The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
k7computing -- antivirus | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request. | 2017-12-15 | 7.5 | CVE-2017-17699 MISC |
k7computing -- antivirus | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request. | 2017-12-15 | 7.5 | CVE-2017-17700 MISC |
k7computing -- antivirus | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request. | 2017-12-15 | 7.5 | CVE-2017-17701 MISC |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback. | 2017-12-15 | 4.0 | CVE-2017-17693 MISC |
techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | 2017-12-15 | 6.5 | CVE-2017-17695 MISC |
techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php. | 2017-12-15 | 4.0 | CVE-2017-17696 MISC |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. | 2017-12-15 | 3.5 | CVE-2017-17694 MISC |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abb -- ellipse |
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. | 2017-12-20 | not yet calculated | CVE-2017-16731 MISC |
apache -- drill |
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. | 2017-12-18 | not yet calculated | CVE-2017-12630 MLIST |
apache -- sling_authentication_service |
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | 2017-12-18 | not yet calculated | CVE-2017-15700 MLIST |
bitdefender -- bitdefender |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116. | 2017-12-21 | not yet calculated | CVE-2017-17410 MISC |
bitdefender -- bitdefender |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102. | 2017-12-21 | not yet calculated | CVE-2017-17409 MISC |
bitdefender -- bitdefender |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101. | 2017-12-21 | not yet calculated | CVE-2017-17408 MISC |
blogotext -- blogotext |
validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. | 2017-12-20 | not yet calculated | CVE-2017-17794 CONFIRM CONFIRM |
blogotext -- blogotext |
Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. | 2017-12-20 | not yet calculated | CVE-2017-17792 CONFIRM CONFIRM |
blogotext -- blogotext |
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename). | 2017-12-20 | not yet calculated | CVE-2017-17793 CONFIRM CONFIRM |
brightsign -- brightsign_digital_signage |
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. | 2017-12-18 | not yet calculated | CVE-2017-17737 MISC |
brightsign -- brightsign_digital_signage |
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. | 2017-12-18 | not yet calculated | CVE-2017-17738 MISC |
brightsign -- brightsign_digital_signage |
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. | 2017-12-18 | not yet calculated | CVE-2017-17739 MISC |
cambium_networks -- epmp_firmware |
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones. | 2017-12-20 | not yet calculated | CVE-2017-5263 MISC |
cambium_networks -- epmp_firmware |
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user. | 2017-12-20 | not yet calculated | CVE-2017-5257 MISC |
cambium_networks -- epmp_firmware |
In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection. | 2017-12-20 | not yet calculated | CVE-2017-5256 MISC |
cambium_networks -- epmp_firmware |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. | 2017-12-20 | not yet calculated | CVE-2017-5261 MISC |
cambium_networks -- epmp_firmware |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. | 2017-12-20 | not yet calculated | CVE-2017-5262 MISC |
cambium_networks -- epmp_firmware |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. | 2017-12-20 | not yet calculated | CVE-2017-5260 MISC |
cambium_networks -- epmp_firmware |
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root. | 2017-12-20 | not yet calculated | CVE-2017-5255 MISC |
cambium_networks -- epmp_firmware |
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. | 2017-12-20 | not yet calculated | CVE-2017-5254 MISC |
cambium_networks -- epmp_firmware |
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings. | 2017-12-20 | not yet calculated | CVE-2017-5258 MISC |
cambium_networks -- epmp_firmware |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp. | 2017-12-20 | not yet calculated | CVE-2017-5259 MISC |
cisco -- asa |
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652. | 2017-12-15 | not yet calculated | CVE-2017-12373 BID CONFIRM |
cms_made_simple -- cms_made_simple |
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | 2017-12-18 | not yet calculated | CVE-2017-17735 CONFIRM CONFIRM |
cms_made_simple -- cms_made_simple |
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | 2017-12-18 | not yet calculated | CVE-2017-17734 CONFIRM CONFIRM |
code_crafters -- ability_mail_server |
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4. | 2017-12-20 | not yet calculated | CVE-2017-17752 EXPLOIT-DB |
conarc -- ichannel |
Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service). | 2017-12-19 | not yet calculated | CVE-2017-17759 MISC |
dedecms -- dedecms |
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | 2017-12-18 | not yet calculated | CVE-2017-17731 MISC |
dedecms -- dedecms |
