본문 바로가기
IT 와 Social 이야기

[US-CERT: Bulletin(SB17-261)] 2017년 9월 11일까지 발표된 보안 취약점

by manga0713 2017. 9. 20.

 

 

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
google -- android A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. 2017-09-08 9.3 CVE-2017-0752
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744. 2017-09-08 9.3 CVE-2017-0753
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311. 2017-09-08 9.3 CVE-2017-0755
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. 2017-09-08 9.3 CVE-2017-0756
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36006815. 2017-09-08 9.3 CVE-2017-0757
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741. 2017-09-08 9.3 CVE-2017-0758
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268. 2017-09-08 9.3 CVE-2017-0759
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396. 2017-09-08 9.3 CVE-2017-0760
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381. 2017-09-08 9.3 CVE-2017-0761
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264. 2017-09-08 9.3 CVE-2017-0762
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. 2017-09-08 9.3 CVE-2017-0763
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015. 2017-09-08 9.3 CVE-2017-0764
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872863. 2017-09-08 9.3 CVE-2017-0765
BID(link is external)
CONFIRM(link is external)
google -- android A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688. 2017-09-08 9.3 CVE-2017-0766
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407. 2017-09-08 9.3 CVE-2017-0767
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992. 2017-09-08 9.3 CVE-2017-0768
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37662122. 2017-09-08 9.3 CVE-2017-0769
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812. 2017-09-08 9.3 CVE-2017-0770
BID(link is external)
CONFIRM(link is external)
google -- android A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243. 2017-09-08 7.1 CVE-2017-0771
BID(link is external)
CONFIRM(link is external)
google -- android A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076. 2017-09-08 7.1 CVE-2017-0772
BID(link is external)
CONFIRM(link is external)
google -- android A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911. 2017-09-08 7.1 CVE-2017-0773
BID(link is external)
CONFIRM(link is external)
google -- android A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844. 2017-09-08 7.1 CVE-2017-0774
BID(link is external)
CONFIRM(link is external)
google -- android A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179. 2017-09-08 7.1 CVE-2017-0775
BID(link is external)
CONFIRM(link is external)
google -- android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227. 2017-09-08 7.8 CVE-2017-0778
BID(link is external)
CONFIRM(link is external)
google -- android A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976. 2017-09-08 7.1 CVE-2017-0780
BID(link is external)
CONFIRM(link is external)
google -- android A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946. 2017-09-08 7.1 CVE-2017-0793
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480. 2017-09-08 9.3 CVE-2017-0795
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the MediaTek auxadc driver. Product: Android. Versions: Android kernel. Android ID: A-62458865. References: M-ALPS03353884, M-ALPS03353886, M-ALPS03353887. 2017-09-08 9.3 CVE-2017-0796
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854. 2017-09-08 9.3 CVE-2017-0797
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532. 2017-09-08 9.3 CVE-2017-0798
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072. 2017-09-08 9.3 CVE-2017-0799
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988. 2017-09-08 9.3 CVE-2017-0800
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980. 2017-09-08 9.3 CVE-2017-0801
BID(link is external)
CONFIRM(link is external)
ibm -- db2_connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178. 2017-09-12 7.2 CVE-2017-1451
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- db2_connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180. 2017-09-12 7.2 CVE-2017-1452
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. 2017-09-12 7.1 CVE-2017-14325
CONFIRM(link is external)
imagemagick -- imagemagick ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. 2017-09-12 7.1 CVE-2017-14341
CONFIRM(link is external)
CONFIRM(link is external)
microsoft -- edge Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766. 2017-09-12 7.6 CVE-2017-8751
SECTRACK(link is external)
CONFIRM(link is external)
synology -- photo_station Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. 2017-09-08 7.5 CVE-2017-11161
CONFIRM(link is external)
tcpdump -- tcpdump The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:name_len(). 2017-09-14 7.5 CVE-2017-12893
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in addrtoname.c:lookup_bytestring(). 2017-09-14 7.5 CVE-2017-12894
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). 2017-09-14 7.5 CVE-2017-12895
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print(). 2017-09-14 7.5 CVE-2017-12896
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
tcpdump -- tcpdump The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isoclns_print(). 2017-09-14 7.5 CVE-2017-12897
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply(). 2017-09-14 7.5 CVE-2017-12898
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print(). 2017-09-14 7.5 CVE-2017-12899
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
tcpdump -- tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf(). 2017-09-14 7.5 CVE-2017-12900
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in print-eigrp.c:eigrp_print(). 2017-09-14 7.5 CVE-2017-12901
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions. 2017-09-14 7.5 CVE-2017-12902
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
tcpdump -- tcpdump The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print(). 2017-09-14 7.5 CVE-2017-12985
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). 2017-09-14 7.5 CVE-2017-12986
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). 2017-09-14 7.5 CVE-2017-12987
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
tcpdump -- tcpdump The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse(). 2017-09-14 7.5 CVE-2017-12988
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). 2017-09-14 7.5 CVE-2017-12991
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in print-ripng.c:ripng_print(). 2017-09-14 7.5 CVE-2017-12992
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c, several functions. 2017-09-14 7.5 CVE-2017-12993
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). 2017-09-14 7.5 CVE-2017-12994
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c:pimv2_print(). 2017-09-14 7.5 CVE-2017-12996
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_extd_ip_reach(). 2017-09-14 7.5 CVE-2017-12998
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print(). 2017-09-14 7.5 CVE-2017-12999
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_15_4.c:ieee802_15_4_if_print(). 2017-09-14 7.5 CVE-2017-13000
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
tcpdump -- tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh(). 2017-09-14 7.5 CVE-2017-13001
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The AODV parser in tcpdump before 4.9.2 has a buffer over-read in print-aodv.c:aodv_extension(). 2017-09-14 7.5 CVE-2017-13002
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print-lmp.c:lmp_print(). 2017-09-14 7.5 CVE-2017-13003
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header(). 2017-09-14 7.5 CVE-2017-13004
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
tcpdump -- tcpdump The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter(). 2017-09-14 7.5 CVE-2017-13005
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in print-l2tp.c, several functions. 2017-09-14 7.5 CVE-2017-13006
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read in print-pktap.c:pktap_if_print(). 2017-09-14 7.5 CVE-2017-13007
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements(). 2017-09-14 7.5 CVE-2017-13008
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_print(). 2017-09-14 7.5 CVE-2017-13009
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in print-beep.c:l_strnstart(). 2017-09-14 7.5 CVE-2017-13010
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump Several protocol parsers in tcpdump before 4.9.2 could cause a buffer overflow in util-print.c:bittok2str_internal(). 2017-09-14 7.5 CVE-2017-13011
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print(). 2017-09-14 7.5 CVE-2017-13012
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print-arp.c, several functions. 2017-09-14 7.5 CVE-2017-13013
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions. 2017-09-14 7.5 CVE-2017-13014
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print-eap.c:eap_print(). 2017-09-14 7.5 CVE-2017-13015
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). 2017-09-14 7.5 CVE-2017-13016
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-dhcp6.c:dhcp6opt_print(). 2017-09-14 7.5 CVE-2017-13017
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). 2017-09-14 7.5 CVE-2017-13018
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). 2017-09-14 7.5 CVE-2017-13019
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). 2017-09-14 7.5 CVE-2017-13020
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
tcpdump -- tcpdump The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_print(). 2017-09-14 7.5 CVE-2017-13021
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute(). 2017-09-14 7.5 CVE-2017-13022
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). 2017-09-14 7.5 CVE-2017-13023
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). 2017-09-14 7.5 CVE-2017-13024
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
tcpdump -- tcpdump The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print(). 2017-09-14 7.5 CVE-2017-13025
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c, several functions. 2017-09-14 7.5 CVE-2017-13026
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_mgmt_addr_tlv_print(). 2017-09-14 7.5 CVE-2017-13027
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in print-bootp.c:bootp_print(). 2017-09-14 7.5 CVE-2017-13028
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
tcpdump -- tcpdump The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options(). 2017-09-14 7.5 CVE-2017-13029
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions. 2017-09-14 7.5 CVE-2017-13030
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print(). 2017-09-14 7.5 CVE-2017-13031
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string(). 2017-09-14 7.5 CVE-2017-13032
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print(). 2017-09-14 7.5 CVE-2017-13033
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print(). 2017-09-14 7.5 CVE-2017-13034
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id(). 2017-09-14 7.5 CVE-2017-13035
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3(). 2017-09-14 7.5 CVE-2017-13036
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts(). 2017-09-14 7.5 CVE-2017-13037
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp(). 2017-09-14 7.5 CVE-2017-13038
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. 2017-09-14 7.5 CVE-2017-13039
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions. 2017-09-14 7.5 CVE-2017-13040
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print(). 2017-09-14 7.5 CVE-2017-13041
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print(). 2017-09-14 7.5 CVE-2017-13042
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn(). 2017-09-14 7.5 CVE-2017-13043
