRM |
| ytnef -- ytnef |
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. | 2017-05-22 | not yet calculated | CVE-2017-9146 MISC MISC |
| zabbix -- zabbix_server |
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability. | 2017-05-24 | not yet calculated | CVE-2017-2824 BID MISC |
| zlib -- zlib | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | 2017-05-23 | not yet calculated | CVE-2016-9843 SUSE SUSE SUSE MLIST BID CONFIRM CONFIRM GENTOO MISC MISC |
| zlib -- zlib | inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | 2017-05-23 | not yet calculated | CVE-2016-9841 SUSE SUSE SUSE MLIST BID CONFIRM CONFIRM GENTOO MISC MISC |
| zlib -- zlib |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | 2017-05-23 | not yet calculated | CVE-2016-9840 SUSE SUSE SUSE MLIST BID CONFIRM CONFIRM GENTOO MISC MISC |
| zlib -- zlib |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | 2017-05-23 | not yet calculated | CVE-2016-9842 SUSE SUSE SUSE MLIST BID CONFIRM CONFIRM GENTOO MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2rfEtc7
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.