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | 2017-12-18 | not yet calculated | CVE-2017-17727 MISC |
dedecms -- dedecms |
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | 2017-12-18 | not yet calculated | CVE-2017-17730 MISC |
ecava -- integraxor |
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. | 2017-12-20 | not yet calculated | CVE-2017-16735 MISC |
ecava -- integraxor |
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. | 2017-12-20 | not yet calculated | CVE-2017-16733 MISC |
emc -- data_domain |
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution. | 2017-12-20 | not yet calculated | CVE-2017-14385 CONFIRM SECTRACK |
emc -- isilon_onfs |
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability." | 2017-12-20 | not yet calculated | CVE-2017-14387 CONFIRM |
f5 -- big-ip_afm |
A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. | 2017-12-21 | not yet calculated | CVE-2017-0304 SECTRACK CONFIRM |
f5 -- big-ip_apm |
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. | 2017-12-21 | not yet calculated | CVE-2017-6129 CONFIRM |
f5 -- big-ip_apm |
In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected. | 2017-12-21 | not yet calculated | CVE-2017-0301 SECTRACK CONFIRM |
f5 -- big-ip_apm |
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. | 2017-12-21 | not yet calculated | CVE-2017-6139 CONFIRM |
f5 -- multiple_products | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM. | 2017-12-21 | not yet calculated | CVE-2017-6151 CONFIRM |
f5 -- multiple_products | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions. | 2017-12-21 | not yet calculated | CVE-2017-6135 CONFIRM |
f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash. | 2017-12-21 | not yet calculated | CVE-2017-6134 CONFIRM |
f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM). | 2017-12-21 | not yet calculated | CVE-2017-6136 CONFIRM |
f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart. | 2017-12-21 | not yet calculated | CVE-2017-6132 CONFIRM |
f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system. | 2017-12-21 | not yet calculated | CVE-2017-6164 CONFIRM |
f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. | 2017-12-21 | not yet calculated | CVE-2017-6138 CONFIRM |
f5 -- multiple_products |
On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services. | 2017-12-21 | not yet calculated | CVE-2017-6140 CONFIRM |
f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. | 2017-12-21 | not yet calculated | CVE-2017-6133 CONFIRM |
f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. | 2017-12-21 | not yet calculated | CVE-2017-6167 CONFIRM |
fortinet -- forticlient |
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. | 2017-12-15 | not yet calculated | CVE-2017-14184 BID CONFIRM |
fortunescripts.com -- fs_lynda_clone |
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. | 2017-12-18 | not yet calculated | CVE-2017-17643 MISC EXPLOIT-DB |
foxit -- reader | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977. | 2017-12-20 | not yet calculated | CVE-2017-16589 CONFIRM MISC |
foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4980. | 2017-12-20 | not yet calculated | CVE-2017-10958 CONFIRM MISC |
foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of the Document object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5282. | 2017-12-20 | not yet calculated | CVE-2017-16581 CONFIRM MISC |
foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5296. | 2017-12-20 | not yet calculated | CVE-2017-16587 CONFIRM MISC |
foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA's bind element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5091. | 2017-12-20 | not yet calculated | CVE-2017-16575 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the signer method of XFA's Signature objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5015. | 2017-12-20 | not yet calculated | CVE-2017-14823 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index member of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4978. | 2017-12-20 | not yet calculated | CVE-2017-10956 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4981. | 2017-12-20 | not yet calculated | CVE-2017-10959 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index of the SOT marker in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5012. | 2017-12-20 | not yet calculated | CVE-2017-14820 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the formNodes method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5018. | 2017-12-20 | not yet calculated | CVE-2017-14826 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xOsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5014. | 2017-12-20 | not yet calculated | CVE-2017-14822 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013. | 2017-12-20 | not yet calculated | CVE-2017-14821 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4982. | 2017-12-20 | not yet calculated | CVE-2017-14818 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979. | 2017-12-20 | not yet calculated | CVE-2017-10957 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of references to the app object from FormCalc. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5072. | 2017-12-20 | not yet calculated | CVE-2017-16571 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029. | 2017-12-20 | not yet calculated | CVE-2017-14837 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the clearItems XFA method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5288. | 2017-12-20 | not yet calculated | CVE-2017-16582 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within FormCalc's closeDoc method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5073. | 2017-12-20 | not yet calculated | CVE-2017-16572 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setFocus method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5022. | 2017-12-20 | not yet calculated | CVE-2017-14830 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the remove method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5017. | 2017-12-20 | not yet calculated | CVE-2017-14825 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016. | 2017-12-20 | not yet calculated | CVE-2017-14824 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the channel number member of the cdef box. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5011. | 2017-12-20 | not yet calculated | CVE-2017-14819 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the append method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5019. | 2017-12-20 | not yet calculated | CVE-2017-14827 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the w method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5020. | 2017-12-20 | not yet calculated | CVE-2017-14828 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the openList method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5021. | 2017-12-20 | not yet calculated | CVE-2017-14829 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the page method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5027. | 2017-12-20 | not yet calculated | CVE-2017-14835 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of FileAttachment annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5026. | 2017-12-20 | not yet calculated | CVE-2017-14834 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of Circle Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5023. | 2017-12-20 | not yet calculated | CVE-2017-14831 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Caret Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5024. | 2017-12-20 | not yet calculated | CVE-2017-14832 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5244. | 2017-12-20 | not yet calculated | CVE-2017-16579 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290. | 2017-12-20 | not yet calculated | CVE-2017-16584 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the datasets element of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5289. | 2017-12-20 | not yet calculated | CVE-2017-16583 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5295. | 2017-12-20 | not yet calculated | CVE-2017-16586 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294. | 2017-12-20 | not yet calculated | CVE-2017-16585 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ImageField node of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5281. | 2017-12-20 | not yet calculated | CVE-2017-16580 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XFA's field element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5092. | 2017-12-20 | not yet calculated | CVE-2017-16576 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the picture elements within XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5216. | 2017-12-20 | not yet calculated | CVE-2017-16578 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025. | 2017-12-20 | not yet calculated | CVE-2017-14833 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the alignment attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5094. | 2017-12-20 | not yet calculated | CVE-2017-16577 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028. | 2017-12-20 | not yet calculated | CVE-2017-14836 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LZWDecode filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5078. | 2017-12-20 | not yet calculated | CVE-2017-16573 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Image filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5079. | 2017-12-20 | not yet calculated | CVE-2017-16574 CONFIRM MISC |
foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4976. | 2017-12-20 | not yet calculated | CVE-2017-16588 CONFIRM MISC |
genexis_b.v. -- genexis_automatic_provisioning_system |
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the "chk" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid "chk" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2. | 2017-12-20 | not yet calculated | CVE-2017-6094 FULLDISC |
gimp -- gimp |
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. | 2017-12-20 | not yet calculated | CVE-2017-17786 MISC MISC |
