Saturday, December 30, 2017
Friday, December 29, 2017
IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-7376, CVE-2017-7375, CVE-2017-5969, CVE-2017-0663)
IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerabilities in libxml2.
CVE(s): CVE-2017-7376, CVE-2017-7375, CVE-2017-5969, CVE-2017-0663
Affected product(s) and affected version(s):
| Product | Version |
|---|---|
| IBM BladeCenter Advanced Management Module (AMM) | BPET |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Ca3hcb
X-Force Database: http://ift.tt/2zTUSot
X-Force Database: http://ift.tt/2xtCQYc
X-Force Database: http://ift.tt/2zT7ewN
X-Force Database: http://ift.tt/2ztCH8a
The post IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-7376, CVE-2017-7375, CVE-2017-5969, CVE-2017-0663) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2CiJlTw
IBM Security Bulletin: Vulnerabilities in bind affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-3143, CVE-2017-3142)
IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerabilities in bind.
CVE(s): CVE-2017-3143, CVE-2017-3142
Affected product(s) and affected version(s):
| Product | Version |
|---|---|
| IBM BladeCenter Advanced Management Module (AMM) | BPET |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Cb14x5
X-Force Database: http://ift.tt/2tJHrDP
X-Force Database: http://ift.tt/2v5WKuc
The post IBM Security Bulletin: Vulnerabilities in bind affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-3143, CVE-2017-3142) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BTavgi
IBM Security Bulletin: Vulnerabilities in php53 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224)
IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerabilities in php53.
CVE(s): CVE-2017-9227, CVE-2017-9226, CVE-2017-9224
Affected product(s) and affected version(s):
| Product | Version |
|---|---|
| IBM BladeCenter Advanced Management Module (AMM) | BPET |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zNHbpM
X-Force Database: http://ift.tt/2gz7xFd
X-Force Database: http://ift.tt/2i7QePf
X-Force Database: http://ift.tt/2gxSM5t
The post IBM Security Bulletin: Vulnerabilities in php53 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2Cm1M9Z
IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM)
IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerabilities in libxml2.
CVE(s): CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047
Affected product(s) and affected version(s):
| Product | Version |
|---|---|
| IBM BladeCenter Advanced Management Module (AMM) | BPET |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zMklPr
X-Force Database: http://ift.tt/2zTbKLZ
X-Force Database: http://ift.tt/2xss7xw
X-Force Database: http://ift.tt/2zTW76Y
X-Force Database: http://ift.tt/2xsm3Vr
The post IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BU2Her
IBM Security Bulletin: Vulnerabilities in strongswan affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-9023, CVE-2017-9022)
IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerabilities in strongswan.
CVE(s): CVE-2017-9023, CVE-2017-9022
Affected product(s) and affected version(s):
| Product | Affected Version |
|---|---|
| IBM BladeCenter Advanced Management Module (AMM) | BPET |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zP4r6U
X-Force Database: http://ift.tt/2fAlwJM
X-Force Database: http://ift.tt/2x2U3vD
The post IBM Security Bulletin: Vulnerabilities in strongswan affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-9023, CVE-2017-9022) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2ClVS8C
IBM Security Bulletin: Vulnerability in bash affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2016-9401)
IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerability in bash.
CVE(s): CVE-2016-9401
Affected product(s) and affected version(s):
| Product | Affected Version |
|---|---|
| IBM BladeCenter Advanced Management Module (AMM) | BPET |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Cde1pZ
X-Force Database: http://ift.tt/2h99Hy7
The post IBM Security Bulletin: Vulnerability in bash affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2016-9401) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BTiZ7e
IBM Security Bulletin: Vulnerability in apache affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2016-2161)
IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerability in apache.
CVE(s): CVE-2016-2161
Affected product(s) and affected version(s):
| Product | Version |
|---|---|
| IBM BladeCenter Advanced Management Module (AMM) | BPET |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zLDi4K
X-Force Database: http://ift.tt/2mUs4VP
The post IBM Security Bulletin: Vulnerability in apache affects IBM BladeCenter Advanced Management Module (AMM) (CVE-2016-2161) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2Ch1yRx
IBM Security Bulletin: Vulnerabilities in curl affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2016-9586, CVE-2017-7407)
IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerabilities in curl.
CVE(s): CVE-2016-9586, CVE-2017-7407
Affected product(s) and affected version(s):
| Product | Affected Version |
|---|---|
| IBM BladeCenter Advanced Management Module (AMM) | BPET |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2zN9DrK
X-Force Database: http://ift.tt/2i6zgjY
X-Force Database: http://ift.tt/2gylVgU
The post IBM Security Bulletin: Vulnerabilities in curl affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2016-9586, CVE-2017-7407) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BV3zza
IBM Security Bulletin: Vulnerability in glibc affects Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows (CVE-2016-10228)
Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows have addressed the following vulnerability in glibc.
CVE(s): CVE-2016-10228
Affected product(s) and affected version(s):
| Product | Affected Version |
|---|---|
| Intel® Manycore Platform Software Stack (MPSS) for Linux & Windows | 3.8 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Cb0SOn
X-Force Database: http://ift.tt/2zNUu9u
The post IBM Security Bulletin: Vulnerability in glibc affects Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows (CVE-2016-10228) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2CmElgV
IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in X.Org libX11 (CVE-2013-1997)
IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerability in X.Org libX11.
CVE(s): CVE-2013-1997
Affected product(s) and affected version(s):
| Product | Affected Version |
|---|---|
| IBM BladeCenter Advanced Management Module (AMM) | BPET |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2CjHV7L
X-Force Database: http://ift.tt/2rCi9XA
The post IBM Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerability in X.Org libX11 (CVE-2013-1997) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BUeEkg
Saturday Morning Security Spotlight: Jail Breaks and Cyberattacks
By Jacob Serpa, Product Marketing Manager, Bitglass
Here are the top cybersecurity stories of recent weeks:
— Man attempts prison break through cyberattacks
— Mailsploit allows for perfect phishing attacks
— 1.4 billion credentials found in dark web database
— Starbucks WiFi hijacks connected devices
— Hackers target cryptocurrency employees for bitcoins
Man attempts prison break through cyberattacks
In an attempt to acquire an early release for his imprisoned friend, a man launched a thought-out cyberattack against his local prison. Through a combination of phishing and malware, the hacker successfully stole the credentials of over 1,000 of his local county’s employees. While he was ultimately caught, he did gain access to the jail’s computer system.
Mailsploit allows for perfect phishing attacks
By exploiting bugs in numerous email clients, a researcher demonstrated how to make an email appear as though it were sent from any email address. Affected clients include Outlook 2016, Thunderbird, Apple Mail, Microsoft Mail, and many more. While some were quick to patch their offerings, others are refusing to address their vulnerabilities.
1.4 billion credentials found in dark web database
Dark web researchers have uncovered a massive database listing 1.4 billion unencrypted credentials. The database contains usernames and passwords from LinkedIn, Pastebin, RedBox, Minecraft, and much more. Individuals who reuse passwords across multiple accounts (and their employers) are put at massive risk by the discovery.
Starbucks WiFi hijacks connected devices
The WiFi of a Starbucks in Argentina was recently found to hijack connected devices to mine for cryptocurrency. The event highlights the dangers of connecting to public networks – even those that may appear trustworthy. Unfortunately, many individuals believe the desire for convenience to outweigh the need for security, putting their employers at risk.
Hackers target cryptocurrency employees for bitcoins
Hackers from what is believed to be the Lazarus Group are targeting high-level employees of cryptocurrency firms – presumably to steal bitcoins. Attacks begin with phishing email attachments that, when opened, launch malware in the targets’ systems.
To defend against phishing, account theft, malware, and other security threats, organizations must adopt complete security solutions. Learn how to achieve comprehensive visibility and control over data by reading the Definitive Guide to Cloud Access Security Brokers.
The post Saturday Morning Security Spotlight: Jail Breaks and Cyberattacks appeared first on Cloud Security Alliance Blog.
from Cloud Security Alliance Blog http://ift.tt/2BSQ2IE
Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser
A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site.