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print(). 2017-09-14 7.5 CVE-2017-13044
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print(). 2017-09-14 7.5 CVE-2017-13045
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print(). 2017-09-14 7.5 CVE-2017-13046
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print(). 2017-09-14 7.5 CVE-2017-13047
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). 2017-09-14 7.5 CVE-2017-13048
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print(). 2017-09-14 7.5 CVE-2017-13049
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print(). 2017-09-14 7.5 CVE-2017-13050
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print(). 2017-09-14 7.5 CVE-2017-13051
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print(). 2017-09-14 7.5 CVE-2017-13052
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info(). 2017-09-14 7.5 CVE-2017-13053
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print(). 2017-09-14 7.5 CVE-2017-13054
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv(). 2017-09-14 7.5 CVE-2017-13055
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print(). 2017-09-14 7.5 CVE-2017-13687
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
tcpdump -- tcpdump The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print(). 2017-09-14 7.5 CVE-2017-13688
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print(). 2017-09-14 7.5 CVE-2017-13689
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions. 2017-09-14 7.5 CVE-2017-13690
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print(). 2017-09-14 7.5 CVE-2017-13725
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
azeotech -- daqfactory An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malicious DLL files that have been placed within the search path. 2017-09-08 4.6 CVE-2017-5147
BID(link is external)
MISC
divinglog -- diving_log XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import. 2017-09-08 4.3 CVE-2017-9095
MISC(link is external)
ee -- 4gee_wifi_mbb_firmware EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. 2017-09-11 6.8 CVE-2017-14267
MISC
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
ee -- 4gee_wifi_mbb_firmware EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. 2017-09-11 4.3 CVE-2017-14268
MISC
MISC(link is external)
ee -- 4gee_wifi_mbb_firmware EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. 2017-09-11 5.0 CVE-2017-14269
MISC
MISC(link is external)
ellucian -- banner_student Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-09-11 4.3 CVE-2015-4687
MISC(link is external)
BUGTRAQ(link is external)
ffmpeg -- ffmpeg The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) 2017-09-09 6.8 CVE-2017-14225
BID(link is external)
MISC(link is external)
MISC
fortinet -- fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. 2017-09-11 4.3 CVE-2017-3132
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
fortinet -- fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. 2017-09-11 4.3 CVE-2017-3133
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
google -- android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660. 2017-09-08 4.3 CVE-2017-0776
BID(link is external)
CONFIRM(link is external)
google -- android A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499. 2017-09-08 4.3 CVE-2017-0777
BID(link is external)
CONFIRM(link is external)
google -- android A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117. 2017-09-08 4.3 CVE-2017-0779
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958. 2017-09-08 5.8 CVE-2017-0784
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101. 2017-09-08 5.8 CVE-2017-0786
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722970. References: B-V2017053104. 2017-09-08 5.8 CVE-2017-0787
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37722328. References: B-V2017053103. 2017-09-08 5.8 CVE-2017-0788
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102. 2017-09-08 5.8 CVE-2017-0789
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37357704. References: B-V2017053101. 2017-09-08 5.8 CVE-2017-0790
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302. 2017-09-08 5.8 CVE-2017-0791
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812. 2017-09-08 6.8 CVE-2017-0794
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818. 2017-09-08 6.8 CVE-2017-0802
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477. 2017-09-08 6.8 CVE-2017-0803
BID(link is external)
CONFIRM(link is external)
google -- android A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487. 2017-09-08 6.8 CVE-2017-0804
BID(link is external)
CONFIRM(link is external)
graphicsmagick -- graphicsmagick Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file. 2017-09-11 4.3 CVE-2017-14314
CONFIRM(link is external)
CONFIRM(link is external)
ibm -- db2_connect IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829. 2017-09-12 4.3 CVE-2017-1519
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- db2_connect IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. 2017-09-12 4.3 CVE-2017-1520
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- qradar_security_information_and_event_manager IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. 2017-09-12 5.0 CVE-2017-1162
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
imagemagick -- imagemagick A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. 2017-09-11 4.3 CVE-2017-14248
CONFIRM(link is external)
imagemagick -- imagemagick ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. 2017-09-11 4.3 CVE-2017-14249
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. 2017-09-12 4.3 CVE-2017-14324
CONFIRM(link is external)
imagemagick -- imagemagick In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. 2017-09-12 4.3 CVE-2017-14326
CONFIRM(link is external)
imagemagick -- imagemagick ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. 2017-09-12 4.3 CVE-2017-14342
CONFIRM(link is external)
imagemagick -- imagemagick ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. 2017-09-12 4.3 CVE-2017-14343
CONFIRM(link is external)
jasper_project -- jasper There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. 2017-09-09 5.0 CVE-2017-14229
MISC(link is external)
nasm -- netwide_assembler In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. 2017-09-09 5.0 CVE-2017-14228
MISC(link is external)
nexusphp_project -- nexusphp NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. 2017-09-12 4.3 CVE-2017-14347
MISC(link is external)
novell -- leap The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root. 2017-09-08 6.9 CVE-2016-5759
SUSE
MLIST(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000cb8c." 2017-09-11 4.6 CVE-2017-14286
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb." 2017-09-11 4.6 CVE-2017-14287
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x0000000000002ff7." 2017-09-11 4.6 CVE-2017-14288
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000303e." 2017-09-11 4.6 CVE-2017-14289
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d." 2017-09-11 4.6 CVE-2017-14290
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d8." 2017-09-11 4.6 CVE-2017-14291
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000570e." 2017-09-11 4.6 CVE-2017-14292
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1." 2017-09-11 4.6 CVE-2017-14293
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e." 2017-09-11 4.6 CVE-2017-14294
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e6." 2017-09-11 4.6 CVE-2017-14296
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35." 2017-09-11 4.6 CVE-2017-14297
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8." 2017-09-11 4.6 CVE-2017-14298
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x000000000000384b." 2017-09-11 4.6 CVE-2017-14299
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x0000000000004479." 2017-09-11 4.6 CVE-2017-14300
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3." 2017-09-11 4.6 CVE-2017-14301
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7." 2017-09-11 4.6 CVE-2017-14302
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047." 2017-09-11 4.6 CVE-2017-14303
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0." 2017-09-11 4.6 CVE-2017-14304
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578." 2017-09-11 4.6 CVE-2017-14305
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10." 2017-09-11 4.6 CVE-2017-14306
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402." 2017-09-11 4.6 CVE-2017-14307
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd." 2017-09-11 4.6 CVE-2017-14308
MISC(link is external)
stdutility -- stdu_viewer STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8." 2017-09-11 4.6 CVE-2017-14309
MISC(link is external)
synology -- photo_station Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. 2017-09-08 4.0 CVE-2017-11162
CONFIRM(link is external)
synology -- photo_station Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. 2017-09-08 4.0 CVE-2017-12071
CONFIRM(link is external)
tcpdump -- tcpdump The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). 2017-09-14 5.0 CVE-2017-12989
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. 2017-09-14 5.0 CVE-2017-12990
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). 2017-09-14 5.0 CVE-2017-12995
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpdump -- tcpdump The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). 2017-09-14 5.0 CVE-2017-12997
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
tcpreplay -- tcpreplay tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file. 2017-09-12 6.8 CVE-2017-14266
EXPLOIT-DB(link is external)
typo3 -- typo3 Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. 2017-09-11 6.5 CVE-2017-14251
BID(link is external)
SECTRACK(link is external)
CONFIRM
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d." 2017-09-11 4.6 CVE-2017-14275
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe." 2017-09-11 4.6 CVE-2017-14276
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005956." 2017-09-11 4.6 CVE-2017-14277
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005940." 2017-09-11 4.6 CVE-2017-14278
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005643." 2017-09-11 4.6 CVE-2017-14279
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d." 2017-09-11 4.6 CVE-2017-14280
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1." 2017-09-11 4.6 CVE-2017-14281
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005862." 2017-09-11 4.6 CVE-2017-14282
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000008fe4." 2017-09-11 4.6 CVE-2017-14283
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c." 2017-09-11 4.6 CVE-2017-14284
MISC(link is external)
xnview -- xnview XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b." 2017-09-11 4.6 CVE-2017-14285
MISC(link is external)
Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
fortinet -- fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView. 2017-09-11 3.5 CVE-2017-3131
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
fortinet -- fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions. 2017-09-11 3.5 CVE-2017-7734
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
fortinet -- fortios A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups. 2017-09-11 3.5 CVE-2017-7735
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
google -- android A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. 2017-09-08 3.3 CVE-2017-0792
BID(link is external)
CONFIRM(link is external)
wolfcms -- wolf_cms Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI). 2017-09-08 3.5 CVE-2017-11611
MISC(link is external)
Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
alegrocart -- alegrocart
 