gimp -- gimp |
In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. | 2017-12-20 | not yet calculated | CVE-2017-17787 MISC MISC |
gimp -- gimp |
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. | 2017-12-20 | not yet calculated | CVE-2017-17785 MISC MISC |
gimp -- gimp |
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | 2017-12-20 | not yet calculated | CVE-2017-17784 MISC MISC |
gimp -- gimp |
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. | 2017-12-20 | not yet calculated | CVE-2017-17788 MISC MISC |
gimp -- gimp |
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. | 2017-12-20 | not yet calculated | CVE-2017-17789 MISC MISC |
github -- git_lfs |
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository. | 2017-12-21 | not yet calculated | CVE-2017-17831 MISC MISC MISC |
gitlab -- gitlab |
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem. | 2017-12-17 | not yet calculated | CVE-2017-17716 MISC MISC MISC |
gnu -- c_library |
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. | 2017-12-17 | not yet calculated | CVE-2017-16997 CONFIRM CONFIRM CONFIRM |
golden_frog -- vyprvpn |
In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made. | 2017-12-20 | not yet calculated | CVE-2017-17809 MISC |
gpweb -- gpweb |
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. | 2017-12-18 | not yet calculated | CVE-2017-15877 MISC |
gpweb -- gpweb |
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | 2017-12-18 | not yet calculated | CVE-2017-15875 MISC |
gpweb -- gpweb |
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. | 2017-12-18 | not yet calculated | CVE-2017-15876 MISC |
graphicsmagick -- graphicsmagick | In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | 2017-12-20 | not yet calculated | CVE-2017-17782 CONFIRM CONFIRM |
graphicsmagick -- graphicsmagick |
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. | 2017-12-20 | not yet calculated | CVE-2017-17783 CONFIRM CONFIRM |
h2o -- h2o |
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header. | 2017-12-22 | not yet calculated | CVE-2017-10908 CONFIRM JVN |
h2o -- h2o |
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. | 2017-12-22 | not yet calculated | CVE-2017-10868 CONFIRM JVN |
h2o -- h2o |
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors. | 2017-12-22 | not yet calculated | CVE-2017-10872 CONFIRM JVN |
h2o -- h2o |
Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors. | 2017-12-22 | not yet calculated | CVE-2017-10869 CONFIRM JVN |
heketi -- heketi |
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. | 2017-12-18 | not yet calculated | CVE-2017-15103 REDHAT CONFIRM CONFIRM |
heketi -- heketi |
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file. | 2017-12-18 | not yet calculated | CVE-2017-15104 REDHAT CONFIRM CONFIRM CONFIRM |
horde_project -- groupware |
In Horde Groupware through 5.2.22, SQL Injection exists via the group parameter to /services/prefs.php or the homePostalCode parameter to /turba/search.php. | 2017-12-20 | not yet calculated | CVE-2017-17781 MISC |
huawei -- fusionsphere_openstack |
Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. | 2017-12-22 | not yet calculated | CVE-2017-15321 CONFIRM |
huawei -- hg8245h |
Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak. | 2017-12-22 | not yet calculated | CVE-2017-15328 MISC MISC |
huawei -- honor_8_smartphone |
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information. | 2017-12-22 | not yet calculated | CVE-2017-15307 CONFIRM |
huawei -- ireader |
Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card. | 2017-12-22 | not yet calculated | CVE-2017-15310 CONFIRM |
huawei -- ireader |
Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. | 2017-12-22 | not yet calculated | CVE-2017-15309 CONFIRM |
huawei -- ireader |
Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run. | 2017-12-22 | not yet calculated | CVE-2017-15308 CONFIRM |
huawei -- mate_9_smartphone |
The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution. | 2017-12-22 | not yet calculated | CVE-2017-15316 CONFIRM |
huawei -- multiple_smartphones |
Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash. | 2017-12-22 | not yet calculated | CVE-2017-15322 CONFIRM |
huawei -- multiple_products |
The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. | 2017-12-22 | not yet calculated | CVE-2017-15311 CONFIRM |
huawei -- multiple_products |
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | 2017-12-22 | not yet calculated | CVE-2017-15318 CONFIRM |
huawei -- multiple_products |
AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart. | 2017-12-22 | not yet calculated | CVE-2017-15317 CONFIRM |
huawei -- multiple_products |
Huawei S12700 V200R006C00, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R009C00, V200R010C00; S1700 V200R006C10, V200R009C00, V200R010C00; S2700 V200R006C00, V200R006C10, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00; S5700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00; S6700 V200R005C00, V200R008C00, V200R009C00, V200R010C00; S7700 V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C0; S9700 V200R006C00, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart. | 2017-12-22 | not yet calculated | CVE-2017-15324 CONFIRM |