Identified as
CVE-2017-17692, the vulnerability is Same Origin Policy (SOP) bypass issue that resides in the popular Samsung Internet Browser version 5.4.02.3 and earlier.
The Same Origin Policy or SOP is a security feature applied in modern browsers that is designed to make it possible for web pages from the same website to interact while preventing unrelated sites from interfering with each other.
In other words, the SOP makes sure that the JavaScript code from one origin should not be able to access the properties of a website on another origin.
The SOP bypass vulnerability in the Samsung Internet Browser,
discoveredby
Dhiraj Mishra, could allow a malicious website to steal data, such as passwords or cookies, from the sites opened by the victim in different tabs.
"When the Samsung Internet browser opens a new tab in a given domain (say, google.com) through a Javascript action, that Javascript can come in after the fact and rewrite the contents of that page with whatever it wants," researchers from security firm Rapid7 explained.
"This is a no-no in browser design since it means that Javascript can violate the Same-Origin Policy, and can direct Javascript actions from one site (controlled by the attacker) to act in the context of another site (the one the attacker is interested in). Essentially, the attacker can insert custom Javascript into any domain, provided the victim user visits the attacker-controlled web page first."
Attackers can even snag a copy of your session cookie or hijack your session and read and write webmail on your behalf.
Mishra reported the vulnerability to Samsung, and the company replied that "
the patch is already preloaded in our upcoming model Galaxy Note 8, and the application will be updated via Apps store update in October."
Meanwhile, Mishra, with the help of Tod Beardsley and Jeffrey Martin from Rapid7 team, also released an exploit for Metasploit Framework.
Rapid7 researchers have also published a video demonstrating the attack.
Since the
Metasploit exploit codefor the SOP bypass vulnerability in the Samsung Internet Browser is now publicly available, anyone with less technical knowledge can use and exploit the flaw on a large number of Samsung devices, most of which are still using the old Android Stock browser.
from The Hacker News http://ift.tt/2pYIaE3
Two Romanians Charged With Hacking Police CCTV Cameras Before Trump Inauguration
Remember how some cybercriminals shut down most of Washington
D.C. police's security camerasfor four days ahead of President Donald Trump's inauguration earlier this year?
Just a few days after the incident, British
authorities arrested two peoplein the United Kingdom, identified as a British man and a Swedish woman, both 50-year-old, on request of U.S. officials.
A United States federal court
affidavitreveals that two Romanian nationals were behind the attack that hacked into 70% of the computers that control Washington DC Metropolitan Police Department's surveillance camera network in January this year, CNN reports.
The two suspects—Mihai Alexandru Isvanca, 25, and Eveline Cismaru, 28—were arrested in Bucharest on December 15 on charges of conspiracy to commit wire fraud and various forms of computer fraud.
According to the criminal complaint unsealed in Washington, the pair hacked 123 of the Metropolitan Police Department's 187 outdoor surveillance cameras used to monitor public areas in D.C. by infecting computers with ransomware in an effort to extort money.
Ransomware is an infamous piece of malicious software that has been known for locking up computer files and then demanding a ransom (usually in Bitcoins) to help victims unlock their files.
The cyber attack occurred just days before the inauguration of President Donald Trump and lasted for almost four days, eventually
leaving the CCTV camerasout of recording anything between 12 and 15 January 2017.
Instead of fulfilling ransom demands, the DC police department took the storage devices offline, removed the infection and rebooted the systems across the city, ensuring that the surveillance camera system was secure and fully operational.
"This case was of the highest priority due to its impact on the Secret Service’s protective mission and its potential effect on the security plan for the 2017 Presidential Inauguration," the Justice Department said.
"The investigation revealed no evidence that any person’s physical security was threatened or harmed due to the disruption of the MPD surveillance cameras."
The affidavit, dated December 11, mentions the defendants used two types of cryptocurrency ransomware variants—Cerber and Dharma. Other evidence also revealed a scheme to distribute ransomware by email to at least 179,000 email addresses.
"According to the complaint, further investigation showed that the two defendants, Isvanca and Cismaru, participated in the ransomware scheme using the compromised MPD surveillance camera computers, among others," the Justice Department said.
"The investigation also identified certain victims who had received the ransomware or whose servers had been accessed during the scheme."
However, it is still unclear whether the pair arrested was solely behind the attack or were part of a more comprehensive cybercriminal network.
While Isvanca remains in custody in Romania, Cismaru is under house arrest pending further legal proceedings, according to the Justice Department.
If extradited and convicted, the Romanian defendants could face a maximum of 20 years in prison.
from The Hacker News http://ift.tt/2CfFczP
Thursday, December 28, 2017
IBM Security Bulletin: Vulnerabilities in wget affect PowerKVM
PowerKVM is affected by vulnerabilities in wget. IBM has now addressed these vulnerabilities.
CVE(s): CVE-2017-13090, CVE-2017-13089
Affected product(s) and affected version(s):
PowerKVM v3.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Cfsi4M
X-Force Database: http://ift.tt/2BPrBeT
X-Force Database: http://ift.tt/2CfsiBO
The post IBM Security Bulletin: Vulnerabilities in wget affect PowerKVM appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BPrBvp
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics Server (CVE-2017-10356, CVE-2017-10388)
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6, 7.0, 7.1, and 8.0 used by IBM SPSS Statistics Desktop and Server Version 22, 23, 24, and 25. These issues were disclosed as part of the IBM Java SDK updates in Oct 2017.
CVE(s): CVE-2017-10356, CVE-2017-10388
Affected product(s) and affected version(s):
IBM SPSS Statistics 22.0.0.2
IBM SPSS Statistics 23.0.0.3
IBM SPSS Statistics 24.0.0.2
IBM SPSS Statistics 25.0.0.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BOdVRD
X-Force Database: http://ift.tt/2jyFZR1
X-Force Database: http://ift.tt/2i6pawd
The post IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM SPSS Statistics Server (CVE-2017-10356, CVE-2017-10388) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2Chz61N
IBM Security Bulletin: A vulnerability in libnl3 affects PowerKVM
PowerKVM is affected by a vulnerability in NetworkManager (libnl3). IBM has now addressed this vulnerability.
CVE(s): CVE-2017-0553
Affected product(s) and affected version(s):
PowerKVM 3.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BNAhCL
X-Force Database: http://ift.tt/2ChyY2j
The post IBM Security Bulletin: A vulnerability in libnl3 affects PowerKVM appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BNMLKu
IBM Security Bulletin: Vulnerabilities in wpa_supplicant affect PowerKVM (KRACK)
PowerKVM is affected by vulnerabilities in wpa_suppliacant. IBM has now addressed these vulnerabilities.
CVE(s): CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
Affected product(s) and affected version(s):
PowerKVM v3.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BNHEtY
X-Force Database: http://ift.tt/2Cga2Z3
X-Force Database: http://ift.tt/2BPryjd
X-Force Database: http://ift.tt/2ChBea0
X-Force Database: http://ift.tt/2BP6p8V
X-Force Database: http://ift.tt/2Cdi98N
X-Force Database: http://ift.tt/2BPrzDN
X-Force Database: http://ift.tt/2ChyNUH
The post IBM Security Bulletin: Vulnerabilities in wpa_supplicant affect PowerKVM (KRACK) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BP0d0O
IBM Security Bulletin: A vulnerability in httpd affects PowerKVM
PowerKVM is affected by a vulnerability in the Apache HTTP Server (httpd). IBM has now addressed this vulnerability.
CVE(s): CVE-2017-9798
Affected product(s) and affected version(s):
PowerKVM 3.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2BNL0wY
X-Force Database: http://ift.tt/2gzpcwg
The post IBM Security Bulletin: A vulnerability in httpd affects PowerKVM appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BOWvEm
IBM Security Bulletin: Vulnerabilities in dnsmasq affect PowerKVM
PowerKVM is affected by vulnerabilities in dnsmasq . IBM has now addressed these vulnerabilities.