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. 2017-09-11 not yet calculated CVE-2015-9227
MISC(link is external)
FULLDISC
MISC(link is external)
EXPLOIT-DB(link is external)
alegrocart -- alegrocart
 
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. 2017-09-11 not yet calculated CVE-2015-9226
MISC(link is external)
FULLDISC
MISC(link is external)
EXPLOIT-DB(link is external)
ansible -- vault
 
An exploitable vulnerability exists in the yaml loading functionality of Ansible Vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. 2017-09-14 not yet calculated CVE-2017-2809
BID(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
MISC(link is external)
anydesk -- anydesk
 
AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. 2017-09-12 not yet calculated CVE-2017-14397
CONFIRM(link is external)
apache -- brooklyn
 
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarshalling to any Java type available on the classpath. This could provide an authenticated user with a means to cause the JVM running Brooklyn to load and run Java code without detection by Brooklyn. Such code would have the privileges of the Java process running Brooklyn, including the ability to open files and network connections, and execute system commands. There is known to be a proof-of-concept exploit using this vulnerability. 2017-09-13 not yet calculated CVE-2016-8744
CONFIRM
MLIST
apache -- brooklyn
 
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is known to be a proof-of-concept exploit using this vulnerability. 2017-09-13 not yet calculated CVE-2016-8737
BID(link is external)
CONFIRM
MLIST
apache -- brooklyn
 
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability. 2017-09-13 not yet calculated CVE-2017-3165
BID(link is external)
CONFIRM
MLIST
apache -- spark
 
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later. 2017-09-13 not yet calculated CVE-2017-12612
BID(link is external)
MISC
apache -- struts
 
The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. 2017-09-15 not yet calculated CVE-2017-9805
BID(link is external)
SECTRACK(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM
CONFIRM
EXPLOIT-DB(link is external)
apache -- traffic_server
 