huawei -- multiple_products |
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | 2017-12-22 | not yet calculated | CVE-2017-15319 CONFIRM |
huawei -- multiple_products |
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | 2017-12-22 | not yet calculated | CVE-2017-15320 CONFIRM |
huawei -- smartcare |
Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device. | 2017-12-22 | not yet calculated | CVE-2017-15312 CONFIRM |
huawei -- smartcare |
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device. | 2017-12-22 | not yet calculated | CVE-2017-15313 CONFIRM |
ibm -- business_process_manager |
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692. | 2017-12-20 | not yet calculated | CVE-2017-1494 CONFIRM BID MISC |
ibm -- integration_bus |
IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. | 2017-12-20 | not yet calculated | CVE-2017-1694 CONFIRM MISC |
ibm -- jazz_for_service_managmeent |
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. | 2017-12-20 | not yet calculated | CVE-2017-1631 CONFIRM MISC |
ibm -- jazz_for_service_managment |
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519. | 2017-12-20 | not yet calculated | CVE-2017-1746 CONFIRM MISC |
ibm -- qradar |
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178. | 2017-12-20 | not yet calculated | CVE-2017-1696 CONFIRM MISC |
ibm -- robotic_process_automation |
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546. | 2017-12-20 | not yet calculated | CVE-2017-1751 CONFIRM MISC |
ibm -- security_guardium |
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. | 2017-12-20 | not yet calculated | CVE-2017-1757 CONFIRM MISC |
ibm -- websphere_portal |
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476. | 2017-12-20 | not yet calculated | CVE-2017-1423 SECTRACK MISC CONFIRM |
ibm -- security_guardium | IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. | 2017-12-20 | not yet calculated | CVE-2017-1266 CONFIRM MISC |
ibm -- security_guardium | IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745. | 2017-12-20 | not yet calculated | CVE-2017-1270 CONFIRM MISC |
ibm -- security_guardium | IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550. | 2017-12-20 | not yet calculated | CVE-2017-1596 CONFIRM MISC |
ibm -- security_guardium |
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613. | 2017-12-20 | not yet calculated | CVE-2017-1600 CONFIRM MISC |
ibm -- security_guardium |
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736. | 2017-12-20 | not yet calculated | CVE-2017-1261 CONFIRM MISC |
ibm -- security_guardium |
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. | 2017-12-20 | not yet calculated | CVE-2017-1598 CONFIRM MISC |
ibm -- security_guardium |
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737. | 2017-12-20 | not yet calculated | CVE-2017-1262 CONFIRM MISC |
ibm -- security_guardium |
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549. | 2017-12-20 | not yet calculated | CVE-2017-1595 CONFIRM MISC |
ibm -- security_guardium |
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. | 2017-12-20 | not yet calculated | CVE-2017-1257 CONFIRM MISC |
ichano -- athome_ip_camera_devices |
An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a <system>id</system> command results in a <system_ack>ok</system_ack> response. | 2017-12-19 | not yet calculated | CVE-2017-17761 MISC |
ikarus -- ikarus |
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000084. | 2017-12-20 | not yet calculated | CVE-2017-17804 MISC |
ikarus -- ikarus |
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088. | 2017-12-20 | not yet calculated | CVE-2017-17795 MISC |
ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113. | 2017-12-20 | not yet calculated | CVE-2017-14968 MISC |
ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc. | 2017-12-20 | not yet calculated | CVE-2017-14965 MISC |
ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0. | 2017-12-20 | not yet calculated | CVE-2017-14966 MISC |
ikarus -- ikarus |
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058. | 2017-12-20 | not yet calculated | CVE-2017-17797 MISC |
ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c. | 2017-12-20 | not yet calculated | CVE-2017-14964 MISC |
ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114. | 2017-12-20 | not yet calculated | CVE-2017-14969 MISC |
ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Out of Bounds Write vulnerability because of not validating input values from IOCtl 0x83000058, a related issue to CVE-2017-17112. | 2017-12-20 | not yet calculated | CVE-2017-14962 MISC |
ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080. | 2017-12-20 | not yet calculated | CVE-2017-14967 MISC |
ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058. | 2017-12-20 | not yet calculated | CVE-2017-14963 MISC |
jbpm_kie_workbench -- jbpm_kie_workbench |