CVE(s): CVE-2017-14496, CVE-2017-14495, CVE-2017-14494, CVE-2017-14493, CVE-2017-14492, CVE-2017-14491
Affected product(s) and affected version(s):
PowerKVM v3.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2CfjhIP
X-Force Database: http://ift.tt/2j1mArQ
X-Force Database: http://ift.tt/2j1mTTw
X-Force Database: http://ift.tt/2zc71Xs
X-Force Database: http://ift.tt/2zcuqI8
X-Force Database: http://ift.tt/2j1mCQu
X-Force Database: http://ift.tt/2zbSTxi
The post IBM Security Bulletin: Vulnerabilities in dnsmasq affect PowerKVM appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BS2vw9
IBM Security Bulletin: A vulnerability in emacs affects PowerKVM
PowerKVM is affected by a vulnerability in emacs. IBM has now addressed this vulnerability.
CVE(s): CVE-2017-14482
Affected product(s) and affected version(s):
PowerKVM 3.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2CfDPAV
X-Force Database: http://ift.tt/2BPrwYD
The post IBM Security Bulletin: A vulnerability in emacs affects PowerKVM appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2CexpCi
IBM Security Bulletin: A vulnerability in ausgeas affects PowerKVM
PowerKVM is affected by a vulnerability in ausgeas. IBM has now addressed this vulnerability.
CVE(s): CVE-2017-7555
Affected product(s) and affected version(s):
PowerKVM 3.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Cg9PFf
X-Force Database: http://ift.tt/2BLZMEj
The post IBM Security Bulletin: A vulnerability in ausgeas affects PowerKVM appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2Cg9Qch
IBM Security Bulletin: Vulnerabilities in nagios affect PowerKVM
PowerKVM is affected by vulnerabilities in magios. IBM has now addressed these vulnerabilities.
CVE(s): CVE-2017-14312, CVE-2013-7205, CVE-2013-7108, CVE-2013-4214, CVE-2008-4796
Affected product(s) and affected version(s):
PowerKVM v3.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Cg9L8t
X-Force Database: http://ift.tt/2BPcMsU
X-Force Database: http://ift.tt/2dv9lAW
X-Force Database: http://ift.tt/2dNq7X7
X-Force Database: http://ift.tt/2dv8wIl
X-Force Database: http://ift.tt/2dvad8w
The post IBM Security Bulletin: Vulnerabilities in nagios affect PowerKVM appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2CdgDDF
IBM Security Bulletin: Vulnerabilities in OpenvSwitch affect PowerKVM
PowerKVM is affected by vulnerabilities in OpenvSwitch. IBM has now addressed these vulnerabilities.
CVE(s): CVE-2017-9265, CVE-2017-9263, CVE-2017-9214, CVE-2017-9264
Affected product(s) and affected version(s):
PowerKVM v3.1
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Cg9C4V
X-Force Database: http://ift.tt/2BOoUdR
X-Force Database: http://ift.tt/2Cga17r
X-Force Database: http://ift.tt/2BNMG9E
X-Force Database: http://ift.tt/2Cg9GBH
The post IBM Security Bulletin: Vulnerabilities in OpenvSwitch affect PowerKVM appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2BNILcN
CEO of Major UK-Based Cryptocurrency Exchange Kidnapped in Ukraine
Pavel Lerner, a prominent Russian blockchain expert and known managing director of one of the major crypto-exchanges
EXMO, has allegedly been kidnapped by "unknown" criminals in Kiev, the capital of Ukrainian.
According to Ukraine-based web publication
Strana, Lerner, 40-year-old citizen of Russia, was kidnapped on December 26 when he was leaving his office in the center of town (located on the Stepan Bandera Avenue).
Unknown kidnappers in dark clothes and balaclavas dragged Lerner in their black Mercedes-Benz Vito brand (state number AA 2063 MT) car and drove away in an unknown direction.
The information comes from an anonymous source in Ukrainian law enforcement agencies, though multiple investigations are currently underway to find out why and by whom Lerner was kidnapped.
Lerner is a recognized IT specialist in Ukraine who led a number of startups related to blockchain technology development and mining operations.
Lerner is also the managing director of
EXMO, a major UK-based cryptocurrency exchange founded in 2013 and well-known with Russians for accepting ruble payments.
Law enforcers in Kiev have begun the investigation and are currently conducting search operation, working out all possible leads in the case which is described as the kidnapping.
EXMO's representatives confirmed media reports in a statement to a local crypto journal
BitNovostiand appealed for any information that could lead to the finding of Lerner.
The company representatives also assured its customers that EXMO operations were not affected by the incident and that Lerner did not have direct access to any cryptocurrency account or other personal data.
"We are doing everything possible to speed up the search of Pavel Lerner. Any information regarding his whereabouts is very much appreciated," PR-department of EXMO said.
"Despite the situation, the exchange is working as usual. We also want to stress that nature of Pavel’s job at EXMO doesn’t assume access either to storages or any personal data of users. All users funds are absolutely safe."
Lerner case has been considered to be yet another case involving a Russian national with cryptocurrency background.
In July this year,
Alexander Vinnik, a 38-year-old Russian citizen, and operator of cryptocurrency exchange BTC-e, was detained in Northern Greece at the request of US law enforcement authorities, who accused Vinnik of crimes related to the
Mt. Gox hack.
from The Hacker News http://ift.tt/2CjnqsX
Wednesday, December 27, 2017
IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2017-3735)
There is a vulnerability in OpenSSL used by AIX.
CVE(s): CVE-2017-3735
Affected product(s) and affected version(s):
AIX 5.3, 6.1, 7.1, 7.2
VIOS 2.2.x
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2CfOGJ3
X-Force Database: http://ift.tt/2zTVDha
The post IBM Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2017-3735) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2DmAmxE
Kernel Exploit for Sony PS4 Firmware 4.05 Released, Jailbreak Coming Soon
Wishing you all a very 'belated' Merry Christmas. This holiday season Santa has a very special gift for all PlayStation gamers.
Developer SpecterDev finally released a fully-functional much-awaited kernel exploit for PlayStation 4 (firmware 4.05) today—almost two months after Team Fail0verflow
revealedthe technical details of it.
Now available on
Github, dubbed "namedobj," the kernel exploit for the PlayStation 4 on 4.05FW allows users to run arbitrary code on the gaming console, enabling jailbreaking and kernel-level modifications to the system.
Although PS4 kernel exploit does not include Jailbreak code, others can develop a full jailbreak exploit using it.
Jailbreaking allows users to run custom code on the console and install mods, cheats, third-party applications, and games that are typically not possible because of the anti-piracy mechanisms implicated on the Sony PlayStation.
"This release, however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew," SpecterDev said. "This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival."It should be noted that for some users it may not work as smooth as it sounds.
"This exploit is actually incredibly stable at around 95% in my tests. WebKit very rarely crashes and the same is true with kernel. I've built in a patch so the kernel exploit will only run once on the system. You can still make additional patches via payloads," SpecterDev warned.
PS4 gamers who are running firmware version lower than 4.05 can simply update their console to take advantage of this exploit.
Of course, Sony would not be happy with the launch of PlayStation 4 kernel exploit and would be trying hard to eliminate any vulnerability for the most recent version of PS4 firmware.
from The Hacker News http://ift.tt/2BKPdkS
IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ File Transfer Edition component (CVE-2016-1000031)
The DiskFileItem class in Apache Commons Fileupload before version 1.3.3, used in IBM WebSphere MQ File Transfer Edition, could allow remote attackers to execute arbitrary code under the context of the current process, causing an undefined behavior.