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. 2017-09-13 not yet calculated CVE-2015-5206
MLIST
apache -- traffic_server
 
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. 2017-09-13 not yet calculated CVE-2015-5168
MLIST
apache -- wicket Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. 2017-09-15 not yet calculated CVE-2014-7808
MLIST
MISC(link is external)
apple -- ios In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings. 2017-09-12 not yet calculated CVE-2017-14315
BID(link is external)
MISC(link is external)
axesstel -- mu553s_modem _router _firmware
 
On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. 2017-09-13 not yet calculated CVE-2017-13724
MISC(link is external)
axesstel -- mu553s_modem _router _firmware
 
Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account. 2017-09-13 not yet calculated CVE-2017-11351
MISC(link is external)
axesstel -- mu553s_modem _router _firmware
 
Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. 2017-09-13 not yet calculated CVE-2017-11350
MISC(link is external)
beijing_hanbang – hanbanggaoke_devices
 
On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. 2017-09-12 not yet calculated CVE-2017-14335
MISC(link is external)
bento4 -- bento4
 
In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14258
CONFIRM(link is external)
bento4 -- bento4
 
In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14260
CONFIRM(link is external)
bento4 -- bento4
 
In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14259
CONFIRM(link is external)
bento4 -- bento4
 
In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14261
CONFIRM(link is external)
bento4 -- bento4
 
In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. 2017-09-11 not yet calculated CVE-2017-14257
CONFIRM(link is external)

blackcat-cms -- blackcat_cms


 
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. 2017-09-12 not yet calculated CVE-2017-14399
MISC(link is external)
blackwave -- dive_assistant
 
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file. 2017-09-12 not yet calculated CVE-2017-8918
MISC(link is external)
blue_coat -- malware_analysis_appliance_and_malware_analyzer_g2
 
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. 2017-09-11 not yet calculated CVE-2015-4523
CONFIRM(link is external)
bluez -- bluez
 
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests. 2017-09-12 not yet calculated CVE-2017-1000250
BID(link is external)
CONFIRM(link is external)
MISC(link is external)
celery_flower -- celery_flower
 
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. 2017-09-15 not yet calculated CVE-2017-14483
CONFIRM
cisco -- meeting_server
 
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server of the affected system. This vulnerability affects Cisco Meeting Server (CMS) deployments that are running a CMS Software release prior to Release 2.0.16, 2.1.11, or 2.2.6. Cisco Bug IDs: CSCvf51127. 2017-09-13 not yet calculated CVE-2017-12249
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
corega -- cg-wlr300nm
 
CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-09-15 not yet calculated CVE-2017-10813
MISC(link is external)
JVN(link is external)
corega -- cg-wlr300nm
 
Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. 2017-09-15 not yet calculated CVE-2017-10814
MISC(link is external)
JVN(link is external)
cyrus -- cyrus_imap
 
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. 2017-09-10 not yet calculated CVE-2017-14230
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM

d-link -- d-link

D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions. 2017-09-13 not yet calculated CVE-2017-14427
MISC(link is external)

d-link -- d-link


 
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. 2017-09-13 not yet calculated CVE-2017-14419
MISC(link is external)

d-link -- d-link


 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions. 2017-09-13 not yet calculated CVE-2017-14426
MISC(link is external)
d-link -- d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. 2017-09-13 not yet calculated CVE-2017-14415
MISC(link is external)
d-link -- d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. 2017-09-13 not yet calculated CVE-2017-14413
MISC(link is external)
d-link -- d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions. 2017-09-13 not yet calculated CVE-2017-14424
MISC(link is external)
d-link -- d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. 2017-09-13 not yet calculated CVE-2017-14416
MISC(link is external)

d-link -- d-link


 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic. 2017-09-13 not yet calculated CVE-2017-14430
MISC(link is external)
d-link -- d-link
 
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session. 2017-09-13 not yet calculated CVE-2017-14421
MISC(link is external)
d-link -- d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions. 2017-09-13 not yet calculated CVE-2017-14428
MISC(link is external)

d-link -- d-link


 
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests. 2017-09-13 not yet calculated CVE-2017-14423
MISC(link is external)

d-link -- d-link


 
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services. 2017-09-13 not yet calculated CVE-2017-14418
MISC(link is external)

d-link -- d-link


 
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2017-09-13 not yet calculated CVE-2017-14420
MISC(link is external)
d-link -- d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions. 2017-09-13 not yet calculated CVE-2017-14425
MISC(link is external)
d-link -- d-link
 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation. 2017-09-13 not yet calculated CVE-2017-14422
MISC(link is external)

d-link -- d-link


 
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. 2017-09-13 not yet calculated CVE-2017-14414
MISC(link is external)

d-link -- d-link


 
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services. 2017-09-13 not yet calculated CVE-2017-14417
MISC(link is external)

d-link -- d-link


 
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh. 2017-09-13 not yet calculated CVE-2017-14429
MISC(link is external)
dolibarr -- erp_crm
 
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. 2017-09-11 not yet calculated CVE-2017-14238
CONFIRM(link is external)
dolibarr -- erp_crm
 
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. 2017-09-11 not yet calculated CVE-2017-14241
CONFIRM(link is external)
dolibarr -- erp_crm
 
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. 2017-09-11 not yet calculated CVE-2017-14242
CONFIRM(link is external)

dolibarr -- erp_crm


 
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. 2017-09-11 not yet calculated CVE-2017-14240
CONFIRM(link is external)
dolibarr -- erp_crm
 
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. 2017-09-11 not yet calculated CVE-2017-14239
CONFIRM(link is external)
drupal -- drupal
 
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. 2017-09-13 not yet calculated CVE-2015-2749
CONFIRM
DEBIAN
MLIST(link is external)
BID(link is external)
CONFIRM(link is external)
CONFIRM
drupal -- drupal
 
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. 2017-09-11 not yet calculated CVE-2015-7877
CONFIRM
MISC
drupal -- drupal
 
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. 2017-09-13 not yet calculated CVE-2015-2750
CONFIRM
CONFIRM
DEBIAN
MLIST(link is external)
BID(link is external)
CONFIRM
drupal -- drupal
 
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames. 2017-09-13 not yet calculated CVE-2015-7880
MLIST(link is external)
BID(link is external)
MISC
CONFIRM
drupal -- drupal
 
Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. 2017-09-11 not yet calculated CVE-2015-7879
MLIST(link is external)
BID(link is external)
CONFIRM
MISC
eclipse -- kura
 