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | 2017-12-19 | not yet calculated | CVE-2013-6465 CONFIRM CONFIRM CONFIRM |
kemp -- application_firewall_pack |
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. | 2017-12-18 | not yet calculated | CVE-2017-15524 BUGTRAQ CONFIRM MISC |
linux -- linux_kernel |
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. | 2017-12-20 | not yet calculated | CVE-2017-17805 CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel |
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | 2017-12-20 | not yet calculated | CVE-2017-17806 CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel |
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. | 2017-12-20 | not yet calculated | CVE-2017-17807 CONFIRM CONFIRM CONFIRM |
linux -- linux_kernel |
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to cause a denial of service (write_mmio stack-based out-of-bounds read) or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. | 2017-12-18 | not yet calculated | CVE-2017-17741 MISC |
lyncsys -- wvbr0 |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0 WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892. | 2017-12-21 | not yet calculated | CVE-2017-17411 MISC |
maccms -- maccms |
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request. | 2017-12-18 | not yet calculated | CVE-2017-17733 MISC |
maplesoft -- maple_t.a. |
A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688. | 2017-12-16 | not yet calculated | CVE-2017-14134 MISC |
meinberg -- lantime |
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | 2017-12-15 | not yet calculated | CVE-2017-16787 FULLDISC EXPLOIT-DB |
meinberg -- lantime |
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. | 2017-12-19 | not yet calculated | CVE-2017-16786 MISC FULLDISC |
micro_focus -- operations_manager_i |
Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | 2017-12-21 | not yet calculated | CVE-2017-14363 CONFIRM |
moxa -- credentials_management |
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. | 2017-12-21 | not yet calculated | CVE-2017-16727 BID MISC |
mt4_networks -- senhasegura |
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php. | 2017-12-18 | not yet calculated | CVE-2017-11562 MISC |
netapp -- clustered_data_ontap |
NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. | 2017-12-18 | not yet calculated | CVE-2017-14583 CONFIRM |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors. | 2017-12-20 | not yet calculated | CVE-2017-17813 MISC |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. | 2017-12-20 | not yet calculated | CVE-2017-17817 MISC |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. | 2017-12-20 | not yet calculated | CVE-2017-17811 MISC |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. | 2017-12-20 | not yet calculated | CVE-2017-17810 MISC MISC |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. | 2017-12-20 | not yet calculated | CVE-2017-17816 MISC |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack. | 2017-12-20 | not yet calculated | CVE-2017-17812 MISC MISC |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c. | 2017-12-20 | not yet calculated | CVE-2017-17818 MISC |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. | 2017-12-20 | not yet calculated | CVE-2017-17820 MISC |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated. | 2017-12-20 | not yet calculated | CVE-2017-17819 MISC MISC |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. | 2017-12-20 | not yet calculated | CVE-2017-17814 MISC |
netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts. | 2017-12-20 | not yet calculated | CVE-2017-17815 MISC MISC |
open_ticket_request_system -- open_ticket_request_system |
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. | 2017-12-20 | not yet calculated | CVE-2017-17476 CONFIRM CONFIRM CONFIRM CONFIRM |
openldap -- openldap |
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. | 2017-12-18 | not yet calculated | CVE-2017-17740 MISC |
phpscriptsmall.com -- paid_to_read_script |
Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | 2017-12-19 | not yet calculated | CVE-2017-17779 MISC |
phpscriptsmall.com -- paid_to_read_script |
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. | 2017-12-18 | not yet calculated | CVE-2017-17651 MISC EXPLOIT-DB |
phpscriptsmall.com -- paid_to_read_script |
Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter. | 2017-12-19 | not yet calculated | CVE-2017-17778 MISC |
phpscriptsmall.com -- paid_to_read_script |
Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. | 2017-12-19 | not yet calculated | CVE-2017-17777 MISC |
phpscriptsmall.com -- paid_to_read_script |
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. | 2017-12-19 | not yet calculated | CVE-2017-17776 MISC |
phpscriptsmall.com -- readymade_video_sharing_script |
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | 2017-12-18 | not yet calculated | CVE-2017-17649 MISC EXPLOIT-DB |
piwigo -- piwigo |
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. | 2017-12-20 | not yet calculated | CVE-2017-17827 MISC MISC MISC |