CVE(s): CVE-2016-1000031
Affected product(s) and affected version(s):
IBM WebSphere MQ v7.0.0
IBM WebSphere MQ v7.0.1
IBM WebSphere MQ v7.0.2
IBM WebSphere MQ v7.0.3
IBM WebSphere MQ v7.0.4
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2pNmcDV
X-Force Database: http://ift.tt/2hLFPWm
The post IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ File Transfer Edition component (CVE-2016-1000031) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2E1NlG0
IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031)
Jazz for Service Management (JazzSM) is affected by an Apache Commons FileUpload vulnerability. JazzSM has addressed this vulnerability
CVE(s): CVE-2016-1000031
Affected product(s) and affected version(s):
Jazz for Service Management version 1.1.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2pNmcnp
X-Force Database: http://ift.tt/2hLFPWm
The post IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects Jazz for Service Management (JazzSM) (CVE-2016-1000031) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2pGcBi8
The impact on network security through encrypted protocols – QUIC
I have already written about two secure protocols that are impacting our network security.
The first was HTTP/2, the second one was TLS 1.3. Both posts can be found here:
Today I want to talk about another very important protocol, it is called QUIC.
QUIC stands for QUICK UDP INTERNET CONNECTIONS. It is an experimental protocol designed and deployed by Google. When you look at the existing protocols, we already optimized the application layer through HTTP/2 and the encryption layer through TLS 1.3. So the only thing that is now causing still delay is TCP.
Figure 1: Structure of QUIC
QUIC is built on UDP instead of TCP. The port it is using is UDP/443. And it also combines several features with HTTP/2.
HTTP/2 features such as connection multiplexing, stream prioritization or connection sharing across domains are features that QUIC is leveraging from HTTP/2.
Some other important features of QUIC:
- 1-RTT connection handshake
- 0-RTT re-established connections
- Connections survive IP address change
- Always encrypted and authenticated
- Loss Recovery
- Includes RTT Information in the packet
- Retransmits on frames, not on per packet basis
- FEC (Forward Error Correction) data recovery
The QUIC protocol tries to significantly reduce the number of round trips that are required to establish a connection. QUIC is not only using a 1-RTT handshake but can also use a 0-RTT session resumption. Connections are able to survive IP address changes, something that is making everyone in the mobile service provider space very happy. Think of roaming users.
And QUIC is always encrypted and authenticated. There is no cleartext version of QUIC.
Tests with QUIC have resulted in an improvement of 30% with regards to retransmission on sites like “youtube.com”.
The last point in this list is FEC.It is similar to a RAID system for the network. Imagine to transmit some info in addition to the payload to enable you to recreate packets that have been lost on the wire. Sounds useful but was not worth the overhead when tested in real life environments.
So where is QUIC used? As it is an experimental protocol by google, it is today used by a lot of google websites such as gmail.com, youtube.com, etc. Also the Chrome browser has QUIC built in and enabled.
You can check this on your own if you are using the Chrome browser:
Go to your Chrome browser and type “chrome://net-internals/#quic” in the toolbar. Then, open a second tab and browse to youtube.com, gmail.com and other google sites. If you are not behind a firewall that is blocking UDP/443, then some QUIC sessions might turn up.
Chrome is trying QUIC with a lot of sites and remembering, whether it was successful or not.
When connecting to a website, the server can send an “alt-svc” (=alternate service) header to the client, telling him to switch to QUIC.
You can see it on “chrome://net-internals/#alt-svc”
Figure 2: Mapping of QUIC Service to websites
QUIC is currently using a proprietary encryption and authentication protocol. But the IETF has picked up QUIC and is working on a standardized version of QUIC.
One of the important changes is that the QUIC crypto protocol is planned to be replaced with TLS 1.3:
Figure 3: IETF QUIC working group , QUIC & TLS 1.3
Impact on your Security Gateway:
Your gateway currently might not understand QUIC. In addition, QUIC currently is not really able to be decrypted in the network. So, if your firewall is allowing UDP/443, there is not much it can inspect in the QUIC sessions. It might not even recognize it is dealing with QUIC as a protocol and just wonder where all those UDP packets come from….
If your gateway is blocking udp/443, Chrome will silently fall back to TCP. So there won’t be a user impact.
Just blocking udp/443 is for sure not a final solution. Gateways are and will be even more confronted with new and encrypted protocols in the present and near future. If we do not deploy an architecture that is capable to understand those protocols and deal with the overwhelming amount of encryption in the network, the security gateway on its own will go more and more blind.
If you want to learn more, I will be talking at CiscoLive! Barcelona in 2018, Breakout BRKSEC-3015.
Further links on QUIC:
http://ift.tt/2l6HgjD
http://ift.tt/2aw96h8
Tags:
from Cisco Blog » Security http://ift.tt/2lglI3j
SB17-359: Vulnerability Summary for the Week of December 18, 2017
Original release date: December 25, 2017 | Last revised: December 26, 2017
Back to top
Back to top
Back to top
Back to top
from US-CERT National Cyber Alert System http://ift.tt/2C86p7o
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| k7computing -- antivirus | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025ac DeviceIoControl request. | 2017-12-15 | 7.5 | CVE-2017-17699 MISC |
| k7computing -- antivirus | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025a4 DeviceIoControl request. | 2017-12-15 | 7.5 | CVE-2017-17700 MISC |
| k7computing -- antivirus | K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request. | 2017-12-15 | 7.5 | CVE-2017-17701 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback. | 2017-12-15 | 4.0 | CVE-2017-17693 MISC |
| techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | 2017-12-15 | 6.5 | CVE-2017-17695 MISC |
| techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php. | 2017-12-15 | 4.0 | CVE-2017-17696 MISC |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| techno_-_portfolio_management_panel_project -- techno_-_portfolio_management_panel | Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. | 2017-12-15 | 3.5 | CVE-2017-17694 MISC |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abb -- ellipse |
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials. | 2017-12-20 | not yet calculated | CVE-2017-16731 MISC |
| apache -- drill |
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. | 2017-12-18 | not yet calculated | CVE-2017-12630 MLIST |
| apache -- sling_authentication_service |
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | 2017-12-18 | not yet calculated | CVE-2017-15700 MLIST |
| bitdefender -- bitdefender |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116. | 2017-12-21 | not yet calculated | CVE-2017-17410 MISC |
| bitdefender -- bitdefender |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102. | 2017-12-21 | not yet calculated | CVE-2017-17409 MISC |
| bitdefender -- bitdefender |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101. | 2017-12-21 | not yet calculated | CVE-2017-17408 MISC |
| blogotext -- blogotext |
validate_form_preferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field. | 2017-12-20 | not yet calculated | CVE-2017-17794 CONFIRM CONFIRM |
| blogotext -- blogotext |
Cross site scripting (XSS) vulnerability in the markup_clean_href function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment. | 2017-12-20 | not yet calculated | CVE-2017-17792 CONFIRM CONFIRM |
| blogotext -- blogotext |
Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename). | 2017-12-20 | not yet calculated | CVE-2017-17793 CONFIRM CONFIRM |
| brightsign -- brightsign_digital_signage |
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. | 2017-12-18 | not yet calculated | CVE-2017-17737 MISC |
| brightsign -- brightsign_digital_signage |
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. | 2017-12-18 | not yet calculated | CVE-2017-17738 MISC |
| brightsign -- brightsign_digital_signage |
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. | 2017-12-18 | not yet calculated | CVE-2017-17739 MISC |
| cambium_networks -- epmp_firmware |
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones. | 2017-12-20 | not yet calculated | CVE-2017-5263 MISC |
| cambium_networks -- epmp_firmware |
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user. | 2017-12-20 | not yet calculated | CVE-2017-5257 MISC |
| cambium_networks -- epmp_firmware |
In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection. | 2017-12-20 | not yet calculated | CVE-2017-5256 MISC |
| cambium_networks -- epmp_firmware |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. | 2017-12-20 | not yet calculated | CVE-2017-5261 MISC |
| cambium_networks -- epmp_firmware |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. | 2017-12-20 | not yet calculated | CVE-2017-5262 MISC |
| cambium_networks -- epmp_firmware |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. | 2017-12-20 | not yet calculated | CVE-2017-5260 MISC |
| cambium_networks -- epmp_firmware |
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root. | 2017-12-20 | not yet calculated | CVE-2017-5255 MISC |
| cambium_networks -- epmp_firmware |