The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address. 2017-09-11 not yet calculated CVE-2017-7649
CONFIRM
CONFIRM(link is external)
ellucian -- banner_student
 
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset." 2017-09-11 not yet calculated CVE-2015-4689
MISC(link is external)
BUGTRAQ(link is external)
ellucian -- banner_student
 
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. 2017-09-11 not yet calculated CVE-2015-5054
MISC(link is external)
BUGTRAQ(link is external)
ellucian -- banner_student
 
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. 2017-09-11 not yet calculated CVE-2015-4688
MISC(link is external)
BUGTRAQ(link is external)
elux_rp -- elux_rp
 
In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to change application definitions. 2017-09-13 not yet calculated CVE-2017-14124
CONFIRM(link is external)

emc -- appsync


 
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. 2017-09-12 not yet calculated CVE-2017-8015
CONFIRM
BID(link is external)
eyesofnetwork -- eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. 2017-09-12 not yet calculated CVE-2017-14403
MISC(link is external)
eyesofnetwork -- eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring. 2017-09-12 not yet calculated CVE-2017-14404
MISC(link is external)
eyesofnetwork -- eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. 2017-09-12 not yet calculated CVE-2017-14405
MISC(link is external)
eyesofnetwork -- eyesofnetwork
 
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. 2017-09-11 not yet calculated CVE-2017-14252
MISC(link is external)
eyesofnetwork -- eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php. 2017-09-12 not yet calculated CVE-2017-14402
MISC(link is external)
eyesofnetwork -- eyesofnetwork
 
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. 2017-09-12 not yet calculated CVE-2017-14401
MISC(link is external)
eyesofnetwork -- eyesofnetwork
 
SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. 2017-09-11 not yet calculated CVE-2017-14247
MISC(link is external)
ffmpeg -- ffmpeg
 
In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-09-08 not yet calculated CVE-2017-14223
BID(link is external)
CONFIRM(link is external)
ffmpeg -- ffmpeg
 
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. 2017-09-08 not yet calculated CVE-2017-14222
BID(link is external)
CONFIRM(link is external)
file() -- file()
 
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). 2017-09-11 not yet calculated CVE-2017-1000249
CONFIRM(link is external)
CONFIRM(link is external)
fujitsu -- fence-explorer
 
Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-15 not yet calculated CVE-2017-10855
MISC(link is external)
JVN(link is external)
genixcms -- genixcms
 
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php. 2017-09-10 not yet calculated CVE-2017-14231
CONFIRM(link is external)
CONFIRM(link is external)
gentoo -- gentoo_security
 
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed. 2017-09-15 not yet calculated CVE-2017-14484
CONFIRM
gnu -- binutils
 
The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. 2017-09-12 not yet calculated CVE-2017-14333
CONFIRM
gnu -- emacs
 
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). 2017-09-14 not yet calculated CVE-2017-14482
CONFIRM(link is external)
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- android
 
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. 2017-09-14 not yet calculated CVE-2017-0785
BID(link is external)
CONFIRM(link is external)
google -- android
 
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701. 2017-09-14 not yet calculated CVE-2017-0783
BID(link is external)
CONFIRM(link is external)
google -- android
 
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237. 2017-09-14 not yet calculated CVE-2017-0782
BID(link is external)
CONFIRM(link is external)
google -- android
 
Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. 2017-09-15 not yet calculated CVE-2015-1527
BID(link is external)
CONFIRM(link is external)
MISC(link is external)
google -- android
 
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. 2017-09-14 not yet calculated CVE-2017-0781
BID(link is external)
CONFIRM(link is external)

honeywell -- network_video_recorder


 
Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. 2017-09-11 not yet calculated CVE-2017-14263
MISC(link is external)
i-filter -- install_program_and_installer
 
Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-15 not yet calculated CVE-2017-10858
MISC(link is external)
JVN(link is external)
i-filter -- install_program_and_installer
 
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2017-09-15 not yet calculated CVE-2017-10859
MISC(link is external)
JVN(link is external)
i-filter -- install_program_and_installer
 
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. 2017-09-15 not yet calculated CVE-2017-10860
MISC(link is external)
JVN(link is external)
ibm -- api_connect
 
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 131546. 2017-09-13 not yet calculated CVE-2017-1556
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- business_process_manager_and_websphere_lombardi_edition
 
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. 2017-09-15 not yet calculated CVE-2015-0110
BID(link is external)
CONFIRM(link is external)
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. 2017-09-12 not yet calculated CVE-2017-1439
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- db2
 
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057. 2017-09-12 not yet calculated CVE-2017-1438
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)

ibm -- db2


 
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. 2017-09-12 not yet calculated CVE-2017-1434
CONFIRM(link is external)
BID(link is external)
SECTRACK(link is external)
MISC(link is external)
ibm -- informix_dynamic_server
 
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620. 2017-09-13 not yet calculated CVE-2017-1508
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538. 2017-09-12 not yet calculated CVE-2017-1352
CONFIRM(link is external)
BID(link is external)
MISC(link is external)

imagemagick -- imagemagick


 
In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file. 2017-09-12 not yet calculated CVE-2017-14400
CONFIRM(link is external)

imagemagick -- imagemagick


 
A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. 2017-09-08 not yet calculated CVE-2017-14224
BID(link is external)
CONFIRM(link is external)
india_goods_and_services_tax_network -- offline_utility_tool
 
GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution. 2017-09-14 not yet calculated CVE-2017-13779
MISC(link is external)
internet_initiative_japan -- seil
 
SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially crafted packet. 2017-09-15 not yet calculated CVE-2017-10856
MISC(link is external)
JVN(link is external)
jazz -- reporting_service
 
An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. 2017-09-14 not yet calculated CVE-2017-1490
CONFIRM(link is external)
BID(link is external)
MISC(link is external)
jenkins -- jenkins
 
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. 2017-09-12 not yet calculated CVE-2014-9634
MLIST(link is external)
BID(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM
CONFIRM(link is external)
jenkins -- jenkins
 
Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. 2017-09-12 not yet calculated CVE-2014-9635
MLIST(link is external)
BID(link is external)
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
MISC
CONFIRM(link is external)

joomla -- joomla!