piwigo -- piwigo |
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it. | 2017-12-20 | not yet calculated | CVE-2017-17826 MISC |
piwigo -- piwigo |
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it. | 2017-12-20 | not yet calculated | CVE-2017-17825 MISC |
piwigo -- piwigo |
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. | 2017-12-20 | not yet calculated | CVE-2017-17824 MISC MISC MISC |
piwigo -- piwigo |
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | 2017-12-20 | not yet calculated | CVE-2017-17823 MISC MISC MISC |
piwigo -- piwigo |
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | 2017-12-20 | not yet calculated | CVE-2017-17822 MISC MISC MISC |
piwigo -- piwigo |
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. | 2017-12-19 | not yet calculated | CVE-2017-17775 MISC |
piwigo -- piwigo |
admin/configuration.php in Piwigo 2.9.2 has CSRF. | 2017-12-19 | not yet calculated | CVE-2017-17774 MISC MISC |
puppet -- puppet_enterprise |
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." | 2017-12-21 | not yet calculated | CVE-2015-4100 CONFIRM |
puppet -- puppetlabs-mysql |
puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask. | 2017-12-21 | not yet calculated | CVE-2015-7224 CONFIRM |
qnap -- qts | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17031 CONFIRM |
qnap -- qts |
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17033 CONFIRM |
qnap -- qts |
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17030 CONFIRM |
qnap -- qts |
A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17028 CONFIRM |
qnap -- qts |
A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17027 CONFIRM |
qnap -- qts |
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17032 CONFIRM |
qnap -- qts |
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17029 CONFIRM |
rados -- gateway |
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. | 2017-12-20 | not yet calculated | CVE-2017-16818 CONFIRM CONFIRM FEDORA |
rockwell_automation -- factorytalk_alarms_and_events |
An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate. | 2017-12-22 | not yet calculated | CVE-2017-14022 BID MISC |
ruby -- ruby |
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. | 2017-12-15 | not yet calculated | CVE-2017-17405 BID CONFIRM CONFIRM |
ruby -- ruby |
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | 2017-12-17 | not yet calculated | CVE-2017-17718 MISC MISC MISC |
ruby -- ruby |
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely. | 2017-12-20 | not yet calculated | CVE-2017-17790 CONFIRM |
samsung -- internet_browser |
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code. | 2017-12-21 | not yet calculated | CVE-2017-17692 MISC MISC |
softonic -- telegram_messenger_app |
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | 2017-12-16 | not yet calculated | CVE-2017-17715 MISC |
solarwinds -- multiple_products |
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | 2017-12-20 | not yet calculated | CVE-2012-2576 EXPLOIT-DB EXPLOIT-DB BID CONFIRM XF |
sonatype -- nexus_repository_manager |
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. | 2017-12-17 | not yet calculated | CVE-2017-17717 MISC |
sony -- music_center_for_pc |
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-12-22 | not yet calculated | CVE-2017-10909 JVN |
spiqe_software -- onethird_cms_show_off |
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | 2017-12-22 | not yet calculated | CVE-2017-10907 JVN CONFIRM |
superbeam -- superbeam |
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection. | 2017-12-19 | not yet calculated | CVE-2017-17763 MISC |
symantec -- messaging_gateway |
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. | 2017-12-20 | not yet calculated | CVE-2017-15532 BID CONFIRM |
syncbreeze -- syncbreeze |
The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service. | 2017-12-19 | not yet calculated | CVE-2017-17088 MISC FULLDISC EXPLOIT-DB |
synology -- diskstation_manager |
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. | 2017-12-22 | not yet calculated | CVE-2017-16766 CONFIRM |
synology -- photo_station |
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. | 2017-12-20 | not yet calculated | CVE-2017-12072 CONFIRM |
tg_soft -- vir.it_explorer_lite | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060. | 2017-12-20 | not yet calculated | CVE-2017-17801 MISC |
tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800. | 2017-12-20 | not yet calculated | CVE-2017-17798 MISC |
tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E080. | 2017-12-20 | not yet calculated | CVE-2017-17802 MISC |
tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475. | 2017-12-20 | not yet calculated | CVE-2017-17803 MISC |
tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068. | 2017-12-20 | not yet calculated | CVE-2017-17799 MISC |
tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4. | 2017-12-20 | not yet calculated | CVE-2017-17796 MISC |
tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798. | 2017-12-20 | not yet calculated | CVE-2017-17800 MISC |
tp-link -- multiple_products |
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd. | 2017-12-19 | not yet calculated | CVE-2017-17757 MISC |
tp-link -- multiple_products |
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. | 2017-12-19 | not yet calculated | CVE-2017-17758 MISC |
tp-link -- tl-sg108e_device |
Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated. | 2017-12-20 | not yet calculated | CVE-2017-17746 FULLDISC |
tp-link -- tl-sg108e_device |
Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. | 2017-12-20 | not yet calculated | CVE-2017-17745 FULLDISC |
tp-link -- tl-sg108e_device |
Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. | 2017-12-20 | not yet calculated | CVE-2017-17747 FULLDISC |
trape -- trape |
Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | 2017-12-16 | not yet calculated | CVE-2017-17714 MISC MISC MISC |
trape -- trape |
Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | 2017-12-16 | not yet calculated | CVE-2017-17713 MISC MISC MISC MISC MISC |
urbackup -- urbackup_server |
Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 2017-12-17 | not yet calculated | CVE-2017-16950 CONFIRM CONFIRM |
videolan -- vlc |
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. | 2017-12-15 | not yet calculated | CVE-2017-17670 MISC BID |
vmware -- esxi__and_workstation_and_fusion |
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | 2017-12-20 | not yet calculated | CVE-2017-4933 CONFIRM |
vmware -- esxi__and_workstation_and_fusion |
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | 2017-12-20 | not yet calculated | CVE-2017-4941 CONFIRM |
vmware -- esxi |
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. | 2017-12-20 | not yet calculated | CVE-2017-4940 CONFIRM |
vmware -- vcenter_server_appliance |
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS. | 2017-12-20 | not yet calculated | CVE-2017-4943 CONFIRM |
webkit -- webkit |
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length. | 2017-12-20 | not yet calculated | CVE-2017-17821 MISC MISC |
wecon -- levistudio_hmi_editor |
A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. | 2017-12-20 | not yet calculated | CVE-2017-16717 MISC |
wordpress -- wordpress |
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution. | 2017-12-18 | not yet calculated | CVE-2017-16949 MISC MISC EXPLOIT-DB |
wordpress -- wordpress |
Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php. | 2017-12-20 | not yet calculated | CVE-2011-4955 CONFIRM SECUNIA CONFIRM MLIST MLIST XF |
wordpress -- wordpress |
Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php. | 2017-12-19 | not yet calculated | CVE-2017-17753 MISC |
wordpress -- wordpress |
The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5. | 2017-12-19 | not yet calculated | CVE-2017-17780 MISC MISC |
wordpress -- wordpress |
A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php. | 2017-12-19 | not yet calculated | CVE-2017-17744 MISC MISC |
worpress -- wordpress |
A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php. | 2017-12-19 | not yet calculated | CVE-2017-17719 MISC MISC |
http://ift.tt/2DU0a5o -- bus_booking_script |
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter. | 2017-12-21 | not yet calculated | CVE-2017-17828 MISC |
http://ift.tt/2DU0a5o -- bus_booking_script |
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. | 2017-12-21 | not yet calculated | CVE-2017-17829 MISC |
http://ift.tt/2DU0a5o -- bus_booking_script |
Bus Booking Script has CSRF via admin/new_master.php. | 2017-12-21 | not yet calculated | CVE-2017-17830 MISC |
http://ift.tt/2DU0a5o -- bus_booking_script |
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. | 2017-12-18 | not yet calculated | CVE-2017-17645 MISC EXPLOIT-DB |
xiongmai_technology -- multiple_products |
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible. | 2017-12-20 | not yet calculated | CVE-2017-16725 BID MISC |
zivif -- pr115-204-p-rs_camera |
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session. | 2017-12-18 | not yet calculated | CVE-2017-17107 MISC FULLDISC MISC |
zivif -- pr115-204-p-rs_camera |
Zivif PR115-204-P-RS V2.3.4.2103 web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request. | 2017-12-18 | not yet calculated | CVE-2017-17105 MISC FULLDISC MISC |
zivif -- pr115-204-p-rs_camera |
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. | 2017-12-18 | not yet calculated | CVE-2017-17106 MISC FULLDISC MISC |
zoom -- zoomlauncher |
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 2017-12-19 | not yet calculated | CVE-2017-15048 MISC FULLDISC MISC EXPLOIT-DB |
zoom -- zoomlauncher |
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 2017-12-19 | not yet calculated | CVE-2017-15049 MISC FULLDISC MISC EXPLOIT-DB |
zuuse_beims -- contractorweb.net |
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | 2017-12-18 | not yet calculated | CVE-2017-17721 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2C86p7o
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.