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. | 2017-12-20 | not yet calculated | CVE-2017-5254 MISC |
| cambium_networks -- epmp_firmware |
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings. | 2017-12-20 | not yet calculated | CVE-2017-5258 MISC |
| cambium_networks -- epmp_firmware |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp. | 2017-12-20 | not yet calculated | CVE-2017-5259 MISC |
| cisco -- asa |
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652. | 2017-12-15 | not yet calculated | CVE-2017-12373 BID CONFIRM |
| cms_made_simple -- cms_made_simple |
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | 2017-12-18 | not yet calculated | CVE-2017-17735 CONFIRM CONFIRM |
| cms_made_simple -- cms_made_simple |
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions. | 2017-12-18 | not yet calculated | CVE-2017-17734 CONFIRM CONFIRM |
| code_crafters -- ability_mail_server |
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4. | 2017-12-20 | not yet calculated | CVE-2017-17752 EXPLOIT-DB |
| conarc -- ichannel |
Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Connection HTTP service). | 2017-12-19 | not yet calculated | CVE-2017-17759 MISC |
| dedecms -- dedecms |
DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | 2017-12-18 | not yet calculated | CVE-2017-17731 MISC |
| dedecms -- dedecms |
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | 2017-12-18 | not yet calculated | CVE-2017-17727 MISC |
| dedecms -- dedecms |
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | 2017-12-18 | not yet calculated | CVE-2017-17730 MISC |
| ecava -- integraxor |
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. | 2017-12-20 | not yet calculated | CVE-2017-16735 MISC |
| ecava -- integraxor |
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. | 2017-12-20 | not yet calculated | CVE-2017-16733 MISC |
| emc -- data_domain |
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution. | 2017-12-20 | not yet calculated | CVE-2017-14385 CONFIRM SECTRACK |
| emc -- isilon_onfs |
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability." | 2017-12-20 | not yet calculated | CVE-2017-14387 CONFIRM |
| f5 -- big-ip_afm |
A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. | 2017-12-21 | not yet calculated | CVE-2017-0304 SECTRACK CONFIRM |
| f5 -- big-ip_apm |
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumstances, APM tunneled VPN flows can cause a VPN/PPP connflow to be prematurely freed or cause TMM to stop responding with a "flow not in use" assertion. An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group. | 2017-12-21 | not yet calculated | CVE-2017-6129 CONFIRM |
| f5 -- big-ip_apm |
In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected. | 2017-12-21 | not yet calculated | CVE-2017-0301 SECTRACK CONFIRM |
| f5 -- big-ip_apm |
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk. | 2017-12-21 | not yet calculated | CVE-2017-6139 CONFIRM |
| f5 -- multiple_products | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM. | 2017-12-21 | not yet calculated | CVE-2017-6151 CONFIRM |
| f5 -- multiple_products | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions. | 2017-12-21 | not yet calculated | CVE-2017-6135 CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash. | 2017-12-21 | not yet calculated | CVE-2017-6134 CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM). | 2017-12-21 | not yet calculated | CVE-2017-6136 CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart. | 2017-12-21 | not yet calculated | CVE-2017-6132 CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system. | 2017-12-21 | not yet calculated | CVE-2017-6164 CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. | 2017-12-21 | not yet calculated | CVE-2017-6138 CONFIRM |
| f5 -- multiple_products |
On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services. | 2017-12-21 | not yet calculated | CVE-2017-6140 CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service. | 2017-12-21 | not yet calculated | CVE-2017-6133 CONFIRM |
| f5 -- multiple_products |
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. | 2017-12-21 | not yet calculated | CVE-2017-6167 CONFIRM |
| fortinet -- forticlient |
An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. | 2017-12-15 | not yet calculated | CVE-2017-14184 BID CONFIRM |
| fortunescripts.com -- fs_lynda_clone |
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. | 2017-12-18 | not yet calculated | CVE-2017-17643 MISC EXPLOIT-DB |
| foxit -- reader | This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977. | 2017-12-20 | not yet calculated | CVE-2017-16589 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the value attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4980. | 2017-12-20 | not yet calculated | CVE-2017-10958 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of the Document object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5282. | 2017-12-20 | not yet calculated | CVE-2017-16581 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5296. | 2017-12-20 | not yet calculated | CVE-2017-16587 CONFIRM MISC |
| foxit -- reader | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA's bind element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5091. | 2017-12-20 | not yet calculated | CVE-2017-16575 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the signer method of XFA's Signature objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5015. | 2017-12-20 | not yet calculated | CVE-2017-14823 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index member of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4978. | 2017-12-20 | not yet calculated | CVE-2017-10956 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4981. | 2017-12-20 | not yet calculated | CVE-2017-10959 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the tile index of the SOT marker in JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5012. | 2017-12-20 | not yet calculated | CVE-2017-14820 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the formNodes method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5018. | 2017-12-20 | not yet calculated | CVE-2017-14826 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xOsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5014. | 2017-12-20 | not yet calculated | CVE-2017-14822 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013. | 2017-12-20 | not yet calculated | CVE-2017-14821 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4982. | 2017-12-20 | not yet calculated | CVE-2017-14818 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the arrowEnd attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4979. | 2017-12-20 | not yet calculated | CVE-2017-10957 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of references to the app object from FormCalc. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5072. | 2017-12-20 | not yet calculated | CVE-2017-16571 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the pageSpan method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5029. | 2017-12-20 | not yet calculated | CVE-2017-14837 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the clearItems XFA method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5288. | 2017-12-20 | not yet calculated | CVE-2017-16582 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within FormCalc's closeDoc method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5073. | 2017-12-20 | not yet calculated | CVE-2017-16572 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setFocus method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5022. | 2017-12-20 | not yet calculated | CVE-2017-14830 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the remove method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5017. | 2017-12-20 | not yet calculated | CVE-2017-14825 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016. | 2017-12-20 | not yet calculated | CVE-2017-14824 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the channel number member of the cdef box. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5011. | 2017-12-20 | not yet calculated | CVE-2017-14819 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the append method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5019. | 2017-12-20 | not yet calculated | CVE-2017-14827 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the w method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5020. | 2017-12-20 | not yet calculated | CVE-2017-14828 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the openList method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5021. | 2017-12-20 | not yet calculated | CVE-2017-14829 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the page method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-5027. | 2017-12-20 | not yet calculated | CVE-2017-14835 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of FileAttachment annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5026. | 2017-12-20 | not yet calculated | CVE-2017-14834 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of Circle Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5023. | 2017-12-20 | not yet calculated | CVE-2017-14831 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Caret Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5024. | 2017-12-20 | not yet calculated | CVE-2017-14832 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5244. | 2017-12-20 | not yet calculated | CVE-2017-16579 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290. | 2017-12-20 | not yet calculated | CVE-2017-16584 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the datasets element of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5289. | 2017-12-20 | not yet calculated | CVE-2017-16583 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5295. | 2017-12-20 | not yet calculated | CVE-2017-16586 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294. | 2017-12-20 | not yet calculated | CVE-2017-16585 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ImageField node of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5281. | 2017-12-20 | not yet calculated | CVE-2017-16580 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XFA's field element. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5092. | 2017-12-20 | not yet calculated | CVE-2017-16576 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the picture elements within XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5216. | 2017-12-20 | not yet calculated | CVE-2017-16578 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025. | 2017-12-20 | not yet calculated | CVE-2017-14833 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the alignment attribute of Field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5094. | 2017-12-20 | not yet calculated | CVE-2017-16577 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028. | 2017-12-20 | not yet calculated | CVE-2017-14836 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LZWDecode filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5078. | 2017-12-20 | not yet calculated | CVE-2017-16573 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Image filters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5079. | 2017-12-20 | not yet calculated | CVE-2017-16574 CONFIRM MISC |
| foxit -- reader |
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4976. | 2017-12-20 | not yet calculated | CVE-2017-16588 CONFIRM MISC |
| genexis_b.v. -- genexis_automatic_provisioning_system |
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the "chk" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid "chk" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2. | 2017-12-20 | not yet calculated | CVE-2017-6094 FULLDISC |
| gimp -- gimp |
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image. | 2017-12-20 | not yet calculated | CVE-2017-17786 MISC MISC |
| gimp -- gimp |
In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c. | 2017-12-20 | not yet calculated | CVE-2017-17787 MISC MISC |
| gimp -- gimp |
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. | 2017-12-20 | not yet calculated | CVE-2017-17785 MISC MISC |
| gimp -- gimp |
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data. | 2017-12-20 | not yet calculated | CVE-2017-17784 MISC MISC |
| gimp -- gimp |
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string. | 2017-12-20 | not yet calculated | CVE-2017-17788 MISC MISC |
| gimp -- gimp |
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. | 2017-12-20 | not yet calculated | CVE-2017-17789 MISC MISC |
| github -- git_lfs |
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository. | 2017-12-21 | not yet calculated | CVE-2017-17831 MISC MISC MISC |
| gitlab -- gitlab |
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem. | 2017-12-17 | not yet calculated | CVE-2017-17716 MISC MISC MISC |
| gnu -- c_library |
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. | 2017-12-17 | not yet calculated | CVE-2017-16997 CONFIRM CONFIRM CONFIRM |
|
golden_frog -- vyprvpn |
In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made. | 2017-12-20 | not yet calculated | CVE-2017-17809 MISC |
| gpweb -- gpweb |
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. | 2017-12-18 | not yet calculated | CVE-2017-15877 MISC |
| gpweb -- gpweb |
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | 2017-12-18 | not yet calculated | CVE-2017-15875 MISC |
| gpweb -- gpweb |
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell. | 2017-12-18 | not yet calculated | CVE-2017-15876 MISC |
| graphicsmagick -- graphicsmagick | In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | 2017-12-20 | not yet calculated | CVE-2017-17782 CONFIRM CONFIRM |
| graphicsmagick -- graphicsmagick |
In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8. | 2017-12-20 | not yet calculated | CVE-2017-17783 CONFIRM CONFIRM |
| h2o -- h2o |
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header. | 2017-12-22 | not yet calculated | CVE-2017-10908 CONFIRM JVN |
| h2o -- h2o |
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header. | 2017-12-22 | not yet calculated | CVE-2017-10868 CONFIRM JVN |
| h2o -- h2o |
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors. | 2017-12-22 | not yet calculated | CVE-2017-10872 CONFIRM JVN |
| h2o -- h2o |
Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors. | 2017-12-22 | not yet calculated | CVE-2017-10869 CONFIRM JVN |
| heketi -- heketi |
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation. | 2017-12-18 | not yet calculated | CVE-2017-15103 REDHAT CONFIRM CONFIRM |
| heketi -- heketi |
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file. | 2017-12-18 | not yet calculated | CVE-2017-15104 REDHAT CONFIRM CONFIRM CONFIRM |
| horde_project -- groupware |
In Horde Groupware through 5.2.22, SQL Injection exists via the group parameter to /services/prefs.php or the homePostalCode parameter to /turba/search.php. | 2017-12-20 | not yet calculated | CVE-2017-17781 MISC |
| huawei -- fusionsphere_openstack |
Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. | 2017-12-22 | not yet calculated | CVE-2017-15321 CONFIRM |
| huawei -- hg8245h |
Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak. | 2017-12-22 | not yet calculated | CVE-2017-15328 MISC MISC |
| huawei -- honor_8_smartphone |
Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information. | 2017-12-22 | not yet calculated | CVE-2017-15307 CONFIRM |
| huawei -- ireader |
Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vulnerability due to the lack of input validation. An attacker can exploit this vulnerability to delete specific files from the SD card. | 2017-12-22 | not yet calculated | CVE-2017-15310 CONFIRM |
| huawei -- ireader |
Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory. | 2017-12-22 | not yet calculated | CVE-2017-15309 CONFIRM |
| huawei -- ireader |
Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run. | 2017-12-22 | not yet calculated | CVE-2017-15308 CONFIRM |
| huawei -- mate_9_smartphone |
The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution. | 2017-12-22 | not yet calculated | CVE-2017-15316 CONFIRM |
| huawei -- multiple_smartphones |
Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 and BGO-L03C331B009CUSTC331D001 have a DoS vulnerability due to insufficient input validation. An attacker could exploit this vulnerability by sending specially crafted NFC messages to the target device. Successful exploit could make a service crash. | 2017-12-22 | not yet calculated | CVE-2017-15322 CONFIRM |
| huawei -- multiple_products |
The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00), and before LON-AL00B 8.0.0.334(C00) have a stack overflow vulnerability due to the lack of parameter validation. An attacker could send malicious packets to the smart phones within radio range by special wireless device, which leads stack overflow when the baseband module handles these packets. The attacker could exploit this vulnerability to perform a denial of service attack or remote code execution in baseband module. | 2017-12-22 | not yet calculated | CVE-2017-15311 CONFIRM |
| huawei -- multiple_products |
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | 2017-12-22 | not yet calculated | CVE-2017-15318 CONFIRM |
| huawei -- multiple_products |
AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart. | 2017-12-22 | not yet calculated | CVE-2017-15317 CONFIRM |
| huawei -- multiple_products |
Huawei S12700 V200R006C00, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R009C00, V200R010C00; S1700 V200R006C10, V200R009C00, V200R010C00; S2700 V200R006C00, V200R006C10, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00; S5700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00, V200R011C00; S6700 V200R005C00, V200R008C00, V200R009C00, V200R010C00; S7700 V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C0; S9700 V200R006C00, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart. | 2017-12-22 | not yet calculated | CVE-2017-15324 CONFIRM |
| huawei -- multiple_products |
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | 2017-12-22 | not yet calculated | CVE-2017-15319 CONFIRM |
| huawei -- multiple_products |
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system. | 2017-12-22 | not yet calculated | CVE-2017-15320 CONFIRM |
| huawei -- smartcare |
Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device. | 2017-12-22 | not yet calculated | CVE-2017-15312 CONFIRM |
| huawei -- smartcare |
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device. | 2017-12-22 | not yet calculated | CVE-2017-15313 CONFIRM |
| ibm -- business_process_manager |
IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692. | 2017-12-20 | not yet calculated | CVE-2017-1494 CONFIRM BID MISC |
| ibm -- integration_bus |
IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain in clear text which can be read by an attacker using man in the middle techniques. IBM X-Force ID: 134165. | 2017-12-20 | not yet calculated | CVE-2017-1694 CONFIRM MISC |
| ibm -- jazz_for_service_managmeent |
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140. | 2017-12-20 | not yet calculated | CVE-2017-1631 CONFIRM MISC |
| ibm -- jazz_for_service_managment |
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519. | 2017-12-20 | not yet calculated | CVE-2017-1746 CONFIRM MISC |
| ibm -- qradar |
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 134178. | 2017-12-20 | not yet calculated | CVE-2017-1696 CONFIRM MISC |