 
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php. 2017-09-14 not yet calculated CVE-2013-7429
FULLDISC
CONFIRM(link is external)
MLIST(link is external)
MLIST(link is external)
jungo -- windriver
 
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. 2017-09-11 not yet calculated CVE-2017-14075
MISC(link is external)
EXPLOIT-DB(link is external)
jungo -- windriver
 
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. 2017-09-12 not yet calculated CVE-2017-14344
MISC(link is external)
EXPLOIT-DB(link is external)
jungo -- windriver
 
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824b7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. 2017-09-11 not yet calculated CVE-2017-14153
MISC(link is external)
EXPLOIT-DB(link is external)
kind_editor -- kind_editor
 
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files. 2017-09-14 not yet calculated CVE-2017-1002024
MISC
MISC(link is external)
MISC(link is external)
kubernetes -- azure_cloud_provider
 
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal. 2017-09-14 not yet calculated CVE-2017-1002100
MISC(link is external)
MISC(link is external)
libofx -- libofx
 
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. 2017-09-13 not yet calculated CVE-2017-2816
BID(link is external)
MISC(link is external)
libraw -- libraw
 
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. 2017-09-12 not yet calculated CVE-2017-14348
CONFIRM(link is external)
libraw -- libraw
 
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. 2017-09-11 not yet calculated CVE-2017-14265
CONFIRM(link is external)
linux -- linux_kernel
 
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory. 2017-09-15 not yet calculated CVE-2017-14340
CONFIRM
CONFIRM
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
linux -- linux_kernel
 
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. 2017-09-12 not yet calculated CVE-2017-1000251
BID(link is external)
CONFIRM(link is external)
MISC(link is external)
linux -- linux_kernel
 
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. 2017-09-15 not yet calculated CVE-2017-14489
CONFIRM(link is external)
CONFIRM

linux -- linux_kernel


 
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. 2017-09-15 not yet calculated CVE-2017-14497
CONFIRM
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
magneto2 -- magneto2
 
The Fastly CDN module before 1.2.26 for Magneto2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses. 2017-09-14 not yet calculated CVE-2017-13761
CONFIRM(link is external)
mantisbt -- mantisbt
 
CAPTCHA bypass vulnerability in MantisBT before 1.2.19. 2017-09-12 not yet calculated CVE-2014-9624
MLIST(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
XF(link is external)
CONFIRM
CONFIRM
microsoft -- .net_framework
 
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." 2017-09-12 not yet calculated CVE-2017-8759
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
EXPLOIT-DB(link is external)
microsoft -- bluetooth_driver
 
Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability". 2017-09-12 not yet calculated CVE-2017-8628
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8738
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8756
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756. 2017-09-12 not yet calculated CVE-2017-11764
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766. 2017-09-12 not yet calculated CVE-2017-8734
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability". 2017-09-12 not yet calculated CVE-2017-8757
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724. 2017-09-12 not yet calculated CVE-2017-8735
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8752
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754. 2017-09-12 not yet calculated CVE-2017-8723
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8649
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643. 2017-09-12 not yet calculated CVE-2017-8648
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". 2017-09-12 not yet calculated CVE-2017-8739
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735. 2017-09-12 not yet calculated CVE-2017-8724
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8740
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766. 2017-09-12 not yet calculated CVE-2017-8731
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8753
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723. 2017-09-12 not yet calculated CVE-2017-8754
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648. 2017-09-12 not yet calculated CVE-2017-8643
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8660
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8755
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751. 2017-09-12 not yet calculated CVE-2017-11766
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648. 2017-09-12 not yet calculated CVE-2017-8597
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- edge


 
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8729
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- excel_for_mac_2011
 
A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution". 2017-09-12 not yet calculated CVE-2017-8567
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- excel
 
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744. 2017-09-12 not yet calculated CVE-2017-8631
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- excel
 
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731. 2017-09-12 not yet calculated CVE-2017-8744
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- exchange_server
 
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability" 2017-09-12 not yet calculated CVE-2017-11761
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- exchange_server
 
Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability." 2017-09-12 not yet calculated CVE-2017-8758
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8748
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. 2017-09-12 not yet calculated CVE-2017-8741
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8749. 2017-09-12 not yet calculated CVE-2017-8747
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability". 2017-09-12 not yet calculated CVE-2017-8733
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". 2017-09-12 not yet calculated CVE-2017-8750
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability". 2017-09-12 not yet calculated CVE-2017-8736
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- internet_explorer
 
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8747. 2017-09-12 not yet calculated CVE-2017-8749
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- office_2016
 
Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744. 2017-09-12 not yet calculated CVE-2017-8630
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- powerpoint_and_sharepoint_and_office_online_server
 
A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742. 2017-09-12 not yet calculated CVE-2017-8743
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- publisher
 
A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution". 2017-09-12 not yet calculated CVE-2017-8725
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- sharepoint_server_2013


 
Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability". 2017-09-12 not yet calculated CVE-2017-8629
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- sharepoint
 
An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability". 2017-09-12 not yet calculated CVE-2017-8745
BID(link is external)
CONFIRM(link is external)
microsoft -- windows The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability". 2017-09-12 not yet calculated CVE-2017-8686
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Remote Desktop Virtual Host Remote Code Execution Vulnerability". 2017-09-12 not yet calculated CVE-2017-8714
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka "Windows Security Feature Bypass Vulnerability". 2017-09-12 not yet calculated CVE-2017-8716
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution." 2017-09-12 not yet calculated CVE-2017-8696
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719. 2017-09-12 not yet calculated CVE-2017-8709
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. 2017-09-12 not yet calculated CVE-2017-8678
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. 2017-09-12 not yet calculated CVE-2017-8677
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744. 2017-09-12 not yet calculated CVE-2017-8632
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- windows


 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719. 2017-09-12 not yet calculated CVE-2017-8708
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".. This CVE ID is unique from CVE-2017-8720. 2017-09-12 not yet calculated CVE-2017-8675
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713. 2017-09-12 not yet calculated CVE-2017-8711
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability." 2017-09-12 not yet calculated CVE-2017-8676
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688. 2017-09-12 not yet calculated CVE-2017-8684
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability". 2017-09-12 not yet calculated CVE-2017-0161
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719. 2017-09-12 not yet calculated CVE-2017-8679
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- windows


 
The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability". 2017-09-12 not yet calculated CVE-2017-8704
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679. 2017-09-12 not yet calculated CVE-2017-8719
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688. 2017-09-12 not yet calculated CVE-2017-8685
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682. 2017-09-12 not yet calculated CVE-2017-8683
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687. 2017-09-12 not yet calculated CVE-2017-8680
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- windows


 
The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. 2017-09-12 not yet calculated CVE-2017-8707
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8728. 2017-09-12 not yet calculated CVE-2017-8737
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability." 2017-09-12 not yet calculated CVE-2017-8695
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- windows


 
Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability". 2017-09-12 not yet calculated CVE-2017-8702
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681. 2017-09-12 not yet calculated CVE-2017-8687
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8737. 2017-09-12 not yet calculated CVE-2017-8728
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- windows


 
Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka "Windows Shell Remote Code Execution Vulnerability". 2017-09-12 not yet calculated CVE-2017-8699
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685. 2017-09-12 not yet calculated CVE-2017-8688
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683. 2017-09-12 not yet calculated CVE-2017-8682
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743. 2017-09-12 not yet calculated CVE-2017-8742
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability". 2017-09-12 not yet calculated CVE-2017-8710
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

microsoft -- windows


 
The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. 2017-09-12 not yet calculated CVE-2017-8706
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713. 2017-09-12 not yet calculated CVE-2017-8712
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability". 2017-09-12 not yet calculated CVE-2017-8746
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687. 2017-09-12 not yet calculated CVE-2017-8681
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675. 2017-09-12 not yet calculated CVE-2017-8720
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706. 2017-09-12 not yet calculated CVE-2017-8713
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
microsoft -- windows
 
The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka "Uniscribe Remote Code Execution Vulnerability". 2017-09-12 not yet calculated CVE-2017-8692
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
misp -- misp
 
When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. 2017-09-12 not yet calculated CVE-2017-14337
CONFIRM(link is external)
CONFIRM(link is external)

mit -- kerberos


 
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. 2017-09-13 not yet calculated CVE-2017-11462
CONFIRM(link is external)
CONFIRM(link is external)
CONFIRM(link is external)
FEDORA
mongodb -- libson
 
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. 2017-09-09 not yet calculated CVE-2017-14227
BID(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
mosquitto -- mosquitto
 
In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '#' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. 2017-09-11 not yet calculated CVE-2017-7650
CONFIRM
BID(link is external)
CONFIRM
mp3gain -- mp3gain
 
A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. 2017-09-12 not yet calculated CVE-2017-14407
MISC
mp3gain -- mp3gain
 
A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. 2017-09-12 not yet calculated CVE-2017-14411
MISC
mp3gain -- mp3gain
 
A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. 2017-09-12 not yet calculated CVE-2017-14410
MISC
mp3gain -- mp3gain
 
An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact. 2017-09-12 not yet calculated CVE-2017-14412
MISC
mp3gain -- mp3gain
 
A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service. 2017-09-12 not yet calculated CVE-2017-14406
MISC
mp3gain -- mp3gain
 
A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. 2017-09-12 not yet calculated CVE-2017-14409
MISC
mp3gain -- mp3gain
 
A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. 2017-09-12 not yet calculated CVE-2017-14408
MISC
nagios_core -- nagios_core
 
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account. 2017-09-11 not yet calculated CVE-2017-14312
MISC(link is external)

ntt_docomo -- wi-fi_station_l-02f


 
Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account. 2017-09-15 not yet calculated CVE-2017-10845
JVN(link is external)
MISC(link is external)
ntt_docomo -- wi-fi_station_l-02f
 
Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. 2017-09-15 not yet calculated CVE-2017-10846
JVN(link is external)
MISC(link is external)
osticket -- osticket
 
In osTicket 1.10, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. 2017-09-12 not yet calculated CVE-2017-14396
MISC(link is external)
pagure -- pagure
 
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization 2017-09-14 not yet calculated CVE-2017-1002151
MISC(link is external)
MISC(link is external)
puppetlabs -- apache_module
 
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. 2017-09-15 not yet calculated CVE-2017-2299
CONFIRM(link is external)
python-fedora -- python-fedora
 
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection 2017-09-14 not yet calculated CVE-2017-1002150
MISC(link is external)
MISC(link is external)
qnap -- qts_media_library
 
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack. 2017-09-14 not yet calculated CVE-2017-13067
CONFIRM(link is external)
razer_synapse -- razer_synapse
 
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection. 2017-09-13 not yet calculated CVE-2017-14398
MISC(link is external)

redhat -- enterprise_mrg


 
Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets. 2017-09-14 not yet calculated CVE-2015-7553
CONFIRM(link is external)

redhat -- jboss_eap


 
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. 2017-09-13 not yet calculated CVE-2017-7561
BID(link is external)
MISC

rhnsd -- rhnsd

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. 2017-09-13 not yet calculated CVE-2017-7560
CONFIRM(link is external)
ruby -- ruby
 
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a leakage of its heap by the malicious specification of the format of sprintf method. If a script allows to accept any format from the outside, there is a risk to be spied the contents of the heap. 2017-09-15 not yet calculated CVE-2017-0898
SECTRACK(link is external)
MISC(link is external)
MISC(link is external)
MISC
samsung -- network_video_recorder
 
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. 2017-09-11 not yet calculated CVE-2017-14262
MISC(link is external)
silverstripe -- silverstripe
 
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017. 2017-09-15 not yet calculated CVE-2017-14498
MISC(link is external)
MISC
MISC(link is external)
MISC(link is external)

sophos -- surfright_hitmanpro

In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie. 2017-09-13 not yet calculated CVE-2017-7441
MISC(link is external)
MISC(link is external)

sophos -- surfright_hitmanpro


 
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the OS via a malformed IOCTL call. 2017-09-13 not yet calculated CVE-2017-6007
MISC(link is external)
MISC(link is external)

sophos -- surfright_hitmanpro


 
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call. 2017-09-13 not yet calculated CVE-2017-6008
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
sourcebans -- sourcebans
 
Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. 2017-09-11 not yet calculated CVE-2015-8349
BUGTRAQ(link is external)
MISC(link is external)
stdu -- stdu_viewer
 
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869." 2017-09-11 not yet calculated CVE-2017-14310
MISC(link is external)
stdu -- stdu_viewer
 
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9." 2017-09-11 not yet calculated CVE-2017-14295
MISC(link is external)
symantec -- encryption_desktop
 
Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests." 2017-09-13 not yet calculated CVE-2017-6330
BID(link is external)
CONFIRM(link is external)
terramaster -- tos
 
Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. 2017-09-15 not yet calculated CVE-2017-9328
MISC(link is external)
tianchoy/blog -- tianchoy/blog
 
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. 2017-09-12 not yet calculated CVE-2017-14346
MISC(link is external)
tianchoy/blog -- tianchoy/blog
 
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. 2017-09-12 not yet calculated CVE-2017-14345
MISC(link is external)
vbulletin -- vbulletin
 