| ibm -- robotic_process_automation |
IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135546. | 2017-12-20 | not yet calculated | CVE-2017-1751 CONFIRM MISC |
| ibm -- security_guardium |
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. | 2017-12-20 | not yet calculated | CVE-2017-1757 CONFIRM MISC |
| ibm -- websphere_portal |
IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476. | 2017-12-20 | not yet calculated | CVE-2017-1423 SECTRACK MISC CONFIRM |
| ibm -- security_guardium | IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. | 2017-12-20 | not yet calculated | CVE-2017-1266 CONFIRM MISC |
| ibm -- security_guardium | IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745. | 2017-12-20 | not yet calculated | CVE-2017-1270 CONFIRM MISC |
| ibm -- security_guardium | IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132550. | 2017-12-20 | not yet calculated | CVE-2017-1596 CONFIRM MISC |
| ibm -- security_guardium |
IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132613. | 2017-12-20 | not yet calculated | CVE-2017-1600 CONFIRM MISC |
| ibm -- security_guardium |
IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736. | 2017-12-20 | not yet calculated | CVE-2017-1261 CONFIRM MISC |
| ibm -- security_guardium |
IBM Security Guardium 10.0 Database Activity Monitor uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 132611. | 2017-12-20 | not yet calculated | CVE-2017-1598 CONFIRM MISC |
| ibm -- security_guardium |
IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 124737. | 2017-12-20 | not yet calculated | CVE-2017-1262 CONFIRM MISC |
| ibm -- security_guardium |
IBM Security Guardium 10.0 Database Activity Monitor could allow a local attacker to obtain highly sensitive information via unspecified vectors. IBM X-Force ID: 132549. | 2017-12-20 | not yet calculated | CVE-2017-1595 CONFIRM MISC |
| ibm -- security_guardium |
IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. | 2017-12-20 | not yet calculated | CVE-2017-1257 CONFIRM MISC |
| ichano -- athome_ip_camera_devices |
An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a <system>id</system> command results in a <system_ack>ok</system_ack> response. | 2017-12-19 | not yet calculated | CVE-2017-17761 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000084. | 2017-12-20 | not yet calculated | CVE-2017-17804 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000088. | 2017-12-20 | not yet calculated | CVE-2017-17795 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113. | 2017-12-20 | not yet calculated | CVE-2017-14968 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000cc. | 2017-12-20 | not yet calculated | CVE-2017-14965 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c0. | 2017-12-20 | not yet calculated | CVE-2017-14966 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83000058. | 2017-12-20 | not yet calculated | CVE-2017-17797 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300005c. | 2017-12-20 | not yet calculated | CVE-2017-14964 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114. | 2017-12-20 | not yet calculated | CVE-2017-14969 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Out of Bounds Write vulnerability because of not validating input values from IOCtl 0x83000058, a related issue to CVE-2017-17112. | 2017-12-20 | not yet calculated | CVE-2017-14962 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000080. | 2017-12-20 | not yet calculated | CVE-2017-14967 MISC |
| ikarus -- ikarus |
In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000058. | 2017-12-20 | not yet calculated | CVE-2017-14963 MISC |
| jbpm_kie_workbench -- jbpm_kie_workbench |
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. | 2017-12-19 | not yet calculated | CVE-2013-6465 CONFIRM CONFIRM CONFIRM |
| kemp -- application_firewall_pack |
The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. | 2017-12-18 | not yet calculated | CVE-2017-15524 BUGTRAQ CONFIRM MISC |
| linux -- linux_kernel |
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. | 2017-12-20 | not yet calculated | CVE-2017-17805 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel |
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. | 2017-12-20 | not yet calculated | CVE-2017-17806 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel |
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c. | 2017-12-20 | not yet calculated | CVE-2017-17807 CONFIRM CONFIRM CONFIRM |
| linux -- linux_kernel |
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to cause a denial of service (write_mmio stack-based out-of-bounds read) or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. | 2017-12-18 | not yet calculated | CVE-2017-17741 MISC |
| lyncsys -- wvbr0 |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0 WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892. | 2017-12-21 | not yet calculated | CVE-2017-17411 MISC |
| maccms -- maccms |
Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request. | 2017-12-18 | not yet calculated | CVE-2017-17733 MISC |
| maplesoft -- maple_t.a. |
A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688. | 2017-12-16 | not yet calculated | CVE-2017-14134 MISC |
| meinberg -- lantime |
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access. | 2017-12-15 | not yet calculated | CVE-2017-16787 FULLDISC EXPLOIT-DB |
| meinberg -- lantime |
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. | 2017-12-19 | not yet calculated | CVE-2017-16786 MISC FULLDISC |
| micro_focus -- operations_manager_i |
Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | 2017-12-21 | not yet calculated | CVE-2017-14363 CONFIRM |
| moxa -- credentials_management |
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. | 2017-12-21 | not yet calculated | CVE-2017-16727 BID MISC |
| mt4_networks -- senhasegura |
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php. | 2017-12-18 | not yet calculated | CVE-2017-11562 MISC |
| netapp -- clustered_data_ontap |
NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments. | 2017-12-18 | not yet calculated | CVE-2017-14583 CONFIRM |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors. | 2017-12-20 | not yet calculated | CVE-2017-17813 MISC |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. | 2017-12-20 | not yet calculated | CVE-2017-17817 MISC |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. | 2017-12-20 | not yet calculated | CVE-2017-17811 MISC |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments. | 2017-12-20 | not yet calculated | CVE-2017-17810 MISC MISC |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. | 2017-12-20 | not yet calculated | CVE-2017-17816 MISC |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack. | 2017-12-20 | not yet calculated | CVE-2017-17812 MISC MISC |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c. | 2017-12-20 | not yet calculated | CVE-2017-17818 MISC |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. | 2017-12-20 | not yet calculated | CVE-2017-17820 MISC |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated. | 2017-12-20 | not yet calculated | CVE-2017-17819 MISC MISC |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. | 2017-12-20 | not yet calculated | CVE-2017-17814 MISC |
| netwide_assembler -- netwide_assembler |
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts. | 2017-12-20 | not yet calculated | CVE-2017-17815 MISC MISC |
| open_ticket_request_system -- open_ticket_request_system |
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. | 2017-12-20 | not yet calculated | CVE-2017-17476 CONFIRM CONFIRM CONFIRM CONFIRM |
| openldap -- openldap |
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. | 2017-12-18 | not yet calculated | CVE-2017-17740 MISC |
| phpscriptsmall.com -- paid_to_read_script |
Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | 2017-12-19 | not yet calculated | CVE-2017-17779 MISC |
| phpscriptsmall.com -- paid_to_read_script |
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. | 2017-12-18 | not yet calculated | CVE-2017-17651 MISC EXPLOIT-DB |
| phpscriptsmall.com -- paid_to_read_script |
Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter. | 2017-12-19 | not yet calculated | CVE-2017-17778 MISC |
| phpscriptsmall.com -- paid_to_read_script |
Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. | 2017-12-19 | not yet calculated | CVE-2017-17777 MISC |
| phpscriptsmall.com -- paid_to_read_script |
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter. | 2017-12-19 | not yet calculated | CVE-2017-17776 MISC |
| phpscriptsmall.com -- readymade_video_sharing_script |
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | 2017-12-18 | not yet calculated | CVE-2017-17649 MISC EXPLOIT-DB |
| piwigo -- piwigo |
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. | 2017-12-20 | not yet calculated | CVE-2017-17827 MISC MISC MISC |
| piwigo -- piwigo |
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can exploit this to hijack a client's browser along with the data stored in it. | 2017-12-20 | not yet calculated | CVE-2017-17826 MISC |
| piwigo -- piwigo |
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it. | 2017-12-20 | not yet calculated | CVE-2017-17825 MISC |
| piwigo -- piwigo |
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. | 2017-12-20 | not yet calculated | CVE-2017-17824 MISC MISC MISC |
| piwigo -- piwigo |
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | 2017-12-20 | not yet calculated | CVE-2017-17823 MISC MISC MISC |
| piwigo -- piwigo |
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | 2017-12-20 | not yet calculated | CVE-2017-17822 MISC MISC MISC |
| piwigo -- piwigo |
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request. | 2017-12-19 | not yet calculated | CVE-2017-17775 MISC |
| piwigo -- piwigo |
admin/configuration.php in Piwigo 2.9.2 has CSRF. | 2017-12-19 | not yet calculated | CVE-2017-17774 MISC MISC |
| puppet -- puppet_enterprise |
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." | 2017-12-21 | not yet calculated | CVE-2015-4100 CONFIRM |
| puppet -- puppetlabs-mysql |
puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask. | 2017-12-21 | not yet calculated | CVE-2015-7224 CONFIRM |
| qnap -- qts | A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17031 CONFIRM |
| qnap -- qts |
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17033 CONFIRM |
| qnap -- qts |
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17030 CONFIRM |
| qnap -- qts |
A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17028 CONFIRM |
| qnap -- qts |
A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17027 CONFIRM |
| qnap -- qts |
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17032 CONFIRM |
| qnap -- qts |
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. | 2017-12-21 | not yet calculated | CVE-2017-17029 CONFIRM |
| rados -- gateway |
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h. | 2017-12-20 | not yet calculated | CVE-2017-16818 CONFIRM CONFIRM FEDORA |
| rockwell_automation -- factorytalk_alarms_and_events |
An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted set of packets packet to Port 403/TCP (the history archiver service), causing the service to either stall or terminate. | 2017-12-22 | not yet calculated | CVE-2017-14022 BID MISC |
| ruby -- ruby |
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution. | 2017-12-15 | not yet calculated | CVE-2017-17405 BID CONFIRM CONFIRM |
| ruby -- ruby |
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | 2017-12-17 | not yet calculated | CVE-2017-17718 MISC MISC MISC |
| ruby -- ruby |
The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely. | 2017-12-20 | not yet calculated | CVE-2017-17790 CONFIRM |
| samsung -- internet_browser |
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code. | 2017-12-21 | not yet calculated | CVE-2017-17692 MISC MISC |
| softonic -- telegram_messenger_app |
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | 2017-12-16 | not yet calculated | CVE-2017-17715 MISC |
| solarwinds -- multiple_products |
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | 2017-12-20 | not yet calculated | CVE-2012-2576 EXPLOIT-DB EXPLOIT-DB BID CONFIRM XF |
| sonatype -- nexus_repository_manager |
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature. | 2017-12-17 | not yet calculated | CVE-2017-17717 MISC |
| sony -- music_center_for_pc |
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 2017-12-22 | not yet calculated | CVE-2017-10909 JVN |
| spiqe_software -- onethird_cms_show_off |
Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | 2017-12-22 | not yet calculated | CVE-2017-10907 JVN CONFIRM |
| superbeam -- superbeam |
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection. | 2017-12-19 | not yet calculated | CVE-2017-17763 MISC |
| symantec -- messaging_gateway |
Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. | 2017-12-20 | not yet calculated | CVE-2017-15532 BID CONFIRM |
| syncbreeze -- syncbreeze |
The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service. | 2017-12-19 | not yet calculated | CVE-2017-17088 MISC FULLDISC EXPLOIT-DB |
| synology -- diskstation_manager |
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option. | 2017-12-22 | not yet calculated | CVE-2017-16766 CONFIRM |
| synology -- photo_station |
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. | 2017-12-20 | not yet calculated | CVE-2017-12072 CONFIRM |
| tg_soft -- vir.it_explorer_lite | In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E060. | 2017-12-20 | not yet calculated | CVE-2017-17801 MISC |
| tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800. | 2017-12-20 | not yet calculated | CVE-2017-17798 MISC |
| tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273E080. | 2017-12-20 | not yet calculated | CVE-2017-17802 MISC |
| tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82736068, a different vulnerability than CVE-2017-17475. | 2017-12-20 | not yet calculated | CVE-2017-17803 MISC |
| tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068. | 2017-12-20 | not yet calculated | CVE-2017-17799 MISC |
| tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4. | 2017-12-20 | not yet calculated | CVE-2017-17796 MISC |
| tg_soft -- vir.it_explorer_lite |
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17798. | 2017-12-20 | not yet calculated | CVE-2017-17800 MISC |
| tp-link -- multiple_products |
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd. | 2017-12-19 | not yet calculated | CVE-2017-17757 MISC |
| tp-link -- multiple_products |
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. | 2017-12-19 | not yet calculated | CVE-2017-17758 MISC |
| tp-link -- tl-sg108e_device |
Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated. | 2017-12-20 | not yet calculated | CVE-2017-17746 FULLDISC |
| tp-link -- tl-sg108e_device |
Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. | 2017-12-20 | not yet calculated | CVE-2017-17745 FULLDISC |
| tp-link -- tl-sg108e_device |
Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. | 2017-12-20 | not yet calculated | CVE-2017-17747 FULLDISC |
| trape -- trape |
Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | 2017-12-16 | not yet calculated | CVE-2017-17714 MISC MISC MISC |
| trape -- trape |
Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | 2017-12-16 | not yet calculated | CVE-2017-17713 MISC MISC MISC MISC MISC |
| urbackup -- urbackup_server |
Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 2017-12-17 | not yet calculated | CVE-2017-16950 CONFIRM CONFIRM |
| videolan -- vlc |
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation. | 2017-12-15 | not yet calculated | CVE-2017-17670 MISC BID |
| vmware -- esxi__and_workstation_and_fusion |
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | 2017-12-20 | not yet calculated | CVE-2017-4933 CONFIRM |
| vmware -- esxi__and_workstation_and_fusion |
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall. | 2017-12-20 | not yet calculated | CVE-2017-4941 CONFIRM |
| vmware -- esxi |
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. | 2017-12-20 | not yet calculated | CVE-2017-4940 CONFIRM |
| vmware -- vcenter_server_appliance |
VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS. | 2017-12-20 | not yet calculated | CVE-2017-4943 CONFIRM |
| webkit -- webkit |
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length. | 2017-12-20 | not yet calculated | CVE-2017-17821 MISC MISC |
| wecon -- levistudio_hmi_editor |
A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. | 2017-12-20 | not yet calculated | CVE-2017-16717 MISC |
| wordpress -- wordpress |
An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution. | 2017-12-18 | not yet calculated | CVE-2017-16949 MISC MISC EXPLOIT-DB |
| wordpress -- wordpress |
Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php. | 2017-12-20 | not yet calculated | CVE-2011-4955 CONFIRM SECUNIA CONFIRM MLIST MLIST XF |
| wordpress -- wordpress |
Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore parameter to includes/admin/views/esb-cie-import-export-page.php. | 2017-12-19 | not yet calculated | CVE-2017-17753 MISC |
| wordpress -- wordpress |
The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5. | 2017-12-19 | not yet calculated | CVE-2017-17780 MISC MISC |
| wordpress -- wordpress |
A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advancedsettings.php. | 2017-12-19 | not yet calculated | CVE-2017-17744 MISC MISC |
| worpress -- wordpress |
A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php. | 2017-12-19 | not yet calculated | CVE-2017-17719 MISC MISC |
| http://ift.tt/2DU0a5o -- bus_booking_script |
Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter. | 2017-12-21 | not yet calculated | CVE-2017-17828 MISC |
| http://ift.tt/2DU0a5o -- bus_booking_script |
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. | 2017-12-21 | not yet calculated | CVE-2017-17829 MISC |
| http://ift.tt/2DU0a5o -- bus_booking_script |
Bus Booking Script has CSRF via admin/new_master.php. | 2017-12-21 | not yet calculated | CVE-2017-17830 MISC |
| http://ift.tt/2DU0a5o -- bus_booking_script |
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. | 2017-12-18 | not yet calculated | CVE-2017-17645 MISC EXPLOIT-DB |
| xiongmai_technology -- multiple_products |
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible. | 2017-12-20 | not yet calculated | CVE-2017-16725 BID MISC |
| zivif -- pr115-204-p-rs_camera |
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session. | 2017-12-18 | not yet calculated | CVE-2017-17107 MISC FULLDISC MISC |
| zivif -- pr115-204-p-rs_camera |
Zivif PR115-204-P-RS V2.3.4.2103 web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request. | 2017-12-18 | not yet calculated | CVE-2017-17105 MISC FULLDISC MISC |
| zivif -- pr115-204-p-rs_camera |
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. | 2017-12-18 | not yet calculated | CVE-2017-17106 MISC FULLDISC MISC |
| zoom -- zoomlauncher |
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 2017-12-19 | not yet calculated | CVE-2017-15048 MISC FULLDISC MISC EXPLOIT-DB |
| zoom -- zoomlauncher |
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | 2017-12-19 | not yet calculated | CVE-2017-15049 MISC FULLDISC MISC EXPLOIT-DB |
| zuuse_beims -- contractorweb.net |
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | 2017-12-18 | not yet calculated | CVE-2017-17721 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT National Cyber Alert System http://ift.tt/2C86p7o
Subscribe to:
Posts (Atom)