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. 2017-09-15 not yet calculated CVE-2014-9463
CONFIRM(link is external)
EXPLOIT-DB(link is external)
vmware -- esxi_and_workstation_and_fusion
 
VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. 2017-09-15 not yet calculated CVE-2017-4925
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)

vmware -- esxi_and_workstation_and_fusion


 
VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. 2017-09-15 not yet calculated CVE-2017-4924
BID(link is external)
SECTRACK(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
vmware -- vcenter_server
 
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. 2017-09-15 not yet calculated CVE-2017-4926
BID(link is external)
SECTRACK(link is external)
CONFIRM(link is external)
wordpress -- wordpress Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. 2017-09-14 not yet calculated CVE-2017-1002028
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. 2017-09-11 not yet calculated CVE-2015-8354
MISC(link is external)
BUGTRAQ(link is external)
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. 2017-09-14 not yet calculated CVE-2017-1002020
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled. 2017-09-11 not yet calculated CVE-2015-8351
MISC(link is external)
BUGTRAQ(link is external)
CONFIRM
EXPLOIT-DB(link is external)
MISC(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. 2017-09-14 not yet calculated CVE-2017-1002019
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. 2017-09-14 not yet calculated CVE-2017-1002021
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content. 2017-09-14 not yet calculated CVE-2017-1002000
BID(link is external)
BID(link is external)
MISC(link is external)
MISC
EXPLOIT-DB(link is external)
wordpress -- wordpress
 
The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg(). 2017-09-11 not yet calculated CVE-2017-14313
CONFIRM
CONFIRM(link is external)
MISC(link is external)
wordpress -- wordpress
 
Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/. 2017-09-11 not yet calculated CVE-2015-8350
MISC(link is external)
BUGTRAQ(link is external)
CONFIRM
MISC(link is external)
wordpress -- wordpress
 
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php. 2017-09-11 not yet calculated CVE-2015-8353
MISC(link is external)
BUGTRAQ(link is external)
CONFIRM
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. 2017-09-14 not yet calculated CVE-2017-1002017
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. 2017-09-14 not yet calculated CVE-2017-1002022
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. 2017-09-14 not yet calculated CVE-2017-1002018
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. 2017-09-14 not yet calculated CVE-2017-1002015
MISC(link is external)
MISC
wordpress -- wordpress
 
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. 2017-09-12 not yet calculated CVE-2015-9228
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. 2017-09-14 not yet calculated CVE-2017-1002027
MISC(link is external)
MISC
MISC(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. 2017-09-14 not yet calculated CVE-2017-1002016
MISC(link is external)
MISC
wordpress -- wordpress
 
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. 2017-09-12 not yet calculated CVE-2015-9229
MISC(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement. 2017-09-14 not yet calculated CVE-2017-1002012
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. 2017-09-14 not yet calculated CVE-2017-1002013
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. 2017-09-14 not yet calculated CVE-2017-1002006
BID(link is external)
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php 2017-09-14 not yet calculated CVE-2017-1002023
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. 2017-09-14 not yet calculated CVE-2017-1002014
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. 2017-09-14 not yet calculated CVE-2017-1002001
MISC(link is external)
MISC
EXPLOIT-DB(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. 2017-09-14 not yet calculated CVE-2017-1002003
BID(link is external)
MISC(link is external)
MISC
EXPLOIT-DB(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ 2017-09-14 not yet calculated CVE-2017-1002002
BID(link is external)
MISC(link is external)
MISC
EXPLOIT-DB(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. 2017-09-14 not yet calculated CVE-2017-1002004
BID(link is external)
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. 2017-09-14 not yet calculated CVE-2017-1002005
BID(link is external)
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. 2017-09-14 not yet calculated CVE-2017-1002025
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. 2017-09-14 not yet calculated CVE-2017-1002026
MISC(link is external)
MISC
wordpress -- wordpress
 
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. 2017-09-14 not yet calculated CVE-2017-1002011
MISC(link is external)
MISC
wordpress -- wordpress
 
In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter. 2017-09-12 not yet calculated CVE-2015-9230
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. 2017-09-14 not yet calculated CVE-2017-1002010
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function. 2017-09-14 not yet calculated CVE-2017-1002009
MISC(link is external)
MISC(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges. 2017-09-14 not yet calculated CVE-2017-1002008
MISC(link is external)
MISC
MISC(link is external)
EXPLOIT-DB(link is external)
wordpress -- wordpress
 
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. 2017-09-14 not yet calculated CVE-2017-1002007
BID(link is external)
MISC(link is external)
MISC
xen -- xen
 
A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.). 2017-09-12 not yet calculated CVE-2017-14317
BID(link is external)
SECTRACK(link is external)
CONFIRM
xen -- xen
 
A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, neither the presence of the mapping nor page writability were taken into account. 2017-09-12 not yet calculated CVE-2017-14319
BID(link is external)
SECTRACK(link is external)
CONFIRM
xen -- xen
 
An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table is checked to see if a grant mapping to the calling domain exists for the page in question. However, the function does not check to see if the owning domain actually has a grant table or not. Some special domains, such as `DOMID_XEN`, `DOMID_IO` and `DOMID_COW` are created without grant tables. Hence, if __gnttab_cache_flush operates on a page owned by these special domains, it will attempt to dereference a NULL pointer in the domain struct. 2017-09-12 not yet calculated CVE-2017-14318
BID(link is external)
SECTRACK(link is external)
CONFIRM
xen -- xen
 
A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While the function checks to see if the special constant `NUMA_NO_NODE` is specified, it otherwise does not handle the case where `node >= MAX_NUMNODES`. This allows an out-of-bounds access to an internal array. 2017-09-12 not yet calculated CVE-2017-14316
BID(link is external)
SECTRACK(link is external)
CONFIRM
xen -- xen
 
Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207. 2017-09-13 not yet calculated CVE-2017-14431
CONFIRM
xnview -- xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010." 2017-09-11 not yet calculated CVE-2017-14270
MISC(link is external)
xnview -- xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000595d." 2017-09-11 not yet calculated CVE-2017-14272
MISC(link is external)
xnview -- xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e." 2017-09-11 not yet calculated CVE-2017-14271
MISC(link is external)
xnview -- xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706." 2017-09-11 not yet calculated CVE-2017-14274
MISC(link is external)
xnview -- xnview
 
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0." 2017-09-11 not yet calculated CVE-2017-14273
MISC

**출처: [US-CERT: Bulletin(SB17-261)] 2017년 9월 11일까지 발표된 보안 취약점